1 files changed, 121 insertions, 0 deletions

diff --git a/debian/open-infrastructure-dehydrated-tools.templates b/debian/open-infrastructure-dehydrated-tools.templates
new file mode 100644
index 0000000..a29c550
--- /dev/null
+++ b/debian/open-infrastructure-dehydrated-tools.templates
@@ -0,0 +1,121 @@
+Template: open-infrastructure-dehydrated-tools/title
+Type: title
+Description: dehydrated-tools: Setup
+
+Template: open-infrastructure-dehydrated-tools/auto-cleanup
+Type: boolean
+Default: no
+Description: dehydrated auto clean:
+ Please select the Certificate Authority to use with dehydrated.
+ .
+ If unsure, use letsencrypt (default).
+
+Template: open-infrastructure-dehydrated-tools/ca
+Type: select
+Choices: letsencrypt, letsencrypt-test, zerossl, buypass, buypass-test
+Default: letsencrypt
+Description: dehydrated Certificate Authority (CA):
+ Please select the Certificate Authority to use with dehydrated.
+ .
+ If unsure, use letsencrypt (default).
+
+Template: open-infrastructure-dehydrated-tools/challengetype
+Type: select
+Choices: dns-01, http-01
+Default: http-01
+Description: dehydrated Challenge Type:
+ Please select the challenge type to use with dehydrated.
+ .
+ If unsure, use http-01 (default).
+
+Template: open-infrastructure-dehydrated-tools/contact-email
+Type: string
+Default: 
+Description: dehydrated Contact Email:
+ Please select an optional contact email address for notifications of your CA.
+ .
+ If unsure, leave empty (default).
+
+Template: open-infrastructure-dehydrated-tools/key-algo
+Type: select
+Choices: prime256v1, rsa, secp384r1
+Default: secp384r1
+Description: dehydrated key algorithm:
+ Please select the key algorithm to use.
+ .
+ If unsure, use 'secp384r1' (default).
+
+Template: open-infrastructure-dehydrated-tools/ocsp-fetch
+Type: boolean
+Default: false
+Description: dehydrated OCSP fetch:
+ Should dehydrated automatically fetch the OCSP signature?
+ .
+ If unsure, use 'no' (default).
+
+Template: open-infrastructure-dehydrated-tools/ocsp-must-staple
+Type: boolean
+Default: false
+Description: dehydrated OCSP must staple:
+ Should dehydrated request certificates that must use OCSP stapling?
+ .
+ If unsure, use 'no' (default).
+
+Template: open-infrastructure-dehydrated-tools/preferred-chain
+Type: string
+Default: 
+Description: dehydrated preferred chain:
+ Should an alternative root certificate by used in the certificat verification chain?
+ .
+ If unsure, leave empty.
+
+Template: open-infrastructure-dehydrated-tools/basedir
+Type: string
+Default: 
+Description: dehydrated base directory:
+ Please enter the base directory where all the certificates are stored.
+ .
+ If unsure, use /var/lib/dehydrated (default).
+
+Template: open-infrastructure-dehydrated-tools/hooks
+Type: multiselect
+Choices: ${HOOKS_CHOICES}
+Default: 
+Description: dehydrated hooks:
+ Please select any hooks that should be enabled for dehydrated.
+
+Template: open-infrastructure-dehydrated-tools/domains
+Type: string
+Default: 
+Description: dehydrated domains:
+ Please enter the domains to be configured for dehydrated.
+ .
+ If unsure, leave empty (default) which will use the hostname
+ of the system. Use 'none' to not generate any certificates.
+ .
+ Multiple certificates can be separated by '|', additional
+ names (SAN) can are whitespace separated.
+
+Template: open-infrastructure-dehydrated-tools/tsig
+Type: string
+Default: 
+Description: dehydrated TSIG:
+ When using the dehydrated-nsupdate hook, a TSIG can be used. If you like
+ to do so, please enter either the path to the TSIG file or the TSIG string
+ itself (format as used by nsupdate -y in algorithm:name:base64).
+ .
+ If unsure, leave empty (default).
+
+Template: open-infrastructure-dehydrated-tools/register
+Type: boolean
+Default: false
+Description: dehydrated register:
+ Should a 'dehydrated --register --accept-terms' be executed now to create
+ an account for this system with your CA.
+
+Template: open-infrastructure-dehydrated-tools/run
+Type: boolean
+Default: false
+Description: dehydrated:
+ Should a 'dehydrated --cron --keep-going' be executed now to renew
+ non-existent/changed/expiring certificates for this system.