1SAFEKEEP.CONF(5)         SafeKeep Server Configuration        SAFEKEEP.CONF(5)
2
3
4

NAME

6       safekeep.conf - Configuration file for 'safekeep(1)'
7

SYNOPSIS

9       This file resides in /etc/safekeep/, or optionally in ~/.safekeep/ for
10       non-root users, from where it will be automatically picked up by
11       safekeep(1).
12

DESCRIPTION

14       This configuration file holds safekeep global settings. The format of
15       the file is a simple key-value pair similar to Java properties files:
16       lines starting with # are ignored as comments, keys are separated from
17       values by =, and leading and trailing spaces are ignored.
18

PARAMETERS

20       backup.user
21           The Unix user under which the server will run. If not specified,
22           safekeep will just run under the current user.
23
24       backup.tempdir
25           Specifes a TEMPDIR for use with ‘rdiff-backup’. This can be
26           overridden by a commandline argument to ‘safekeep’.
27
28       base.dir
29           The base directory for date repository relative paths. If not
30           specified, it defaults to the home directory of the backup user.
31
32       client.user
33           The default Unix user which will be used on the client. This can be
34           overridden on a host by host basis in the .backup file. If not
35           specified, it defaults to root.
36
37       email.format
38           If specified generate multipart MIME email messages. If not
39           specified then a non-MIME message is created. The format options
40           are text or html to generate parts of that type. NB: The log of
41           safekeep is always sent as text.
42
43       email.from
44           The email address to be used as sender when sending the logs. If
45           not specified safekeep will use SafeKeep@<hostname fqdn>.
46
47       email.to
48           In addition to writing the session logs on the standard output,
49           safekeep can also send the logs via email to a number of
50           recipients. This comma-separated list of emails designates the
51           recipients of the logs. If not specified, safekeep will not attempt
52           to email the logs.
53
54       email.smtp.port
55           Specifies the port to use to connect to the SMTP server. If not
56           specified, safekeep will use the system default value, normally
57           port 25/tcp.
58
59       email.smtp.server
60           Specifies the SMTP server used for sending mails if the email.to
61           specifies any recipients. If not specified, safekeep will just use
62           /usr/sbin/sendmail to deliver the mail.
63
64       email.summary
65           Generate a summary part at the start of the email. Possible options
66           are true, yes or 1. Anything elses as taken as false. NB: This
67           requires email.format set and currently only used for server and
68           list run types.
69
70       nice.adjustment
71           The default nice level adjustment for safekeep. It specifies an
72           integer to be added to the current nice level. Nicenesses range
73           from -20 (most favorable scheduling) to 19 (least favorable). To
74           disable nice, set this value to 0. If no nice level is specified,
75           safekeep is niced at +10.
76
77       nice.adjustment.server
78           The nice level adjustment for safekeep, used on the server side. It
79           overrides the generic setting in nice.adjustment.
80
81       nice.adjustment.client
82           The default nice adjustment for the client. This settings is
83           normally not all that important, as most of the load is on the
84           server side. You can also set the remove nice level on a per-client
85           basis in the .backup file (see /backup/host/@nice). NB: if you
86           change this value, you will have to re-deploy the auth keys.
87
88       ionice.adjustment
89           The default IO nice level adjustment for safekeep. It can be either
90           none, idle, or an integer between 0-7 (with 0 being higher
91           priority). See ionice(1) for more information. This is currently
92           being used only on the server side, where IO load tends to be a
93           problem. NB: this depends on the availability of ionice(1) on the
94           system where the server is running. If ionice cannot be found, this
95           setting is ignored. If no level is specified, it defaults to idle.
96
97       bandwidth.overall
98           This is the default bandwidth limit for both upload and download
99           for all the clients. It is an integer number of KB/s (see NOTES
100           section for more information). This value is optional.
101
102       bandwidth.download
103           This is the default bandwidth limit for download across all
104           clients. If specified (with a value greater than 0) it will
105           override the value set in bandwidth.overall (refer to it for more
106           informatio). This value is optional.
107
108       bandwidth.upload
109           This is the default bandwidth limit for upload across all clients.
110           If specified (with a value greater than 0) it will override the
111           value set in bandwidth.overall (refer to it for more information).
112           This value is optional.
113
114       snapshot.size
115           This is the default size to be used for any snapshots without a
116           size value specified. It is passed to lvcreate(8) (LVM2), including
117           the specification of a percentage (%). If not otherwise specified,
118           the percentage is based on unallocated space (i.e. LVM2 %FREE),
119           which is different to the interpretation within the <snapshot>
120           option. This value is optional, it defaults to 20%FREE.
121
122       ssh.keygen.type
123           The SSH private key type to generate when safekeep --keys is used.
124           This is passed to ssh-keygen(1) and not all valid types may be
125           accepted on all systems. Only SSH protocol version 2 keys are
126           accepted. This value is optional, it defaults to rsa.
127
128       ssh.keygen.bits
129           Specifies the number of bits in the SSH private key to create. This
130           is passed to ssh-keygen(1) and only certain sizes are accepted,
131           depending of the key type. If no value is required, e.g. for ecdsa
132           key type, give this option with no corresponding bit size. This
133           value is optional, it defaults to 4096.
134
135       ssh.strict_hostkey_checking
136           Specifies if StrictHostKeyChecking should be performed by the ssh
137           client when connecting to the remote host. This value is optional,
138           it defaults to ask. Set to yes if you sign host keys with a CA key
139           or manage host keys by other means (FreeIPA/sssd, Ansible,,,).
140           Setting this to no is a bit unsafe as new hosts are automatically
141           added to known_hosts without any validation.
142

NOTES

144       Safekeep uses trickle to implement bandwidth throttling (see
145       http://monkey.org/~marius/pages/?page=trickle for more information).
146       You will need to install it separately to use this feature (most Linux
147       distributions have it packaged as trickle).
148
149       The bandwidth is calculated as an average over a 256KB window, and it
150       is expressed as an integer number of kilo-bytes per second (e.g. 100,
151       meaning 100KB/s). Bandwidth limits of zero are ignored.
152
153       The bandwidth throtlling can be customized for both download and upload
154       (see bandwidth.download and bandwidth.upload) as well as on a
155       per-client basis (see safekeep.backup(5) for more information).
156

FILES

158           /etc/safekeep/safekeep.conf
159           ~/.safekeep/safekeep.conf
160

SEE ALSO

162       safekeep(1), safekeep.backup(5), rdiff-backup(1), trickle(1),
163       lvcreate(8), ssh-keygen(1)
164

AUTHOR

166       This man page was originally written by Dimi Paun
167       <dimi@lattica.com[1]>.
168

NOTES

170        1. dimi@lattica.com
171           mailto:dimi@lattica.com
172
173
174
175safekeep                          07/23/2021                  SAFEKEEP.CONF(5)
Impressum