X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/786989941b7b4504f0234c4a318f929802e981ad..51ff73dcc02de25f950c69fd38812a3e6b04f1cb:/init/tripe.conf diff --git a/init/tripe.conf b/init/tripe.conf index 8105a2a1..743c17a6 100644 --- a/init/tripe.conf +++ b/init/tripe.conf @@ -1,53 +1,100 @@ -# tripe configuration file -# -# this is sourced as a Bourne shell script by /etc/init.d/tripe - -# The directory you want tripe to work in. This is where it will search for -# keyrings, and where its admin socket and logfile are kept. -# TRIPEDIR=/etc/tripe - -# The name of the private key to use. This is usually `tripe-dh' for -# integer Diffie-Hellman keys (the default) or `tripe-ec' for elliptic -# curve keys. -# keytag=tripe-dh - -# The address you want tripe to bind to. By default, tripe will accept -# packets to any address acceptable to the host, and send packets from the -# most appropriate address for the destination; setting this means it will -# (a) only accept packets destined for the named address, and (b) send -# packets from the named address. The latter is probably more useful. -# addr=MYHOST - -# The UDP port you want tripe to use. I've chosen 22003 which isn't reserved -# in any way. I chose it because it's the first two bytes of the RIPEMD-160 -# hash of the string `TrIPE'. If you don't set a port, tripe gets the kernel -# to choose a port it's not using right now, and you have to dig it out by -# saying `tripectl port'. -# port=22003 - -# The tunnel device you want tripe to use. The default is to use a system- -# specific device, if there's one compiled in, or SLIP if not. -# tunnel=slip - -# The user to run as once tripe has initialized. The user (or group -- see -# `group' below) must be able to open new tunnel interfaces. -# user=tripe - -# The group to run as once tripe has initialized. See caveats for `user' -# above. -# group=tripe - -# Trace options to pass to tripe. The default is no tracing. The setting -# `A-cp' gives maxmimum possible verbosity without leaking important -# secrets. -# trace=A-cp - -# Any other options to pass on to tripectl. -# miscopts= - -# Logfile to write to. The default is `tripe.log' in the working directory. -# logfile=/var/log/tripe - -# Where to put tripectl's pidfile when it starts up. The default is -# tripectl.pid in the working directory. -# pidfile=/var/run/tripectl.pid +### -*-sh-*- +### +### This file is sourced as a Bourne shell script by tripe's startup script. +### There are vaguely sane defaults. + +## The directory you want tripe to work in. This is where it will search for +## keyrings, and where its admin socket and logfile are kept. The default is +## the CONFIGDIR established at `configure' time, via the `--with-configdir' +## option. +## +#TRIPEDIR=/etc/tripe + +## The tag or type of the private key to use. This is usually `tripe'; the +## default is to try both `tripe' or `tripe-dh', in that order. +## +#keytag=tripe + +## The address you want tripe to bind to. By default, tripe will accept +## packets to any address acceptable to the host, and send packets from the +## most appropriate address for the destination; setting this means it will +## (a) only accept packets destined for the named address, and (b) send +## packets from the named address. The latter is probably more useful. +## +#addr=MYHOST + +## The UDP port you want tripe to use. The default is 4070, which is +## officially allocated by the IANA. If you explicitly specify port 0 then +## tripe gets the kernel to choose a port it's not using right now, and you +## have to dig it out by saying `tripectl port'. +## +#port=4070 + +## The tunnel device you want tripe to use. The default is to use a system- +## specific device, if there's one compiled in, or SLIP if not. +## +#tunnel=slip + +## The user to run as once tripe has initialized. TrIPE keeps a separate +## process running as `root' specifically to open new tunnel devices, but +## this doesn't work for SLIP devices; in this case, you must ensure that the +## user (and/or group) you choose has sufficient privileges to request new +## SLIP tunnels -- or acquires sufficient tunnels at startup time. The +## default is not to change user. +## +#user=tripe + +## The group to run as once tripe has initialized. See caveats for `user' +## above. The default is not to change group. +## +#group=tripe + +## The permissions to set on the administration socket. The default is 600, +## which allows only the configured user to connect. Setting 660 allows +## all members of the group to administer the server, which might be useful. +## Setting this to 666 is probably a really bad idea. +#sockmode=600 + +## Trace options to pass to tripe. The default is no tracing. The setting +## `A-cp' gives maxmimum possible verbosity without leaking important +## secrets. +## +#trace=A-cp + +## Any other options to pass on to tripectl. (If you want to pass options on +## to the tripe server itself, you'll need to put -SARG,ARG,... in here.) +## The default is not to pass additional options. +## +#miscopts= + +## Logfile to write to. The default is determined by the `--with-logfile' +## configure option, which defaults to `./tripe.log' (relative to +## $TRIPEDIR). This may be set to `-' to write the log to stdout, or `!' to +## write to stderr. +## +#logfile=/var/log/tripe + +## Whether to write a log to syslog. If this is something other than `nil', +## then logs are written to syslog. If `syslogp' is non-nil and `logfile' +## above is unset then no logs are written to files. +#syslogp=nil + +## Where to put tripectl's pidfile when it starts up. The default is +## determined by the `--with-pidfile' configure option, which defaults to +## `./tripectl.pid' (relative to $TRIPEDIR). +## +#pidfile=/var/run/tripectl.pid + +## How to open SLIP interfaces. The value is a sequece of zero or more +## static allocations, followed optionally by the name of a dynamic +## allocation script, all separated by colons. A static allocation has the +## form `INFD[,OUTFD]=IFNAME', declaring that the interface IFNAME can be +## read from file descriptor INFD and written from file descriptor OUTFD +## (defaults to the same as INFD). The dynamic allocation script name must +## begin with `/' or `.' (interpreted relative to $TRIPEDIR); the script must +## write an interface name to standard output followed by a newline, and +## thereafter speak SLIP over standard input/output; stdin will be closed +## (and the script process sent SIGTERM) when the interface is no longer +## needed. +## +#TRIPE_SLIPIF=