ceod.ini(5) # NAME ceod.ini - configuration file for ceod # SYNOPSIS /etc/csc/ceod.ini # DESCRIPTION ceod.ini is an INI file with various sections which control the behaviour of ceod. # DEFAULTS SECTION _base\_domain_++ The domain name of CSC. Should be set to 'csclub.uwaterloo.ca'. # CEOD SECTION _admin\_host_++ The host with the ceod/admin Kerberos key. _fs\_root\_host_++ The host without NFS root squashing. _database\_host_++ The host with the root password for MySQL and PostgreSQL. _mailman\_host_++ The host running Mailman. _use\_https_++ Whether to use HTTPS when connecting to ceod. Should be set to 'true'. _port_++ The port on which ceod is listening. # LDAP SECTION _admin\_principal_++ The Kerberos principal which ceod should use for *kadmin*(1). _server\_url_++ The primary CSC LDAP server URL. _sasl\_realm_++ The CSC SASL realm for LDAP. Should be 'CSCLUB.UWATERLOO.CA'. _users\_base_++ The LDAP OU where users are stored. _groups\_base_++ The LDAP OU where groups are stored. _sudo\_base_++ The LDAP OU where *sudo*(8) roles are stored. # UWLDAP SECTION _server\_url_++ The UW LDAP server URL. _base_++ The LDAP OU where users are stored in the UW LDAP. # MEMBERS SECTION _min\_id_++ The minimum UID number for members. _max\_id_++ The maximum UID number for members. _home_++ The directory in which new members' home directories should be created. _skel_++ The skeleton directory for new members. # CLUBS SECTION _min\_id_++ The minimum UID number for club accounts. _max\_id_++ The maximum UID number for club accounts. _home_++ The directory in which new club accounts' home directories should be created. _skel_++ The skeleton directory for new club accounts. # MAIL SECTION _smtp\_url_++ The SMTP URL where ceod should send emails. _smtp\_starttls_++ Whether ceod should use STARTTLS with the SMTP server or not. # MAILMAN3 SECTION _api\_base\_url_++ The base URL of the Mailman 3 API. _api\_username_++ The username to use when authenticating to the Mailman 3 API via HTTP Basic Auth. _api\_password_++ The password to use when authenticating to the Mailman 3 API via HTTP Basic Auth. _new\_member\_list_++ The mailing list to which new members should be subscribed. # AUXILIARY GROUPS SECTION Each key in this section contains a comma-separated list of auxiliary groups to which members should be added when joining the primary group. For example, syscom = office,staff means that when someone joins the syscom group, they will also be added to the office and staff groups. # AUXILIARY MAILING LISTS SECTION Each key in this section contains a comma-separated list of auxiliary mailing lists to which members should be subscribed when joining the primary group. For example, syscom = syscom,syscom-alerts means that when someone joins the syscom group, they will also be subscribed to the syscom and syscom-alerts mailing lists. # POSITIONS SECTION _required_++ A comma-separated list of executive positions which must be fulfilled. _available_++ A comma-separated list of available executive positions. # MYSQL SECTION _host_++ The host where MySQL is running. _username_++ The username to use when connecting to MySQL. _password_++ The password to use when connecting to MySQL. # POSTGRESQL SECTION _host_++ The host where PostgreSQL is running. _username_++ The username to use when connecting to PostgreSQL. _password_++ The password to use when connecting to PostgreSQL. # CLOUDSTACK SECTION _api\_key_++ The API key for CloudStack. _secret\_key_++ The secret key for CloudStack. _base\_url_++ The base URL for the CloudStack API. # CLOUD VHOSTS SECTION _acme\_challenge\_dir_++ The directory where the HTTP-01 challenge is performed for the ACME protocol. _vhost\_dir_++ The directory where members' vhost files are stored. _ssl\_dir_++ The directory where members' SSL certificates and keys are stored. _default\_ssl\_cert_++ The SSL certificate used if a domain is a one-level subdomain of members\_domain. _default\_ssl\_key_++ The SSL key used if a domain is a one-level subdomain of members\_domain. _k8s\_ssl\_cert_++ The SSL certificate used if a domain is a one-level subdomain of k8s\_members\_domain. _k8s\_ssl\_key_++ The SSL key used if a domain is a one-level subdomain of k8s\_members\_domain. _rate\_limit\_seconds_++ The per-user rate limit in seconds for creating new vhosts. _members\_domain_++ Members may create vhosts whose domains are subdomains of this one. _k8s\_members\_domain_++ Similar to members\_domain, but for Kubernetes ingress purposes. _ip\_range\_min_++ The minimum IP address in a vhost record. _ip\_range\_max_++ The maximum IP address in a vhost record. # K8S SECTION _members\_clusterrole_++ The ClusterRole which will be bound to each member's namespace. _members\_group_++ The Kubernetes group which each member will be part of. _authority\_cert\_path_++ The path to the certificate used by the Kubernetes API server. _server\_url_++ The URL of the Kubernetes API server. # SEE ALSO *ceo.ini*(5) # AUTHORS Max Erenberg