| 1 | ### -*-sh-*- |
| 2 | ### |
| 3 | ### Configuration for ssh-ca. |
| 4 | |
| 5 | ###-------------------------------------------------------------------------- |
| 6 | ### General configuration. |
| 7 | |
| 8 | ## General configuration defaults. |
| 9 | keytypes="rsa:3072 dsa:1024" |
| 10 | domain="distorted.org.uk" |
| 11 | cacomment="ssh-ca@$domain" |
| 12 | validity="-1h:+2d1h" |
| 13 | publish_target="vampire.distorted.org.uk:/var/www/ssh-ca/" |
| 14 | |
| 15 | ## GnuPG defaults. |
| 16 | gnupg_key_type=RSA gnupg_key_length=3072 |
| 17 | gnupg_key_realname_prefix="distorted.org.uk " |
| 18 | gnupg_key_email_domain="$domain" |
| 19 | |
| 20 | ###-------------------------------------------------------------------------- |
| 21 | ### Scope for the CA. |
| 22 | |
| 23 | ## Domain name. |
| 24 | scope="*.$domain" |
| 25 | |
| 26 | ## IPv4 addresses. |
| 27 | for i in 144 145 146 147 148 149; do scope=$scope,"62.49.204.$i"; done |
| 28 | scope=$scope,"62.49.204.15?" |
| 29 | for i in 198 199; do scope=$scope,"172.29.$i.*"; done |
| 30 | scope=$scope,"212.13.198.69,212.13.198.7?" |
| 31 | |
| 32 | ## IPv6 addresses. |
| 33 | scope=$scope,"2001:470:1f08:1b98::2,2001:470:1f09:1b98:*" |
| 34 | scope=$scope,"2001:470:9740:*" |
| 35 | scope=$scope,"2001:ba8:0:1d9:*,2001:ba8:1d9:*" |
| 36 | |
| 37 | ###----- That's all, folks -------------------------------------------------- |