From 34591d889e5ca85631fac12dd7ded3fd5b8479f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 25 Jul 2023 15:39:15 +0200
Subject: [PATCH] Make fedora default config changes

Customize upstream example configuration for Fedora.
---
 example.conf | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/example.conf b/example.conf
index 6687fa6..ddf2448 100644
--- a/example.conf
+++ b/example.conf
@@ -1,5 +1,4 @@
-# config for dnssec-trigger 0.17.
-# this is a comment. there must be one statement per line.
+# Fedora/EPEL version of dnssec-trigger.conf
 
 # logging detail, 0=only errors, 1=operations, 2=detail, 3,4 debug detail.
 # verbosity: 1
@@ -36,6 +35,8 @@
 
 # the url to open to get hot spot login, it gets overridden by the hotspot.
 # login-location: "http://www.nlnetlabs.nl/projects/dnssec-trigger"
+# should to be a ttl=0 entry
+login-location: "http://hotspot-nocache.fedoraproject.org/"
 
 # do not perform actions (unbound-control or resolv.conf), for a dry-run.
 # noaction: no
@@ -43,8 +44,8 @@
 # port number to use for probe daemon.
 # port: 8955
 
-# these keys and certificates can be generated with the script
-# dnssec-trigger-control-setup
+# keys and certificates generated by the dnssec-trigger-keygen systemd service
+# (which called dnssec-trigger-control-setup)
 # server-key-file: "/etc/dnssec-trigger/dnssec_trigger_server.key"
 # server-cert-file: "/etc/dnssec-trigger/dnssec_trigger_server.pem"
 # control-key-file: "/etc/dnssec-trigger/dnssec_trigger_control.key"
@@ -60,7 +61,7 @@
 
 # provided by NLnetLabs
 # It is provided on a best effort basis, with no service guarantee.
-url: "http://ster.nlnetlabs.nl/hotspot.txt OK"
+# url: "http://ster.nlnetlabs.nl/hotspot.txt OK"
 
 # provided by FedoraProject
 url: "http://fedoraproject.org/static/hotspot.txt OK"
@@ -72,7 +73,7 @@ url: "http://fedoraproject.org/static/hotspot.txt OK"
 # hash is output of openssl x509 -sha256 -fingerprint -in server.pem
 # You can add more with extra config lines.
 
-# provided by NLnetLabs
+# provided by NLnetLabs (www.nlnetlabs.nl)
 # It is provided on a best effort basis, with no service guarantee.
 tcp80: 185.49.140.67
 tcp80: 2a04:b900::10:0:0:67
-- 
2.41.0