add smtpd makefile

README.md

@@ -1 +1,17 @@
-DMZ Configuration files
+These setup files provide the text-only configurations for DMZ.
+
+*It should not contain private data.*
+
+# Aspirations
+
+- Each service should reside in its own directory.
+- Everything should be automated, including:
+    - backups,
+    - turning the backup back into a service,
+    - configuring the service to run,
+    - Makefile (or similar) wherever practical,
+    - Idempotency.
+- All secrets stored elsewhere (probably in the `dmzadmin` repo)
+- Any maintenance scripts.
+- Configurations should reside in shadow-directories, e.g. a backup of `/etc/soft/config` should reside in this repo under `etc/soft/config`.
+

etc/smtpd/smtpd.conf

@@ -0,0 +1,21 @@
+#	$OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $
+
+# This is the smtpd server system-wide configuration file.
+# See smtpd.conf(5) for more information.
+
+table aliases file:/etc/smtpd/aliases
+
+# To accept external mail, replace with: listen on all
+#
+pki splintrs cert "/etc/letsencrypt/live/splint.rs/fullchain.pem"
+pki splintrs key "/etc/letsencrypt/live/splint.rs/privkey.pem"
+listen on end0 tls pki splintrs
+
+#action "local" maildir alias <aliases>
+action "relay" relay backup
+
+# Uncomment the following to accept external mail for domain "example.org"
+#
+# match from any for domain "example.org" action "local"
+#match for local action "local"
+match from any for domain dmz.rs action "relay"

smtpd

@@ -0,0 +1,20 @@
+# This make file produces the smtp daemon for the current backup domain: splint.rs
+
+# It is missing the cert, so you'll have to make another.
+
+DOMAIN=splint.rs
+
+output: service
+
+/usr/bin/smtp:
+	pacman -S smtpd
+	cp etc/smtpd/* /etc/smtpd
+	smtpd -n
+
+/etc/smtpd/mailname: /usr/bin/smtp
+	echo $(DOMAIN) > /etc/smtpd/mailname
+
+.PHONY: service
+service: /etc/systemd/system/multi-user.target.wants/smtpd.service
+/etc/systemd/system/multi-user.target.wants/smtpd.service: /etc/smtpd/mailname
+	systemctl enable --now smtpd