Use new directives in host documentation
authorJan Dittberner <jandd@cacert.org>
Sat, 7 May 2016 21:01:11 +0000 (23:01 +0200)
committerJan Dittberner <jandd@cacert.org>
Sat, 7 May 2016 21:01:11 +0000 (23:01 +0200)
This commit changes the existing host documents to use the new sslcert
and sshkeys directives. The templates have been adapted to contain
example directives to be filled.

docs/critical/template.rst
docs/sshkeys.rst
docs/systems/arbitration.rst
docs/systems/blog.rst
docs/systems/board.rst
docs/systems/email.rst
docs/systems/infra02.rst
docs/systems/monitor.rst
docs/systems/template.rst
docs/systems/webmail.rst

index 006f7ed..6419262 100644 (file)
@@ -228,24 +228,13 @@ Outbound network connections
 Security
 ========
 
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint                                         |
-+===========+=====================================================+
-| RSA       |                                                     |
-+-----------+-----------------------------------------------------+
-| DSA       |                                                     |
-+-----------+-----------------------------------------------------+
-| ECDSA     |                                                     |
-+-----------+-----------------------------------------------------+
-| ED25519   |                                                     |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
+.. add the MD5 fingerprints of the SSH host keys
 
-   See :doc:`../sshkeys`
+.. sshkeys::
+   :RSA:
+   :DSA:
+   :ECDSA:
+   :ED25519:
 
 Dedicated user roles
 --------------------
@@ -280,15 +269,31 @@ Critical Configuration items
 Keys and X.509 certificates
 ---------------------------
 
-* :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>)
-* :file:`/etc/apache2/ssl/<path to server key>` server key
+.. use the sslcert directive to have certificates added to the certificate list
+   automatically
+
+.. sslcert:: template.cacert.org
+   :altnames:
+   :certfile:
+   :keyfile:
+   :serial:
+   :expiration:
+   :sha1fp:
+   :issuer:
+
+.. for certificates that are orginally created on another host use
+
+.. sslcert:: other.cacert.org
+   :certfile:
+   :keyfile:
+   :serial:
+   :secondary:
 
 .. * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates)
    * `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate)
 
 .. seealso::
 
-   * :doc:`../certlist`
    * :wiki:`SystemAdministration/CertificateList`
 
 <service_x> configuration
index b9d8ec0..07efa21 100644 (file)
@@ -1,3 +1,5 @@
 =============
 SSH Host Keys
 =============
+
+.. sshkeylist::
index 7558690..04aea5c 100644 (file)
@@ -195,27 +195,13 @@ Outbound network connections
 Security
 ========
 
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint                                         |
-+===========+=====================================================+
-| RSA       | ``a3:6c:f1:f8:8c:81:7c:f7:3b:4e:e4:0e:a3:02:8e:18`` |
-+-----------+-----------------------------------------------------+
-| DSA       | ``eb:66:0e:0d:d1:f3:d8:02:3a:ed:71:7a:b2:04:db:75`` |
-+-----------+-----------------------------------------------------+
-| ECDSA     | ``54:a3:76:46:66:fc:3f:2d:9b:e4:bd:49:ba:fe:98:09`` |
-+-----------+-----------------------------------------------------+
-| ED25519   | \-                                                  |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+   :RSA:   a3:6c:f1:f8:8c:81:7c:f7:3b:4e:e4:0e:a3:02:8e:18
+   :DSA:   eb:66:0e:0d:d1:f3:d8:02:3a:ed:71:7a:b2:04:db:75
+   :ECDSA: 54:a3:76:46:66:fc:3f:2d:9b:e4:bd:49:ba:fe:98:09
 
 .. todo:: setup ED25519 host key
 
-.. seealso::
-
-   See :doc:`../sshkeys`
-
 Dedicated user roles
 --------------------
 
@@ -256,7 +242,6 @@ Keys and X.509 certificates
 
 .. seealso::
 
-   * :doc:`../certlist`
    * :wiki:`SystemAdministration/CertificateList`
 
 Nginx configuration
index 46fc16c..3a11d39 100644 (file)
@@ -220,27 +220,13 @@ Outbound network connections
 Security
 ========
 
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint                                         |
-+===========+=====================================================+
-| RSA       | ``ec:cb:b5:13:7c:17:c4:c3:23:3d:ee:01:58:75:b5:8d`` |
-+-----------+-----------------------------------------------------+
-| DSA       | ``c6:a7:52:f6:63:ce:73:95:41:35:90:45:9e:e0:06:a5`` |
-+-----------+-----------------------------------------------------+
-| ECDSA     | ``00:d7:4b:3c:da:1b:24:76:74:1c:dd:2c:64:50:5f:81`` |
-+-----------+-----------------------------------------------------+
-| ED25519   | \-                                                  |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+   :RSA:   ec:cb:b5:13:7c:17:c4:c3:23:3d:ee:01:58:75:b5:8d
+   :DSA:   c6:a7:52:f6:63:ce:73:95:41:35:90:45:9e:e0:06:a5
+   :ECDSA: 00:d7:4b:3c:da:1b:24:76:74:1c:dd:2c:64:50:5f:81
 
