summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichał 'rysiek' Woźniak <rysiek@hackerspace.pl>2017-02-23 23:12:35 +0100
committerMichał 'rysiek' Woźniak <rysiek@hackerspace.pl>2017-02-23 23:12:35 +0100
commitc9494292a1f16f7f447fc24e2489c6f86992894e (patch)
tree46b27a5f6d32716ab758995db9d265cc7f4fccf3
parent131cb3b36809db35134ab08f8a269246571ef3d1 (diff)
downloadkuvert-c9494292a1f16f7f447fc24e2489c6f86992894e.tar.gz
kuvert-c9494292a1f16f7f447fc24e2489c6f86992894e.tar.bz2
kuvert-c9494292a1f16f7f447fc24e2489c6f86992894e.zip
more changes and explanation of assumptions
-rw-r--r--dot-kuvert.docker30
1 files changed, 24 insertions, 6 deletions
diff --git a/dot-kuvert.docker b/dot-kuvert.docker
index c170522..1b4ba5e 100644
--- a/dot-kuvert.docker
+++ b/dot-kuvert.docker
@@ -1,12 +1,26 @@
# ~/.kuvert: example configuration file for kuvert v2
+# to be used in a docker container
+#
+# there are a couple of strong assumptions in in this config file
+# as opposed to the default dot-kuvert
+#
+# 1. SMTP submission is the default mechanism
+# 2. unattended operation means passwordless secret key
+# 3. only one secret key used and available, most probably
+# auto-generated, so no need for defaultkey (let gpg select the key itself)
+# 4. submission via SMTP from outside the container requires binding to 0.0.0.0
+#
+# WARNING: DO NOT USE THIS FILE IN A NON-DOCKER ENVIRONMENT
+# WARNING: UNLESS YOU KNOW WHAT YOU ARE DOING
# options are given without leading whitespace
# which key to sign with by default
-defaultkey 0x1234abcd
+# if unset, gpg chooses -- usually first available secret key
+#defaultkey 0x1234abcd
# logging to syslog, which facility? defaults to no syslog
-syslog mail
+#syslog mail
# no separate logfile
logfile /home/kuvert/logs/kuvert.log
@@ -37,8 +51,9 @@ preamble f
msserver smtp.example.com
msport 587
ssl starttls
-# ssl-key mycerts/my.key.pem
-# ssl-cert mycerts/my.cert.pem
+#ssl-key mycerts/my.key.pem
+#ssl-cert mycerts/my.cert.pem
+#ssl-ca mycerts/ca.cert.pem
msuser kuvert@example.com
mspass smtp-password
mspass-from-query-secret f
@@ -58,11 +73,14 @@ mahost 0.0.0.0
ma-user kuvert
ma-pass ChangeMe
-defaultaction fallback-all
+defaultaction fallback
alwaystrust t
-use-agent f
+# using gpg agent means that if a key is passwordless
+# (as might be the case in a docker-based deployment)
+# kuvert will not hang on asking the user for password
+use-agent t
#query-secret /usr/bin/q-agent get %s
#flush-secret /usr/bin/q-agent delete %s