diff --git a/README.md b/README.md index 5408af7..de7d70f 100644 --- a/README.md +++ b/README.md @@ -1 +1,17 @@ -DMZ Configuration files +These setup files provide the text-only configurations for DMZ. + +*It should not contain private data.* + +# Aspirations + +- Each service should reside in its own directory. +- Everything should be automated, including: + - backups, + - turning the backup back into a service, + - configuring the service to run, + - Makefile (or similar) wherever practical, + - Idempotency. +- All secrets stored elsewhere (probably in the `dmzadmin` repo) +- Any maintenance scripts. +- Configurations should reside in shadow-directories, e.g. a backup of `/etc/soft/config` should reside in this repo under `etc/soft/config`. + diff --git a/etc/smtpd/smtpd.conf b/etc/smtpd/smtpd.conf new file mode 100644 index 0000000..aded4fd --- /dev/null +++ b/etc/smtpd/smtpd.conf @@ -0,0 +1,21 @@ +# $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $ + +# This is the smtpd server system-wide configuration file. +# See smtpd.conf(5) for more information. + +table aliases file:/etc/smtpd/aliases + +# To accept external mail, replace with: listen on all +# +pki splintrs cert "/etc/letsencrypt/live/splint.rs/fullchain.pem" +pki splintrs key "/etc/letsencrypt/live/splint.rs/privkey.pem" +listen on end0 tls pki splintrs + +#action "local" maildir alias +action "relay" relay backup + +# Uncomment the following to accept external mail for domain "example.org" +# +# match from any for domain "example.org" action "local" +#match for local action "local" +match from any for domain dmz.rs action "relay" diff --git a/smtpd b/smtpd new file mode 100644 index 0000000..a3cfece --- /dev/null +++ b/smtpd @@ -0,0 +1,20 @@ +# This make file produces the smtp daemon for the current backup domain: splint.rs + +# It is missing the cert, so you'll have to make another. + +DOMAIN=splint.rs + +output: service + +/usr/bin/smtp: + pacman -S smtpd + cp etc/smtpd/* /etc/smtpd + smtpd -n + +/etc/smtpd/mailname: /usr/bin/smtp + echo $(DOMAIN) > /etc/smtpd/mailname + +.PHONY: service +service: /etc/systemd/system/multi-user.target.wants/smtpd.service +/etc/systemd/system/multi-user.target.wants/smtpd.service: /etc/smtpd/mailname + systemctl enable --now smtpd