This file resides in /etc/safekeep/, or optionally in ~/.safekeep/ for non-root users, from where it will be automatically picked up by safekeep(1).
This configuration file holds safekeep global settings. The format of the file is a simple key-value pair similar to Java properties files: lines starting with # are ignored as comments, keys are separated from values by =, and leading and trailing spaces are ignored.
The Unix user under which the server will run. If not specified, safekeep will just run under the current user.
Specifes a TEMPDIR for use with ‘rdiff-backup’. This can be overridden by a commandline argument to ‘safekeep’.
The base directory for date repository relative paths. If not specified, it defaults to the home directory of the backup user.
The default Unix user which will be used on the client. This can be overridden on a host by host basis in the .backup file. If not specified, it defaults to root.
If specified generate multipart MIME email messages. If not specified then a non-MIME message is created. The format options are text or html to generate parts of that type. NB: The log of safekeep is always sent as text.
The email address to be used as sender when sending the logs. If not specified safekeep will use SafeKeep@<hostname fqdn>.
In addition to writing the session logs on the standard output, safekeep can also send the logs via email to a number of recipients. This comma-separated list of emails designates the recipients of the logs. If not specified, safekeep will not attempt to email the logs.
Specifies the port to use to connect to the SMTP server. If not specified, safekeep will use the system default value, normally port 25/tcp.
Specifies the SMTP server used for sending mails if the email.to specifies any recipients. If not specified, safekeep will just use /usr/sbin/sendmail to deliver the mail.
Generate a summary part at the start of the email. Possible options are true, yes or 1. Anything elses as taken as false. NB: This requires email.format set and currently only used for server and list run types.
The default nice level adjustment for safekeep. It specifies an integer to be added to the current nice level. Nicenesses range from -20 (most favorable scheduling) to 19 (least favorable). To disable nice, set this value to 0. If no nice level is specified, safekeep is niced at +10.
The nice level adjustment for safekeep, used on the server side. It overrides the generic setting in nice.adjustment.
The default nice adjustment for the client. This settings is normally not all that important, as most of the load is on the server side. You can also set the remove nice level on a per-client basis in the .backup file (see /backup/host/@nice). NB: if you change this value, you will have to re-deploy the auth keys.
The default IO nice level adjustment for safekeep. It can be either none, idle, or an integer between 0-7 (with 0 being higher priority). See ionice(1) for more information. This is currently being used only on the server side, where IO load tends to be a problem. NB: this depends on the availability of ionice(1) on the system where the server is running. If ionice cannot be found, this setting is ignored. If no level is specified, it defaults to idle.
This is the default bandwidth limit for both upload and download for all the clients. It is an integer number of KB/s (see Notes section for more information). This value is optional.
This is the default bandwidth limit for download across all clients. If specified (with a value greater than 0) it will override the value set in bandwidth.overall (refer to it for more informatio). This value is optional.
This is the default bandwidth limit for upload across all clients. If specified (with a value greater than 0) it will override the value set in bandwidth.overall (refer to it for more information). This value is optional.
This is the default size to be used for any snapshots without a size value specified. It is passed to lvcreate(8) (LVM2), including the specification of a percentage (%). If not otherwise specified, the percentage is based on unallocated space (i.e. LVM2 %FREE), which is different to the interpretation within the <snapshot> option. This value is optional, it defaults to 20%FREE.
The SSH private key type to generate when safekeep --keys is used. This is passed to ssh-keygen(1) and not all valid types may be accepted on all systems. Only SSH protocol version 2 keys are accepted. This value is optional, it defaults to rsa.
Specifies the number of bits in the SSH private key to create. This is passed to ssh-keygen(1) and only certain sizes are accepted, depending of the key type. If no value is required, e.g. for ecdsa key type, give this option with no corresponding bit size. This value is optional, it defaults to 4096.
Specifies if StrictHostKeyChecking should be performed by the ssh client when connecting to the remote host. This value is optional, it defaults to ask. Set to yes if you sign host keys with a CA key or manage host keys by other means (FreeIPA/sssd, Ansible,,,). Setting this to no is a bit unsafe as new hosts are automatically added to known_hosts without any validation.
Safekeep uses trickle to implement bandwidth throttling (see http://monkey.org/~marius/pages/?page=trickle for more information). You will need to install it separately to use this feature (most Linux distributions have it packaged as trickle).
The bandwidth is calculated as an average over a 256KB window, and it is expressed as an integer number of kilo-bytes per second (e.g. 100, meaning 100KB/s). Bandwidth limits of zero are ignored.
The bandwidth throtlling can be customized for both download and upload (see bandwidth.download and bandwidth.upload) as well as on a per-client basis (see safekeep.backup(5) for more information).
safekeep(1), safekeep.backup(5), rdiff-backup(1), trickle(1), lvcreate(8), ssh-keygen(1)
This man page was originally written by Dimi Paun <firstname.lastname@example.org>.