Major change of approach and rewrite.

[ssh-ca] / etc / config.sh

diff --git a/etc/config.sh b/etc/config.sh
new file mode 100644 (file)
index 0000000..b27ec96
--- /dev/null
+++ b/etc/config.sh
@@ -0,0 +1,34 @@
+### -*-sh-*-
+###
+### Configuration for ssh-ca.
+
+###--------------------------------------------------------------------------
+### General configuration.
+
+## General configuration defaults.
+keytypes="rsa:3072 dsa:1024"
+domain="distorted.org.uk"
+cacomment="ssh-ca@$domain"
+validity="-1d:+2d"
+publish_target="vampire.distorted.org.uk:/var/www/"
+
+## GnuPG defaults.
+gnupg_key_type=RSA gnupg_key_length=3072
+gnupg_key_realname_prefix="distorted.org.uk "
+gnupg_key_email_domain="$domain"
+
+###--------------------------------------------------------------------------
+### Scope for the CA.
+
+## Domain name.
+scope="*.$domain"
+
+## IPv4 addresses.
+for i in 144 145 146 147 148 149; do scope=$scope,"62.49.204.$i"; done
+scope=$scope,"62.49.204.15?"
+for i in 198 199; do scope=$scope,"172.29.198.*,172.29.199.*"; done
+
+## IPv6 addresses.
+scope=$scope,"2001:470:1f09:1b98:*,2001:470:9740:*"
+
+###----- That's all, folks --------------------------------------------------