1
--- etc/config.template.toml.orig	2025-10-05 12:23:15 UTC
2
+++ etc/config.template.toml
3
@@ -3,14 +3,14 @@
4
 #
5
 # This is a template file.  Uncommented lines demonstrate the default settings.
6
 # You can copy this and customize it to your liking, or write a configuration
7
-# file from scratch using this as a reference.  
8
+# file from scratch using this as a reference.
9
 
10
 # The configuration file version.
11
 #
12
 # This is the only required option.  All other settings, and their defaults, are
13
 # associated with this version number.  More versions may be added in the future
14
 # and Cascade may drop support for older versions over time.
15
-# 
16
+#
17
 # - 'v1': This format.
18
 version = "v1"
19
 
20
@@ -20,28 +20,28 @@ version = "v1"
21
 # Zone policies are user-managed files configuring groups of zones.  You can
22
 # modify them as you like, then ask Cascade to reload them with 'cascade policy
23
 # reload'.
24
-policy-dir = "/etc/cascade/policies"
25
+policy-dir = "%%ETCDIR%%/policies"
26
 
27
 # The directory storing per-zone state files.
28
 #
29
 # Cascade maintains an internal state file for every known zone here.  These
30
 # files should not be modified manually, but they can be backed up and restored
31
 # in the event of filesystem corruption.
32
-zone-state-dir = "/var/lib/cascade/zone-state"
33
+zone-state-dir = "%%DBDIR%%/zone-state"
34
 
35
 # The file storing TSIG key secrets.
36
 #
37
 # This is an internal state file containing sensitive cryptographic material.
38
 # It should not be modified manually, but it can be backed up and restored in
39
 # the event of filesystem corruption.  Carefully consider its security.
40
-tsig-store-path = "/var/lib/cascade/tsig-keys.db"
41
+tsig-store-path = "%%DBDIR%%/tsig-keys.db"
42
 
43
 # The file storing KMIP credentials.
44
 #
45
 # This is an internal state file containing sensitive cryptographic material.
46
 # It should not be modified manually, but it can be backed up and restored in
47
 # the event of filesystem corruption.  Carefully consider its security.
48
-kmip-credentials-store-path = "/var/lib/cascade/kmip/credentials.db"
49
+kmip-credentials-store-path = "%%DBDIR%%/kmip/credentials.db"
50
 
51
 # The directory storing rollover states and on-disk DNSSEC keys.
52
 #
53
@@ -55,23 +55,23 @@ kmip-credentials-store-path = "/var/lib/cascade/kmip/c
54
 # Carefully consider its security.
55
 #
56
 # TODO: Move rollover state files to a separate directory?
57
-keys-dir = "/var/lib/cascade/keys"
58
+keys-dir = "%%DBDIR%%/keys"
59
 
60
 # The directory containing KMIP server state.
61
 #
62
 # Information about known KMIP servers is stored in this directory.
63
-# 
64
+#
65
 # The organization of this directory (file names and file formats) constitutes
66
 # internal implementation details.  It should not be modified manually, but
67
 # it can be backed up and restored in the event of filesystem corruption.
68
-kmip-server-state-dir = "/var/lib/cascade/kmip"
69
+kmip-server-state-dir = "%%DBDIR%%/kmip"
70
 
71
 # The path to the dnst binary Cascade should use.
72
 #
73
 # Cascade relies on the 'dnst' program (<https://github.com/NLnetLabs/dnst>) in
74
 # order to perform DNSSEC key rollovers.  You can specify an absolute path here,
75
 # or just 'dnst' if it is in $PATH.
76
-dnst-binary-path = "/usr/libexec/cascade/cascade-dnst"
77
+dnst-binary-path = "%%LOCALBASE%%/bin/dnst"
78
 
79
 
80
 # Settings relevant to any daemon program.
81
@@ -213,7 +213,7 @@ servers = ["127.0.0.1:8052", "[::1]:8052"] # TODO: Pic
82
 # How zones are published.
83
 [server]
84
 # Where to serve published zones.
85
-# 
86
+#
87
 # A DNS server will be bound to these addresses, and will serve the contents of
88
 # all published zones.  This is the final output from Cascade.
89
 #
90

91