| blob | 7c380c5b5b0ee39950c6a6ab126e6f6b32f95b5b |
2 #==========
3 # General-purpose options.
5 # We chdir to this directory when we start; all files with relative
6 # pathnames are created under this directory
7 RUN_IN_DIR = "~/run/"
9 # Either a file in which to write our pid, or None
10 PIDFILE = "bridgedb.pid"
12 # Either a file to log to, or None if we should log to the console.
13 LOGFILE = "bridgedb.log"
14 # One of "DEBUG", "INFO", "WARNING", "ERROR"...
15 LOGLEVEL = "INFO"
17 # Files from which we read bridge descriptors, on start and on SIGHUP.
18 BRIDGE_FILES = [ "./bridge-descriptors" ]
20 # File from which we read routerstatus entries, for learning which
21 # current bridges are Running.
22 STATUS_FILE = "networkstatus-bridges"
24 # Only consider routers whose purpose matches this string.
25 BRIDGE_PURPOSE = "bridge"
26 # File to store persistent info in.
27 DB_FILE = "./bridgedist.db"
28 # File to log changes to persistent info in. For debugging and bugfixing.
29 DB_LOG_FILE = "./bridgedist.log"
30 # File in which we store our secret HMAC root key.
31 MASTER_KEY_FILE = "./secret_key"
33 # How many clusters do we group IPs in when distributing bridges based on IP?
34 N_IP_CLUSTERS = 4
36 #==========
37 # Options related to HTTPS
39 # True if we are enabling distribution via HTTP or HTTPS; False otherwise.
40 HTTPS_DIST = True
41 # What proportion of bridges do we allocate to HTTP distribution? See
42 # EMAIL_SHARE and RESERVED_SHARE.
43 HTTPS_SHARE=10
44 # An IP address (form "1.2.3.4") where we listen for HTTPS connections.
45 # "None" to listen on the default interface.
46 HTTPS_BIND_IP=None
47 # Port to listen on for incoming HTTPS connections
48 HTTPS_PORT=3443
49 # Certificate file
50 HTTPS_CERT_FILE="cert"
51 # Private key file.
52 HTTPS_KEY_FILE="privkey.pem"
53 # IP and port to listen on for unencrypted HTTP connections. Debugging only.
54 HTTP_UNENCRYPTED_BIND_IP=None
55 HTTP_UNENCRYPTED_PORT=None
56 # How many bridges do we give back in an answer?
57 HTTPS_N_BRIDGES_PER_ANSWER=3
59 #==========
60 # Options related to Email
62 # True if we are enabling distribution via Email; false otherwise.
63 EMAIL_DIST = True
64 # What proportion of bridges do we allocate to Email distribution? See
65 # HTTPS_SHARE and RESERVED_SHARE.
66 EMAIL_SHARE=10
67 # Canonical versions of domains that we will reply to.
68 EMAIL_DOMAINS = [ "gmail.com", "yahoo.com" ]
69 # Map from unofficial domain to canonical domain.
70 EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com",
71 "googlemail.com" : "gmail.com",
72 }
73 # Map from canonical domain to list of options for that domain. Recognized
74 # options are:
75 # "ignore_dots" -- the service ignores "." characters in email addresses.
76 # "dkim" -- if there is not a X-DKIM-Authentication-Result header
77 # with the value "pass", then drop the message.
78 #
79 # Note that unrecognized options are ignored; be sure to spell them right!
80 EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"],
81 'yahoo.com' : ["dkim"]
82 }
83 # If there are any IPs in this list, only allow incoming connections from
84 # those IPs.
85 EMAIL_RESTRICT_IPS=[]
86 # IP and port to listen on for email connections. Debugging only.
87 EMAIL_BIND_IP="127.0.0.1"
88 EMAIL_PORT=6725
89 # How many bridges do we give back in an answer?
90 EMAIL_N_BRIDGES_PER_ANSWER=3
92 #==========
93 # Options related to unallocated bridges.
95 # We split bridges into a group accessible by HTTPS queries; a group
96 # accessible by email queries; and a group that we don't assign to any
97 # query mechanism. Once a bridge is assigned to either of the first
98 # two groups, it stays there persistently. The bridges are allocated
99 # to these groups in a proportion of
100 # HTTPS_SHARE : EMAIL_SHARE : RESERVED_SHARE
101 RESERVED_SHARE=2