# Cheese

A Certificate Transparency log configuration and deployment tool.

## Configuration Generator

The `tesseract/genconf` tool generates CT log configuration files and keys from a YAML specification
in a very similar way to Sunlight.

### Usage

1. **Create YAML configuration file:**

```yaml
listen:
  - "[::]:16420"
roots: /etc/tesseract/roots.pem
logs:
  - shortname: example2025h1
    listen: "[::]:16900"
    inception: 2025-01-01
    submissionprefix: https://example2025h1.log.ct.example.com
    monitoringprefix: https://example2025h1.mon.ct.example.com
    extraroots: /etc/tesseract/extra-roots.pem
    secret: /etc/tesseract/keys/example2025h1.pem
    localdirectory: /var/lib/tesseract/example2025h1/data
    notafterstart: 2025-01-01T00:00:00Z
    notafterlimit: 2025-07-01T00:00:00Z
```

2. **Generate private keys:**
```bash
go run ./tesseract/genconf/main.go -c config.yaml gen-key
```

3. **Create directories and generate environment files:**
```bash
mkdir -p /var/lib/tesseract/example2025h1/data
go run ./tesseract/genconf/main.go -c config.yaml gen-env
```

4. **Generate HTML and JSON files:**
```bash
go run ./tesseract/genconf/main.go -c config.yaml gen-html
```

5. **Generate nginx configuration files:**
```bash
go run ./tesseract/genconf/main.go -c config.yaml gen-nginx
```

You can symlink the generated $monitoringprefix.conf files from `/etc/nginx/sites-enabled/`.