# These are basic definitions for shell AND python scripts AND dwarfguard c++ daemon
# Only variables are allowed here, no functions!
# Do NOT edit this file - syntax error here may result in:
# 1) undefined behavior of dwarfguard server
# 2) dwarfguard declining to start (downtime)
# If in need to configure some user-facing parameters, consult DWARFG_SHORT.ini file!
# NOTE: DWARFG_SHORT.ini allows you to override some of parameters here without editing this file directly
# NOTE: support costs spent on analysing and fixing problems caused by you messing with this file is not covered by any support level agreement and results in extra payments for support time spent
NAME="DWARFG_LONG"
SHORTNAME="DWARFG_SHORT"
DGDAEMON="${SHORTNAME}d"
VERSION="1.1.0"
DOMAIN=""
EXTERNURL=""
SERVID=""
SCDKEY=""
PORT_OFFSET=0
SERV_TUNSSH_PORT=22
USE_SSL=${USE_SSL:-0}
DWARFG_PORT=8484
WEBSSH_PORT=8383
# NOTE: WEBSSH_PORT - uses as may ports as many ssh tunnels allowed by license. Make sure no collision happens in case of multi-deploy. This is manual settings - restart Dwarfguard after you update the value.
LISTENER_THREADS=2
DEVICE_INTERVAL_DEFAULT=260
BASEDIR="/opt"
DBPASS=${DBPASS:-}
SYSCTLPATH="/usr/bin/systemctl"
DWARFG_DBN="${SHORTNAME}_${DOMAIN//[.-]/_}"
DWARFG_NAM="${SHORTNAME}_$DOMAIN"
DWARFG_CACHE="$BASEDIR/cache_${SHORTNAME}"
DWARFG_BACKUP="$BASEDIR/backup_${SHORTNAME}"
DWARFG_HOME="$DWARFG_CACHE/home"
DWARFG_SITECONF="$DWARFG_HOME/.${SHORTNAME}_site_config"
DEPLOYMENTS="$DWARFG_CACHE/${SHORTNAME}_deployments"
DEPLOY_POSTFIX="$DWARFG_NAM"
BINDIR="$BASEDIR/$DWARFG_NAM"
SRVDIR="/srv/$DWARFG_NAM"
GUIDIR="$BINDIR/web/gui"
NOTIFYDIR="$BINDIR/notifier"
SECRETSDIR="$BINDIR/secrets"
KEYSDIR="$SECRETSDIR/keys"
PWFILESDIR="$SECRETSDIR/pwdfiles"
SYSDEVSDIR="$SECRETSDIR/system_dev_creds"
WEBVARDIR="$SRVDIR/var"
FWUPLOADDIR="$WEBVARDIR/fwupload"
PYTHON_VENV="$BINDIR/python_venv"
LICUPLOADDIR="$WEBVARDIR/licupload"
APACHE_RELOAD="systemctl reload apache2"
APASITESDIR="/etc/apache2/sites-available"
APACFGAVDIR="/etc/apache2/sites-available"
APACFGENDIR="/etc/apache2/sites-enabled"
DWARFG_APACONF="apache_${DWARFG_NAM}.conf"
DWARFG_APACONF_AREF="${DWARFG_NAM}.conf"
DWARFG_APACONF_INST="${SHORTNAME}_apache_initial.conf"
DWARFG_APACONF_INST_NOSSL="${SHORTNAME}_apache_initial_nossl.conf"
DWARFG_APACONF_BCK="apache_${DWARFG_NAM}.conf.backup"
DWARFG_APAWEBROOT="/var/www/$DWARFG_NAM"
DWARFG_DIR_WEB="$BINDIR/web"
DWARFG_DIR_CGI="$DWARFG_DIR_WEB/cgi"
DWARFG_AUX="$DWARFG_CACHE/aux_libs"
SNMP_GW="snmp_gw"
SRVDIR_SRV="$SRVDIR/persistent"
SRV_LICLOCK="$SRVDIR_SRV/liclock"
SSHWIFTY_TEMPLATE="$BINDIR/sshwifty_template.conf.json"
SRVDIR_CLI="$SRVDIR/ramdisk"
SRVDIR_FW="$SRVDIR/firmware"
SRVDIR_CONFIG="$SRVDIR/config"
FW_FLAVORS="conelos rutos cstech"
CMDLINE_DIR="cmdline"
FWDOWN_COMPLETE="fw_download_complete"
SRVDIR_EVENT="$SRVDIR_CLI/events"
SRVDIR_CLIDATA="$SRVDIR_CLI/data"
SRVDIR_EVGUI="$SRVDIR_EVENT/gui"
