cb601/edh-keygen
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Stephan Düsterhaupt
2025-05-18 14:56:41 +02:00
parent 99d8cf6272
commit f67991ab87
7 changed files with 494 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
edh-keygen.conf Normal file
View File

@@ -0,0 +1,63 @@
# -----------------------------------------------------------------------------
# edh-keygen Configuration File
#
# GLOBAL SETTINGS (must appear before any service lines):
#
# tls_tmp_path - Temporary folder for DH key generation
# tls_private_path - Folder where DH keys are stored permanently
#
# If omitted, the following defaults are used:
# tls_tmp_path=/etc/pki/tls/tmp
# tls_private_path=/etc/pki/tls/private/
#
# Example:
# tls_tmp_path=/etc/pki/tls/tmp
# tls_private_path=/etc/pki/tls/private/
#
# -----------------------------------------------------------------------------
#
# SERVICE LINES
#
# Supported Formats (per line):
#
# 1. Simple format:
# service_name:owner
# - Only the service and owner are specified.
# - The DH keys will be managed in the default/generic folder.
#
# 2. Extended format:
# service_name:owner:key_size:sync_path:user.group:file_permissions
# - All fields are specified for advanced key syncing and permission control.
#
# Fields (for extended format):
# service_name - The systemd service name (without .service)
# owner - The user who owns the service (e.g. root, containeradmin)
# key_size - Size of the DH key to generate and sync (e.g. 2048, 4096)
# sync_path - Absolute path where the DH key should be copied/synced
# user.group - Ownership (user and group) to set on the sync_path and DH key
# file_permissions - Permissions to set on the DH key file (e.g. 640, 600)
#
# Notes:
# - Lines starting with '#' or empty lines are ignored.
# - If only service_name and owner are given, the script uses the default key folder.
# - If sync_path, user.group, or file_permissions are omitted, syncing is skipped.
#
# Examples:
# # Simple usage (uses default key folder):
# dovecot:root
#
# # Extended usage (custom sync, owner and permissions):
# dovecot:root:2048:/etc/dovecot/ssl:root.dovecot:640
# postfix:postfix:4096:/etc/postfix/ssl:postfix.postfix:600
#
# This file can be overridden by 'edh-keygen.local' in the same directory,
# which is preserved during package upgrades.
# -----------------------------------------------------------------------------
# Global settings
#tls_tmp_path=/etc/pki/tls/tmp
#tls_private_path=/etc/pki/tls/private/
# Service lines
#dovecot:root
#postfix:postfix:4096:/etc/postfix/ssl:postfix.postfix:600