# edh-keygen

Automated Diffie-Hellman key generation and service management script with flexible configuration and systemd integration and RPM packaging.

---

## Outline

1. [Features](#features)
2. [Installation](#installation)
3. [Configuration](#configuration)
4. [Directory Layout](#directory-layout)
5. [CRON Job Example](#cron-job-example)
6. [License](#license)
7. [Authors](#authors)
8. [Project Home](#project-home)

---

## Features

- Generates DH parameters for secure services
- Supports service restarts for root and non-root systemd users
- Configurable per-service and global settings via config file
- Customizable sync paths, ownership, and permissions for DH keys
- Weekly cron job integration for automated key regeneration
- RPM packaging for easy deployment

## Installation

1. Install required packages

```bash
sudo dnf install git rpm-build rpmdevtools yum-utils -y
```

2. Clone the Repository

```bash
git clone https://dev.town-square.de/cb601/edh-keygen.git

cd edh-keygen
```

3. Build the RPM package

You can use the provided Makefile:

```bash
make clean
make rpm
```

4. Install the RPM package

```bash
sudo yum localinstall rpmbuild/RPMS/noarch/edh-keygen-1.0-1.noarch.rpm
```

5. Verify the Installation

```bash
ls -l /opt/edh-keygen
```

You should see:

```bash
-rwxr-x--- 1 root root ... edh-keygen.sh
-rw-r----- 1 root root ... edh-keygen.conf
```

Check RPM info:

```bash
rpm -qil edh-keygen
```


## Configuration

The configuration file (`edh-keygen.conf` or `edh-keygen.local`) supports both global path settings and per-service lines.
See the file itself for detailed documentation and examples.

## Directory Layout

| Path                                | Purpose                         |
|------------------------------------ |---------------------------------|
| /opt/edh-keygen/edh-keygen.sh       | Main script                     |
| /opt/edh-keygen/edh-keygen.conf     | Overwritten config (always)     |
| /opt/edh-keygen/edh-keygen.local    | User config (never overwritten) |
| /etc/cron.weekly/edh-keygen         | Cron job script (optional)      |

## CRON Job Example

To run the key generator weekly, you have two options:

### 1. Crontab

You can add a weekly cron job directly to the root user's crontab:

Open the root crontab for editing:

```bash
sudo crontab -e
```

Add the following line to run the script every Sunday at 3:30 AM:

```bash
30 3 * * 0 /opt/edh-keygen/edh-keygen.sh
```

*(Adjust the schedule as needed. This example runs the script weekly on Sunday.)*

### 2. System Cron Weekly Directory

Create a script as `/etc/cron.weekly/edh-keygen`:

```bash
#!/bin/sh

/opt/edh-keygen/edh-keygen.sh

exit 0
```

Ensure the script is executable:

```bash
chmod 750 /etc/cron.weekly/edh-keygen
```

## License

[MIT](https://dev.town-square.de/cb601/edh-keygen/LICENSE)

## Authors

CB-601 - the open tec Elevator

- [Stephan Düsterhaupt](xmpp:me@jabber.stephanduesterhaupt.de)
- [Ivo Noack](xmpp:me@jabber.ivonoack.de) aka Insonic

## Project Home

Project Home: [https://dev.town-square.de/cb601/edh-keygen](https://dev.town-square.de/cb601/edh-keygen)