82 lines
3.1 KiB
Plaintext
82 lines
3.1 KiB
Plaintext
# -----------------------------------------------------------------------------
|
|
# edh-keygen Configuration File
|
|
#
|
|
# GLOBAL SETTINGS (must appear before any service lines):
|
|
#
|
|
# tls_tmp_path - Temporary folder for DH key generation
|
|
# tls_private_path - Folder where DH keys are stored permanently
|
|
# key_sizes - (Optional) Space-separated list of DH key sizes to generate.
|
|
#
|
|
# If omitted, the following defaults are used:
|
|
# tls_tmp_path=/etc/pki/tls/tmp
|
|
# tls_private_path=/etc/pki/tls/private/
|
|
#
|
|
# key_sizes usage:
|
|
# You can define a global list of Diffie-Hellman key sizes to generate by
|
|
# setting the 'key_sizes' parameter at the top of this file. This allows you
|
|
# to explicitly control which DH parameter sizes are created, regardless of
|
|
# the sizes specified in individual service lines.
|
|
#
|
|
# Example:
|
|
# key_sizes=2048 4096
|
|
#
|
|
# - This will instruct the script to generate DH parameters for 2048
|
|
# and 4096 bits.
|
|
# - If 'key_sizes' is not set, the script will automatically extract all key
|
|
# sizes used in the service definitions and generate those.
|
|
# - Use a space-separated list for multiple sizes.
|
|
#
|
|
# Example:
|
|
# tls_tmp_path=/etc/pki/tls/tmp
|
|
# tls_private_path=/etc/pki/tls/private/
|
|
# key_sizes=2048 4096
|
|
#
|
|
# -----------------------------------------------------------------------------
|
|
#
|
|
# SERVICE LINES
|
|
#
|
|
# Supported Formats (per line):
|
|
#
|
|
# 1. Simple format:
|
|
# service_name:owner
|
|
# - Only the service and owner are specified.
|
|
# - The DH keys will be managed in the default/generic folder.
|
|
#
|
|
# 2. Extended format:
|
|
# service_name:owner:key_size:sync_path:user.group:file_permissions
|
|
# - All fields are specified for advanced key syncing and permission control.
|
|
#
|
|
# Fields (for extended format):
|
|
# service_name - The systemd service name (without .service)
|
|
# owner - The user who owns the service (e.g. root, containeradmin)
|
|
# key_size - Size of the DH key to generate and sync (e.g. 2048, 4096)
|
|
# sync_path - Absolute path where the DH key should be copied/synced
|
|
# user.group - Ownership (user and group) to set on the sync_path and DH key
|
|
# file_permissions - Permissions to set on the DH key file (e.g. 640, 600)
|
|
#
|
|
# Notes:
|
|
# - Lines starting with '#' or empty lines are ignored.
|
|
# - If only service_name and owner are given, the script uses the default key folder.
|
|
# - If sync_path, user.group, or file_permissions are omitted, syncing is skipped.
|
|
#
|
|
# Examples:
|
|
# # Simple usage (uses default key folder):
|
|
# dovecot:root
|
|
#
|
|
# # Extended usage (custom sync, owner and permissions):
|
|
# dovecot:root:2048:/etc/dovecot/ssl:root.dovecot:640
|
|
# postfix:postfix:4096:/etc/postfix/ssl:postfix.postfix:600
|
|
#
|
|
# This file can be overridden by 'edh-keygen.local' in the same directory,
|
|
# which is preserved during package upgrades.
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Global settings
|
|
#tls_tmp_path=/etc/pki/tls/tmp
|
|
#tls_private_path=/etc/pki/tls/private/
|
|
#key_sizes=2048 4096
|
|
|
|
# Service lines
|
|
#dovecot:root
|
|
#postfix:postfix:4096:/etc/postfix/ssl:postfix.postfix:600
|