More sigul adjustments for secondary

2015-04-27 19:50:21 +00:00 · 2015-04-27 19:50:21 +00:00 · 7157da1221
commit 7157da1221
parent 740c26fc93
4 changed files with 114 additions and 7 deletions
--- a/files/sign/bridge.conf.secondary.j2
+++ b/files/sign/bridge.conf.secondary.j2
@ -0,0 +1,44 @@
+# This is a configuration for the sigul bridge.
+#
+[bridge]
+# Nickname of the bridge's certificate in the NSS database specified below
+bridge-cert-nickname: secondary-signer
+# Port on which the bridge expects client connections
+client-listen-port: 44334
+# Port on which the bridge expects server connections
+server-listen-port: 44333
+# A Fedora account system group required for access to the signing server.  If
+# empty, no Fedora account check is done.
+; required-fas-group:
+# User name and password for an account on the Fedora account system that can
+# be used to verify group memberships
+; fas-user-name:
+; fas-password:
+#
+[koji]
+# Config file used to connect to the Koji hub
+# ; koji-config: ~/.koji/config
+# # Recognized alternative instances
+koji-instances: ppc s390 arm sparc
+#
+# # Example configuration of alternative instances:
+# # koji-instances: ppc64 s390
+# # Configuration paths for alternative instances:
+koji-config-ppc: /etc/koji-ppc.conf
+koji-config-s390: /etc/koji-s390.conf
+koji-config-arm: /etc/koji-arm.conf
+koji-config-sparc: /etc/koji-sparc.conf
+#
+#
+[daemon]
+# The user to run as
+unix-user: sigul
+# The group to run as
+unix-group: sigul
+#
+[nss]
+# Path to a directory containing a NSS database
+nss-dir: /var/lib/sigul
+# Password for accessing the NSS database.  If not specified, the bridge will
+# ask on startup
+#
--- a/files/sign/server.conf.primary
+++ b/files/sign/server.conf.primary
--- a/files/sign/server.conf.secondary
+++ b/files/sign/server.conf.secondary
@ -0,0 +1,51 @@
+# This is a configuration for the sigul server.
+
+# FIXME: remove my data
+
+[server]
+# Host name of the publically acessible bridge to clients
+bridge-hostname: secondary-signer
+# Port on which the bridge expects server connections
+; bridge-port: 44333
+# Maximum accepted size of payload stored on disk
+max-file-payload-size: 2073741824
+# Maximum accepted size of payload stored in server's memory
+max-memory-payload-size: 1048576
+# Nickname of the server's certificate in the NSS database specified below
+server-cert-nickname: secondary-signer-server
+
+signing-timeout: 4000
+
+[database]
+# Path to a SQLite database
+; database-path: /var/lib/sigul/server.conf
+
+[gnupg]
+# Path to a directory containing GPG configuration and keyrings
+gnupg-home: /var/lib/sigul/gnupg
+# Default primary key type for newly created keys
+gnupg-key-type: RSA
+# Default primary key length for newly created keys
+gnupg-key-length: 4096
+# Default subkey type for newly created keys, empty for no subkey
+#gnupg-subkey-type: ELG-E
+# Default subkey length for newly created keys if gnupg-subkey-type is not empty
+# gnupg-subkey-length: 4096
+# Default key usage flags for newly created keys
+gnupg-key-usage: encrypt, sign
+# Length of key passphrases used for newsly created keys
+; passphrase-length: 64
+
+[daemon]
+# The user to run as
+unix-user: sigul
+# The group to run as
+unix-group: sigul
+
+[nss]
+# Path to a directory containing a NSS database
+nss-dir: /var/lib/sigul
+# Password for accessing the NSS database.  If not specified, the server will
+# ask on startup
+; nss-password is not specified by default
+