# -----------------------------------------------------------------------------
# edh-keygen Configuration File
#
# GLOBAL SETTINGS (must appear before any service lines):
#
#   tls_tmp_path     - Temporary folder for DH key generation
#   tls_private_path - Folder where DH keys are stored permanently
#   key_sizes        - (Optional) Space-separated list of DH key sizes to generate.
#
# If omitted, the following defaults are used:
#   tls_tmp_path=/etc/pki/tls/tmp
#   tls_private_path=/etc/pki/tls/private/
#
# key_sizes usage:
#   You can define a global list of Diffie-Hellman key sizes to generate by
#   setting the 'key_sizes' parameter at the top of this file. This allows you
#   to explicitly control which DH parameter sizes are created, regardless of
#   the sizes specified in individual service lines.
#
#   Example:
#     key_sizes=2048 4096
#
#   - This will instruct the script to generate DH parameters for 2048
#     and 4096 bits.
#   - If 'key_sizes' is not set, the script will automatically extract all key
#     sizes used in the service definitions and generate those.
#   - Use a space-separated list for multiple sizes.
#
# Example:
#   tls_tmp_path=/etc/pki/tls/tmp
#   tls_private_path=/etc/pki/tls/private/
#   key_sizes=2048 4096
#
# -----------------------------------------------------------------------------
#
# SERVICE LINES
#
# Supported Formats (per line):
#
# 1. Simple format:
#      service_name:owner
#    - Only the service and owner are specified.
#    - The DH keys will be managed in the default/generic folder.
#
# 2. Extended format:
#      service_name:owner:key_size:sync_path:user.group:file_permissions
#    - All fields are specified for advanced key syncing and permission control.
#
# Fields (for extended format):
#   service_name     - The systemd service name (without .service)
#   owner            - The user who owns the service (e.g. root, containeradmin)
#   key_size         - Size of the DH key to generate and sync (e.g. 2048, 4096)
#   sync_path        - Absolute path where the DH key should be copied/synced
#   user.group       - Ownership (user and group) to set on the sync_path and DH key
#   file_permissions - Permissions to set on the DH key file (e.g. 640, 600)
#
# Notes:
# - Lines starting with '#' or empty lines are ignored.
# - If only service_name and owner are given, the script uses the default key folder.
# - If sync_path, user.group, or file_permissions are omitted, syncing is skipped.
#
# Examples:
#   # Simple usage (uses default key folder):
#   dovecot:root
#
#   # Extended usage (custom sync, owner and permissions):
#   dovecot:root:2048:/etc/dovecot/ssl:root.dovecot:640
#   postfix:postfix:4096:/etc/postfix/ssl:postfix.postfix:600
#
# This file can be overridden by 'edh-keygen.local' in the same directory,
# which is preserved during package upgrades.
# -----------------------------------------------------------------------------

# Global settings
#tls_tmp_path=/etc/pki/tls/tmp
#tls_private_path=/etc/pki/tls/private/
#key_sizes=2048 4096

# Service lines
#dovecot:root
#postfix:postfix:4096:/etc/postfix/ssl:postfix.postfix:600