opendnssec-common 1:2.1.3-0.2build1 / usr / share / opendnssec / conf.rnc

# Copyright (c) 2009 .SE (The Internet Infrastructure Foundation).
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

datatypes xsd = "http://www.w3.org/2001/XMLSchema-datatypes"

start = element Configuration {

	# List of all known Key Repositories (aka HSM:s)
	element RepositoryList {
		element Repository {
			# Symbolic name of repository
			attribute name { xsd:string } &

			# PKCS#11 Module (aka shared library)
			element Module { xsd:string } &

			# PKCS#11 Token Label &
			element TokenLabel { xsd:string } &

			# PKCS#11 Login Credentials
			element PIN { xsd:string }? &

			# Maxmimum number of key pairs in the repository
			# DEFAULT: infinite
			element Capacity { xsd:positiveInteger }? &

			# Require backup of keys before use (optional)
			element RequireBackup { empty }? &

			# Do not maintain public keys in the repository (optional)
			element SkipPublicKey { empty }? &

			# Generate extractable keys (CKA_EXTRACTABLE = TRUE) (optional)
			element AllowExtract { empty }?

		}*
	} &

	# Common configuration options
	element Common {
		# Configuration parameters for logging
		element Logging {
			element Verbosity { xsd:nonNegativeInteger }? &
			
			element Syslog {
				# syslog facility
				element Facility { syslogFacility }
			}?
		}? &

		# Location to find the KASP file
		element PolicyFile { xsd:string } &

		# Location to store the zonelist XML file
		element ZoneListFile { xsd:string }
	} &

	# Configuration parameters for the KASP Enforcer
	element Enforcer {
		# User & group to drop privs to
		privs?

		# Where to store internal Enforcer state
		& element Datastore { (mysql | sqlite) }

		# Use manual key generation?
		& element ManualKeyGeneration { empty }?

		# Period to automatically pre-generate keys for, when ManualKeyGeneration is not used
		# DEFAULT: P1Y
		& element AutomaticKeyGenerationPeriod { xsd:duration }?

		# How long before a KSK Rollover should we start warning (optional)
		& element RolloverNotification { xsd:duration }?

		# Command to use for submitting new DS records to a parent -
		# the command should accept DNSKEY RRsets via STDIN
		& element DelegationSignerSubmitCommand { xsd:string }?

		# Command to use for retracting an existing DS record from the parent -
		# the command should accept DNSKEY RRsets via STDIN
		& element DelegationSignerRetractCommand { xsd:string }?

		# File used to detect enforcerd is already running.
		& element PidFile { xsd:string }?

		# Socket to use for communicating between enforcer and enforcerd
		& element SocketFile { xsd:string }?

		# Location to store intermediate enforcer information
		# DEFAULT: $(localstatedir)/opendnssec/tmp
		& element WorkingDirectory { xsd:string }?

		# Number of Worker Threads
		# DEFAULT: 4
		& element WorkerThreads { xsd:nonNegativeInteger }?
	} &

	# Configuration parameters for the Signer
	element Signer {
		# User & group to drop privs to
		privs? &

		# Location to store intermediate zone information
		# DEFAULT: $(localstatedir)/opendnssec/tmp
		element WorkingDirectory { xsd:string }? &

		# Number of Worker Threads
		# DEFAULT: 4
		element WorkerThreads { xsd:positiveInteger }? &
		# Number of Signer Threads
		# DEFAULT: 4
		element SignerThreads { xsd:positiveInteger }? &

		# Listener
		# DEFAULT PORT: 15354
		element Listener {
			interface*
		}? &

		# System command to call after a zone has been (re)signed
		#
		# '%zone' in the string will be replaced by the zone name
		# '%zonefile' in the string will be replaced by the zone file
		element NotifyCommand { xsd:string }?
	}?
}

syslogFacility = (
	"kern" | "user" | "mail" | "daemon" | "auth" |
	"lpr" | "news" | "uucp" | "cron" |
	"local0" | "local1" | "local2" | "local3" |
	"local4" | "local5" | "local6" | "local7"
	)

privs = element Privileges {
	# DEFAULT: do not drop privs
	element User { xsd:string }? &

	# DEFAULT: do not drop privs
	element Group { xsd:string }? &
	
	# chroot directory to use
	element Directory {xsd:string }?
}

mysql = element MySQL {
	element Host {
		# DEFAULT: 3306
		attribute Port { xsd:positiveInteger { maxInclusive = "65535" } }?,

		# DEFAULT: 127.0.0.1
		xsd:string }? &

	# database to use for KASP tables
	element Database { xsd:string } &

	# username and password used to connect to database
	element Username { xsd:string } &
	element Password { xsd:string }
}

sqlite = element SQLite { xsd:string }

interface = element Interface {	address? & port? }

address = element Address { xsd:string } # e.g., 192.0.2.1 or 2001:DB8::1
port    = element Port { xsd:positiveInteger { maxInclusive = "65535" } }