.ie \n(.g .ds Aq \(aq .el .ds Aq ' .TH signstar-configure-build 1 "signstar-configure-build " .SH NAME signstar\-configure\-build \- A command\-line interface for Signstar image build configuration .SH SYNOPSIS \fBsignstar\-configure\-build\fR [\fB\-c\fR|\fB\-\-config\fR] [\fB\-v\fR|\fB\-\-version\fR] [\fB\-h\fR|\fB\-\-help\fR] .SH DESCRIPTION A command\-line interface for Signstar image build configuration .PP NOTE: This command must be run as root! .PP This executable is meant to be used to configure relevant system users of a Signstar system during build. .PP It creates system users and their integration based on a central configuration file. .PP By default, one of the following configuration files is used if it exists, in the following order: .PP \- "/usr/local/share/signstar/config.toml" .PP \- "/run/signstar/config.toml" .PP \- "/etc/signstar/config.toml" .PP If none of the above are found, the default location "/usr/share/signstar/config.toml" is used. Alternatively a custom configuration file location can be specified using the "\-\-config"/ "\-c" option. .PP System users, if they don\*(Aqt exist already, are created with the help of `useradd`. The users are created without a passphrase and setup with a home below "/var/lib/signstar/home/". However, their home directory is not created automatically. The system user accounts are then unlocked with the help of `usermod`. For each system user a tmpfiles.d integration is provided below "/usr/lib/tmpfiles.d", to allow automatic creation of their home directory. .PP If the used configuration file associates the system user with SSH public keys, a dedicated "authorized_keys" file containing the SSH public keys for the user is created below "/etc/ssh/". Additionally, an "sshd_config" drop\-in configuration is created below "/etc/ssh/sshd_config.d/". This "sshd_config" drop\-in configuration enforces the use of the user\*(Aqs "authorized_keys" and the use of a specific command (i.e. one of ["signstar\-download\-backup", "signstar\-download\-key\-certificate", "signstar\-download\-metrics", "signstar\-download\-secret\-share", "signstar\-download\-wireguard", "signstar\-sign", "signstar\-upload\-backup", "signstar\-upload\-secret\-share", "signstar\-upload\-update"]) depending on the user\*(Aqs role. .SH OPTIONS .TP \fB\-c\fR, \fB\-\-config\fR \fI\fR The path to a custom configuration file If specified, the custom configuration file is used instead of the default configuration file location. If unspecified, one of the following configuration files is used if it exists, in the following order: \- "/usr/local/share/signstar/config.toml" \- "/run/signstar/config.toml" \- "/etc/signstar/config.toml" If none of the above are found, the default location "/usr/share/signstar/config.toml" is used. .RS May also be specified with the \fBSIGNSTAR_CONFIG\fR environment variable. .RE .TP \fB\-v\fR, \fB\-\-version\fR Return the name and version of the application .TP \fB\-h\fR, \fB\-\-help\fR Print help (see a summary with \*(Aq\-h\*(Aq)