 .. todo:: setup ED25519 host key
 
-.. seealso::
-
-   See :doc:`../sshkeys`
-
 Dedicated user roles
 --------------------
 
index b454b27..3e97217 100644 (file)
@@ -197,27 +197,13 @@ Outbound network connections
 Security
 ========
 
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint                                         |
-+===========+=====================================================+
-| RSA       | ``c7:a0:3f:63:a5:cb:9a:8f:1f:eb:55:63:46:c3:8d:f1`` |
-+-----------+-----------------------------------------------------+
-| DSA       | ``f6:b7:e5:52:24:27:1e:ea:32:c8:f1:2e:45:f7:24:d3`` |
-+-----------+-----------------------------------------------------+
-| ECDSA     | ``0f:fc:76:f8:24:99:95:f7:d2:28:59:6e:f0:1e:39:ac`` |
-+-----------+-----------------------------------------------------+
-| ED25519   | \-                                                  |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+   :RSA:   c7:a0:3f:63:a5:cb:9a:8f:1f:eb:55:63:46:c3:8d:f1
+   :DSA:   f6:b7:e5:52:24:27:1e:ea:32:c8:f1:2e:45:f7:24:d3
+   :ECDSA: 0f:fc:76:f8:24:99:95:f7:d2:28:59:6e:f0:1e:39:ac
 
 .. todo:: setup ED25519 host key
 
-.. seealso::
-
-   See :doc:`../sshkeys`
-
 Non-distribution packages and modifications
 -------------------------------------------
 
index 1c801aa..d0b5eb1 100644 (file)
@@ -214,29 +214,14 @@ Outbound network connections
 Security
 ========
 
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint                                         |
-+===========+=====================================================+
-| RSA       | ``a1:d2:17:53:6b:0f:b6:a4:14:13:46:f7:04:ef:4a:23`` |
-+-----------+-----------------------------------------------------+
-| DSA       | ``f4:eb:0a:36:40:1c:55:6b:75:a2:26:34:ea:18:7e:91`` |
-+-----------+-----------------------------------------------------+
-| ECDSA     | \-                                                  |
-+-----------+-----------------------------------------------------+
-| ED25519   | \-                                                  |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+   :RSA: a1:d2:17:53:6b:0f:b6:a4:14:13:46:f7:04:ef:4a:23
+   :DSA: f4:eb:0a:36:40:1c:55:6b:75:a2:26:34:ea:18:7e:91
 
 .. warning::
 
    The system is too old to support ECDSA or ED25519 keys.
 
-.. seealso::
-
-   See :doc:`../sshkeys`
-
 Non-distribution packages and modifications
 -------------------------------------------
 
@@ -290,7 +275,6 @@ Postfix and IMAP with STARTTLS, IMAPS, POP3 with STARTTLS, POP3S and pysieved)
 
 .. seealso::
 
-   * :doc:`../certlist`
    * :wiki:`SystemAdministration/CertificateList`
 
 Apache configuration
index 76cc3b9..6306528 100644 (file)
@@ -203,27 +203,11 @@ Outbound network connections
 Security
 ========
 
-SSH host keys
--------------
-
-.. index::
-   single: SSH host keys; Infra02
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint                                         |
-+===========+=====================================================+
-| RSA       | ``86:d5:f8:71:2e:ab:5e:50:5d:f6:37:6b:16:8f:d1:1c`` |
-+-----------+-----------------------------------------------------+
-| DSA       | ``b4:fb:c2:74:33:eb:cc:f0:3e:31:38:c9:a8:df:0a:f5`` |
-+-----------+-----------------------------------------------------+
-| ECDSA     | ``79:c4:b8:ff:ef:c9:df:9a:45:07:8d:ab:71:7c:e9:c0`` |
-+-----------+-----------------------------------------------------+
-| ED25519   | ``25:d1:c7:44:1c:38:9e:ad:89:32:c7:9c:43:8e:41:c4`` |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
-
-   See :doc:`../sshkeys`
+.. sshkeys::
+   :RSA:     86:d5:f8:71:2e:ab:5e:50:5d:f6:37:6b:16:8f:d1:1c
+   :DSA:     b4:fb:c2:74:33:eb:cc:f0:3e:31:38:c9:a8:df:0a:f5
+   :ECDSA:   79:c4:b8:ff:ef:c9:df:9a:45:07:8d:ab:71:7c:e9:c0
+   :ED25519: 25:d1:c7:44:1c:38:9e:ad:89:32:c7:9c:43:8e:41:c4
 
