1
.. title: Configuration
3
.. date: 2013/09/30 15:00:00
10
Hockeypuck reads a TOML-format configuration file for setting various
11
options on the subsystems and features of the service.
15
When run without any configuration, Hockeypuck will assume the following:
17
* Service HKP requests on port 11371 (all interfaces).
18
* SKS and PKS public key synchronization methods are disabled.
19
* Default PostgreSQL connection settings:
21
- Connect to PostgreSQL via local UNIX domain socket in /var/run/postgresql.
22
- Connect to a database named 'hkp', accessible and modifiable by the user executing Hockeypuck.
24
* Public key signatures will not be verified on /pks/add or bulk loading.
25
* Static media files are expected to be in $GOPATH/src/github.com/hockeypuck/hockeypuck/instroot/var/lib/postgresql/www.
26
* Log messages written to stderr.
28
These and other options can be customized as follows.
32
General settings for the overall service.
34
logfile=\ *"/path/to/hockeypuck.log"*
35
-------------------------------------
36
Path where log messages should be written.
41
Hockeypuck logs messages to standard error.
45
HTTP Keyserver Protocol settings.
47
bind=\ *"[address]:port"*
48
-------------------------
49
Listen on address:port for HKP requests. Omit address to accept requests to this port on any interface.
56
webroot=\ *"/path/to/hockeypuck/media/www"*
57
-------------------------------------------
58
Path to the static media files used to serve Hockeypuck's HTML web UI.
63
"$GOPATH/src/github.com/hockeypuck/hockeypuck/instroot/var/lib/hockeypuck/www"
65
(Note that environment variables are not evaluated for configured values of webroot.)
69
OpenPGP service settings.
71
verifySigs=\ *(boolean value)*
72
------------------------------
73
When true, Hockeypuck will attempt to verify every self-signed packet
74
that it can, and store the status in the signature packet's STATE column.
75
This is used to enhance the quality of the keyserver results at the expense of performance.
76
Any user of this service must independently verify signatures for security even when enabled.
83
nworkers=\ *(int, > 0)*
84
-----------------------
85
Number of workers that will concurrently load key material into
86
the database & prefix tree.
93
statsRefresh=\ *(int, >0)*
94
--------------------------
95
Number of hours to wait between refreshing the load statistics displayed at
96
/pks/lookup?op=stats. In some cases, the stats query can scan a large number
97
of rows, so it is not recalculated on each request.
104
[hockeypuck.openpgp.db]
105
=======================
106
OpenPGP database connection options.
110
The only supported database/sql driver is "postgres".
112
dsn=\ "*(postgres connection string)*"
113
--------------------------------------
114
PostgreSQL connection string. See https://github.com/lib/pq for more information
115
on the format and supported parameters.
120
"dbname=hkp host=/var/run/postgresql sslmode=disable"
122
This connects through a local socket to database 'hkp' owned by the effective user)
126
Options for `Conflux <https://github.com/cmars/conflux>`_, which provides SKS reconciliation protocol support for Hockeypuck.
128
reconPort=\ *(int, port number)*
129
--------------------------------
130
Listen port for the SKS recon protocol. All interfaces will listen on this address.
131
Use this port in a remote SKS membership file to peer SKS with Hockeypuck.
138
httpPort=\ *(int, port number)*
139
-------------------------------
140
HTTP port reported to peer. This must match the port specified for
148
partners=\ *\["addr1:port1","addr2:port2",...,"addrN:portN"\]*
149
--------------------------------------------------------------
150
List of peers Hockeypuck will gossip with. This is Hockeypuck's
151
equivalent to the SKS membership file.
154
List of quoted strings
158
partners=["sks1.cmarstech.com:11370","sks2.cmarstech.com:11370"]
160
filters=\ *\["filter1","filter2",...,"filterN"\]*
161
-------------------------------------------------
162
SKS filters, which must match your peers' configuration. Hockeypuck
163
doesn't really interpret this setting. De-duplication and key merging
164
are not optional filters, they are the only supported mode of operation.
165
This setting is currently provided for SKS compatibility purposes only.
166
Future filters may be supported by Hockeypuck.
169
List of quoted strings
173
filters=["yminsky.dedup"]
175
[conflux.recon.leveldb]
176
=======================
177
Conflux stores public key digests in a persistent prefix tree data structure.
179
path=\ *"/path/to/recon-ptree"*
180
-------------------------------
181
Path to the directory containing the prefix tree data.
186
path="$(pwd)/recon-ptree"
188
[hockeypuck.openpgp.pks]
189
========================
190
PKS is an older protocol for public keyserver synchronization over email.
192
Hockeypuck stores a timestamp per downstream email address.
193
Hockeypuck will periodically send all public keys updated since the last downstream send.
195
to=\ *\["user@pkshost1","user@pkshost2",..."user@pkshostN"\]*
196
-------------------------------------------------------------
197
Send keys to these downstream PKS servers.
200
List of quoted string
202
from=\ *"pgp-public-keys@yourhost.yourdomain.com"*
203
--------------------------------------------------
204
PKS sync *mail from:* address, which should be a valid address upon which
205
hockeypuck can receive PKS mail. This address is displayed on the op=stats
206
page for peering purposes.
211
[hockeypuck.openpgp.pks.smtp]
212
=============================
213
Custom SMTP settings for sending PKS mail. The default is to connect locally to an SMTP server on port 25.
215
host=\ *"address:port"*
216
-------------------------
217
SMTP server to connect to send outbound PKS mail.
222
host="smtp.google.com:587"
224
user=\ *"(smtp.username)"*
225
--------------------------
226
SMTP account username, if necessary.
231
pass=\ *"(smtp password)"*
232
--------------------------
233
SMTP account password, if necessary.