1 files changed, 133 insertions, 0 deletions
diff --git a/docs/config.rst b/docs/config.rst
new file mode 100644
index 0000000..b56641e
--- /dev/null
+++ b/docs/config.rst
@@ -0,0 +1,133 @@
+=============
+Configuration
+=============
+
+To enable and configure the mailman-pgp plugin, both Mailman Core needs to be instructed to find the correct plugin
+package and class to find mailman-pgp and mailman-pgp needs to be configured to work correctly.
+
+Mailman
+=======
+
+Example additions to mailman.cfg to enable mailman-pgp::
+
+    # Setup the mailman-pgp plugin under the `pgp` name. To use the django-pgpmailman
+    # web UI. The `MAILMAN_PGP_PLUGIN_NAME` in its project settings.py must be set
+    # to the name of the plugin, as thats where Mailman roots the plugins REST api
+    # endpoint.
+    [plugin.pgp]
+    class: mailman_pgp.plugin.PGPMailman
+    path: mailman_pgp
+    enable: yes
+    configuration: python:mailman_pgp.config.mailman_pgp
+
+    # Use the custom PGP enabled deliver callable, performs the signing and encryption
+    # on PGP enabled lists which are configured to do so.
+    [mta]
+    outgoing: mailman_pgp.mta.deliver.deliver
+
+    # Use the custom PGP enabled runner on the default `in` queue.
+    [runner.in]
+    class: mailman_pgp.runners.incoming.PGPIncomingRunner
+
+    # This runners name needs to be the same as the `[queues].in` config option in
+    # the mailman-pgp config file. It runs the default IncomingRunner on a queue
+    # of a different name, so that messages come into the mailman-pgp incoming runner
+    # and can be then passed to the default incoming runner, defined here.
+    [runner.in_default]
+    class: mailman.runners.incoming.IncomingRunner
+
+
+Plugin
+======
+
+Default PGP config::
+
+    [db]
+    # db path the PGP plugin will use to store list/user configuration (not keys!).
+    url: sqlite:////$DATA_DIR/pgp.db
+
+
+    [archiving]
+    # The directory where the local mbox archiver will save messages.
+    mailbox_dir: $ARCHIVE_DIR/pgp/mbox
+
+    # The directory where the local maildir archiver will save messages.
+    maildir_dir: $ARCHIVE_DIR/pgp/maildir
+
+
+    [keydirs]
+    # Key directory used to store user public keys.
+    user_keydir: $DATA_DIR/pgp/user_keydir/
+
+    # Key directory used to store list keypairs.
+    list_keydir: $DATA_DIR/pgp/list_keydir/
+
+    # Key directory used to store archive public keys.
+    archive_keydir: $DATA_DIR/pgp/archive_keydir/
+
+
+    [keypairs]
+    # Whether to autogenerate the list key on list creation.
+    autogenerate: yes
+
+    # Type of primary list key and its size.
+    # Format: type:size
+    # type is one of:
+    #     RSA, DSA, ECDSA.
+    # size is the key size or curve name for ECDSA, which can be one of:
+    #     nistp256, nistp384, nistp521, brainpoolP256r1, brainpoolP384r1,
+    #     brainpoolP512r1, secp256k1
+    primary_key: RSA:4096
+
+    # Type of list encryption subkey and its size.
+    # Format: type:size
+    # type is one of:
+    #     RSA, ECDH
+    # size is the key size or curve name for ECDH, which can be one of:
+    #     nistp256, nistp384, nistp521, brainpoolP256r1, brainpoolP384r1,
+    #     brainpoolP512r1, secp256k1
+    sub_key: RSA:4096
+
+    # Shred keypair on list deletion? Shredding tries to securely erase the file
+    # by overwriting it with random data many times. Will be only performed if
+    # the `delete` option is also set to yes.
+    shred: yes
+
+    # A command, that is run when shredding the list key (if shred is set).
+    # It is passed the list key path as an argument.
+    # If empty, mailman-pgp will try to shred the listkey itself.
+    # Some Linux distributions provide the `shred` command from GNU coreutils, or
+    # similar.
+    shred_command:
+
+    # Delete list keypair on list deletion.
+    delete: yes
+
+    [queues]
+    # The queue to which processed incoming messages are passed. Must be a name of
+    # a queue which is managed by the Mailman IncomingRunner.
+    in: in_default
+
+
+    [misc]
+    # The lifetime for `key change` request confirmation.
+    change_request_lifetime: 1d
+
+    # Collect all signature hashes of successful postings to a PGP enabled mailing
+    # list for signature replay checking.
+    collect_sig_hashes: yes
+
+
+    [rest]
+    # Allow the accessing of a list private key through the REST API.
+    # This is necessary for the django-pgpmailman web ui to allow a list owner
+    # to export the list private key.
+    allow_read_private_key: yes
+
+    # Allow the modification of a list private key through the REST API.
+    # This is necessary for the django-pgpmailman web ui to allow a list owner
+    # to change the list private key.
+    allow_write_private_key: yes
+
+    # Allow the accessing of this plugin configuration through the REST API.
+    allow_read_config: yes