 Dedictated user roles
 ---------------------
index c206e43..fb5472a 100644 (file)
@@ -223,24 +223,10 @@ Outbound network connections
 Security
 ========
 
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint                                         |
-+===========+=====================================================+
-| RSA       | ``df:98:f5:ea:05:c1:47:52:97:58:8f:42:55:d6:d9:b6`` |
-+-----------+-----------------------------------------------------+
-| DSA       | ``07:2b:10:b1:6d:79:35:0f:83:aa:fc:ba:d6:2f:51:dc`` |
-+-----------+-----------------------------------------------------+
-| ECDSA     | ``48:46:b1:5a:4e:05:64:8a:c3:76:33:77:20:91:14:70`` |
-+-----------+-----------------------------------------------------+
-| ED25519   | \-                                                  |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
-
-   See :doc:`../sshkeys`
+.. sshkeys::
+   :RSA:   df:98:f5:ea:05:c1:47:52:97:58:8f:42:55:d6:d9:b6
+   :DSA:   07:2b:10:b1:6d:79:35:0f:83:aa:fc:ba:d6:2f:51:dc
+   :ECDSA: 48:46:b1:5a:4e:05:64:8a:c3:76:33:77:20:91:14:70
 
 Non-distribution packages and modifications
 -------------------------------------------
@@ -273,7 +259,6 @@ Keys and X.509 certificates
 
 .. seealso::
 
-   * :doc:`../certlist`
    * :wiki:`SystemAdministration/CertificateList`
 
 CRL fetch job
index 006f7ed..6419262 100644 (file)
@@ -228,24 +228,13 @@ Outbound network connections
 Security
 ========
 
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint                                         |
-+===========+=====================================================+
-| RSA       |                                                     |
-+-----------+-----------------------------------------------------+
-| DSA       |                                                     |
-+-----------+-----------------------------------------------------+
-| ECDSA     |                                                     |
-+-----------+-----------------------------------------------------+
-| ED25519   |                                                     |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
+.. add the MD5 fingerprints of the SSH host keys
 
-   See :doc:`../sshkeys`
+.. sshkeys::
+   :RSA:
+   :DSA:
+   :ECDSA:
+   :ED25519:
 
 Dedicated user roles
 --------------------
@@ -280,15 +269,31 @@ Critical Configuration items
 Keys and X.509 certificates
 ---------------------------
 
-* :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>)
-* :file:`/etc/apache2/ssl/<path to server key>` server key
+.. use the sslcert directive to have certificates added to the certificate list
+   automatically
+
+.. sslcert:: template.cacert.org
+   :altnames:
+   :certfile:
+   :keyfile:
+   :serial:
+   :expiration:
+   :sha1fp:
+   :issuer:
+
+.. for certificates that are orginally created on another host use
+
+.. sslcert:: other.cacert.org
+   :certfile:
+   :keyfile:
+   :serial:
+   :secondary:
 
 .. * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates)
    * `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate)
 
 .. seealso::
 
-   * :doc:`../certlist`
    * :wiki:`SystemAdministration/CertificateList`
 
 <service_x> configuration
index 14eded6..5eab801 100644 (file)
@@ -206,29 +206,14 @@ Outbound network connections
 Security
 ========
 
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint                                         |
-+===========+=====================================================+
-| RSA       | ``82:91:22:22:10:75:ab:0e:55:05:9a:f9:98:cb:94:48`` |
-+-----------+-----------------------------------------------------+
-| DSA       | ``6b:6e:59:37:41:83:a5:89:2a:18:04:23:51:53:5d:cd`` |
-+-----------+-----------------------------------------------------+
-| ECDSA     | \-                                                  |
-+-----------+-----------------------------------------------------+
-| ED25519   | \-                                                  |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+   :RSA:     82:91:22:22:10:75:ab:0e:55:05:9a:f9:98:cb:94:48
+   :DSA:     6b:6e:59:37:41:83:a5:89:2a:18:04:23:51:53:5d:cd
 
 .. warning::
 
    The system is too old to support ECDSA or ED25519 keys.
 
-.. seealso::
-
-   See :doc:`../sshkeys`
-
 Non-distribution packages and modifications
 -------------------------------------------
 
@@ -279,7 +264,6 @@ Keys and X.509 certificates
 
 .. seealso::
 
-   * :doc:`../certlist`
    * :wiki:`SystemAdministration/CertificateList`
 
 Apache configuration