initial config commit

README.md

 # openbsd-mailserver
 
 Plan and document how an OpenBSD mailserver works.
+
+## install software
+
+```
+pkg_add opensmtpd-extras-pgsql postgresql-server
+```
+
+## enable postgres
+
+We first have to create a new database:
+
+```
+doas -u _postgresql mkdir /var/postgresql/data
+doas -u _postgresql initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W
+```
+
+Now we can enable and start the database server:
+
+```
+rcctl enable postgresql
+rcctl start postgresql
+```
+
+## enable httpd
+
+```
+rcctl enable httpd
+rcctl start httpd
+```
+
+## crontab
+
+Run `crontab -e` and add the following lines:
+
+```
+# renew acme certificates every day at some time between 00:00 and 01:00
+~       0       *       *       *       acme-client barnslig.xyz && rcctl reload httpd
+```

etc/acme-client.conf

+authority letsencrypt {
+        api url "https://acme-v02.api.letsencrypt.org/directory"
+        account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+domain barnslig.xyz {
+        alternative names { mail.barnslig.xyz frieder.barnslig.eu }
+        domain key "/etc/ssl/private/barnslig.xyz.key"
+        domain full chain certificate "/etc/ssl/barnslig.xyz.fullchain.pem"
+        sign with letsencrypt
+}

etc/httpd.conf

+server "barnslig.xyz" {
+    alias mail.barnslig.xyz
+    alias frieder.barnslig.eu
+
+	listen on * port 80
+
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+
+	location * {
+		block return 302 "https://$HTTP_HOST$REQUEST_URI"
+	}
+}
+
+server "barnslig.xyz" {
+    alias mail.barnslig.xyz
+    alias frieder.barnslig.eu
+
+	listen on * tls port 443
+
+	tls {
+		certificate "/etc/ssl/barnslig.xyz.fullchain.pem"
+		key "/etc/ssl/private/barnslig.xyz.key"
+	}
+
+	location "/pub/*" {
+		directory auto index
+	}
+
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+}