SRVDIR_EVREG="$SRVDIR_EVENT/reg"
SRVDIR_EVDATA="$SRVDIR_EVENT/data"
LOGDIR="$SRVDIR/logs"
DCL_FILE="$LOGDIR/dcl.txt"
SUPPORT_DEVICE_SCRIPTS=""
DATADUMPDIR="$LOGDIR/datadumps"
APPUSER="$SHORTNAME"
APPGROUP="$SHORTNAME"
WWWUSER="www-data"
WMGROUP="www-data"
BASEFUNCS="app_funcs.sh"
AFTERINST="${SHORTNAME}_init.sh"
DWARFG_CTL="${SHORTNAME}_ctl.sh"
PYLOG="log_cgi.txt"
DWARFG_LOG="log_${SHORTNAME}.txt"
MDLCFG="dwarflib_cfg.txt"
PIDLOG="pidfile.txt"
NHLOG="log_nohup_${SHORTNAME}.txt"
SFN_DATA="data.txt"
FN_DEFAULTS="defaults.tgz"
FN_BACKARCH="cfgbackup.tgz"
FN_DEFMERGE="defmerge.txt"
FN_CFGMERGE="cfgbackup.txt"
T_SCRRES_PREF="RES:"
# The following (if not empty) enforces setting the g_forced_security variable to the specified value whenever any agent archive is repackaged. It should be set ONLY DURING DEPLOYMENT using the appropriate install option. Touching this after deployment is done threatens breaking installed agents -> server communication irreversibly, requiring all device's agents reinstallation! The use case for this is when customer runs devices and server on VPN using internal CA that is not trustworthy to the devices. Setting the variable to 0 makes sense in that case.
AGENT_FORCED_SECURITY=
# WARNING! the following is hard-coded in agent.sh as well! Do not change + note version note
AGENTADATADIR="opt/a${SHORTNAME}/data"
AERR_INVID=1 # 0.1; Invalid ID
AERR_NOTEX=2 # 0.1; Not-existent ID (on server)
AERR_REGPR=3 # 0.1; Device registration (still) in progress
AERR_SERFU=4 # 0.1; Server full
AERR_SERVE=5 # 0.1; Server error (internal)
AERR_INVDA=6 # 0.1; Invalid data from client (agent)
AERR_DATAL=7 # 0.1; (Some) Data for device already waiting for processing on server (event locked)
AERR_DATAP=8 # 0.1; Data for device still being processed on server
AERR_COMME=9 # 0.4; Communication error / protocol not understood (agent too new for old sever version)
AERR_NESER=10 # 0.6; Non-Equal SERver - mismatched SERVer ID (agent belonging to another server)
FORM_DEVID="device_id"
FORM_FDATA="filedata"
FORM_DDATA="defdata"
FORM_BDATA="cfgdata"
FORM_DEVT="device_type"
FORM_PROTV="protocol_version"
DEVT_ADVR="Advantech router"
DEVT_LINB="Linux box"
DEVT_OWRT="OpenWRT box"
DEVT_TELT="Teltonika router"
DEVT_TEGW="CSTECH gateway"
DEVT_SNMP="SNMP device"
T_DEVID_SEP=":"
T_SECT_START=":>>>>"
T_SECT_END="<<<<:"
T_LC_SEPARATOR=";"
T_SSECT_START=":--->"
T_SSECT_END="<---:"
T_SECT_VARS="VARS"
T_SECT_CONF="CONF"
T_SECT_STAT="STAT"
T_SECT_CUST="CUST"
T_SECT_LONGSTAT="LONGSTAT"
T_SECT_CMDS="CMDS"
T_DS_C_UPTIME="CMD_uptime"
T_DS_F_RCONF="FILE_resolvconf"
T_DS_C_HOSTNAME="CMD_hostname"
T_DS_S_SYS="status sys"
T_DS_S_LAN="status lan"
T_DS_S_NET="netdev"
T_DS_S_MWAN="status mwan"
T_DS_S_WIFI="status wifi"
T_DS_S_MOBI="status mobile"
T_DS_S_MODU="status module"
T_DS_S_PORT="status ports"
T_DS_S_VARI="various"
T_DS_S_UMOD="user modules"
T_DS_F_PPPIP="FILE_pppip"