cb601/edh-keygen
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f67991ab87dea48d993bdfe585de917c492fd281
edh-keygen/README.md

148 lines
3.1 KiB
Markdown
Raw Normal View History

Initial commit
2025-05-18 12:08:05 +02:00
# edh-keygen
Initial commit
2025-05-18 14:56:41 +02:00
Automated Diffie-Hellman key generation and service management script with flexible configuration and systemd integration and RPM packaging.
---
## Outline
1. [Features](#features)
2. [Installation](#installation)
3. [Configuration](#configuration)
4. [Directory Layout](#directory-layout)
5. [CRON Job Example](#cron-job-example)
6. [License](#license)
7. [Authors](#authors)
8. [Project Home](#project-home)
---
## Features
- Generates DH parameters for secure services
- Supports service restarts for root and non-root systemd users
- Configurable per-service and global settings via config file
- Customizable sync paths, ownership, and permissions for DH keys
- Weekly cron job integration for automated key regeneration
- RPM packaging for easy deployment
## Installation
1. Install required packages
```bash
sudo dnf install git rpm-build rpmdevtools yum-utils -y
```
2. Clone the Repository
```bash
git clone https://dev.town-square.de/cb601/edh-keygen.git
cd edh-keygen
```
3. Build the RPM package
You can use the provided Makefile:
```bash
make clean
make rpm
```
4. Install the RPM package
```bash
sudo yum localinstall rpmbuild/RPMS/noarch/edh-keygen-1.0-1.noarch.rpm
```
5. Verify the Installation
```bash
ls -l /opt/edh-keygen
```
You should see:
```bash
-rwxr-x--- 1 root root ... edh-keygen.sh
-rw-r----- 1 root root ... edh-keygen.conf
```
Check RPM info:
```bash
rpm -qil edh-keygen
```
## Configuration
The configuration file (`edh-keygen.conf` or `edh-keygen.local`) supports both global path settings and per-service lines.
See the file itself for detailed documentation and examples.
## Directory Layout
| Path | Purpose |
|------------------------------------ |---------------------------------|
| /opt/edh-keygen/edh-keygen.sh | Main script |
| /opt/edh-keygen/edh-keygen.conf | Overwritten config (always) |
| /opt/edh-keygen/edh-keygen.local | User config (never overwritten) |
| /etc/cron.weekly/edh-keygen | Cron job script (optional) |
## CRON Job Example
To run the key generator weekly, you have two options:
### 1. Crontab
You can add a weekly cron job directly to the root user's crontab:
Open the root crontab for editing:
```bash
sudo crontab -e
```
Add the following line to run the script every Sunday at 3:30 AM:
```bash
30 3 * * 0 /opt/edh-keygen/edh-keygen.sh
```
*(Adjust the schedule as needed. This example runs the script weekly on Sunday.)*
### 2. System Cron Weekly Directory
Create a script as `/etc/cron.weekly/edh-keygen`:
```bash
#!/bin/sh
/opt/edh-keygen/edh-keygen.sh
exit 0
```
Ensure the script is executable:
```bash
chmod 750 /etc/cron.weekly/edh-keygen
```
## License
[MIT](https://dev.town-square.de/cb601/edh-keygen/LICENSE)
## Authors
CB-601 - the open tec Elevator
- [Stephan Düsterhaupt](xmpp:me@jabber.stephanduesterhaupt.de)
- [Ivo Noack](xmpp:me@jabber.ivonoack.de) aka Insonic
## Project Home
Project Home: [https://dev.town-square.de/cb601/edh-keygen](https://dev.town-square.de/cb601/edh-keygen)
Reference in New Issue Copy Permalink