From 7aadde2d2c70392047d82ac6f6b39630a354281d Mon Sep 17 00:00:00 2001
From: barnslig <barnslig@barnslig.eu>
Date: Sat, 13 Jun 2020 10:26:12 +0200
Subject: [PATCH] initial config commit

---
 README.md            | 40 +++++++++++++++++++++++++++++++++++++++-
 etc/acme-client.conf | 11 +++++++++++
 etc/httpd.conf       | 36 ++++++++++++++++++++++++++++++++++++
 etc/mail/smtpd.conf  |  0
 4 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 etc/acme-client.conf
 create mode 100644 etc/httpd.conf
 create mode 100644 etc/mail/smtpd.conf

diff --git a/README.md b/README.md
index 48917a4..57fb42b 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,41 @@
 # openbsd-mailserver
 
-Plan and document how an OpenBSD mailserver works.
\ No newline at end of file
+Plan and document how an OpenBSD mailserver works.
+
+## install software
+
+```
+pkg_add opensmtpd-extras-pgsql postgresql-server
+```
+
+## enable postgres
+
+We first have to create a new database:
+
+```
+doas -u _postgresql mkdir /var/postgresql/data
+doas -u _postgresql initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W
+```
+
+Now we can enable and start the database server:
+
+```
+rcctl enable postgresql
+rcctl start postgresql
+```
+
+## enable httpd
+
+```
+rcctl enable httpd
+rcctl start httpd
+```
+
+## crontab
+
+Run `crontab -e` and add the following lines:
+
+```
+# renew acme certificates every day at some time between 00:00 and 01:00
+~       0       *       *       *       acme-client barnslig.xyz && rcctl reload httpd
+```
diff --git a/etc/acme-client.conf b/etc/acme-client.conf
new file mode 100644
index 0000000..643882b
--- /dev/null
+++ b/etc/acme-client.conf
@@ -0,0 +1,11 @@
+authority letsencrypt {
+        api url "https://acme-v02.api.letsencrypt.org/directory"
+        account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+domain barnslig.xyz {
+        alternative names { mail.barnslig.xyz frieder.barnslig.eu }
+        domain key "/etc/ssl/private/barnslig.xyz.key"
+        domain full chain certificate "/etc/ssl/barnslig.xyz.fullchain.pem"
+        sign with letsencrypt
+}
diff --git a/etc/httpd.conf b/etc/httpd.conf
new file mode 100644
index 0000000..5b68a8b
--- /dev/null
+++ b/etc/httpd.conf
@@ -0,0 +1,36 @@
+server "barnslig.xyz" {
+    alias mail.barnslig.xyz
+    alias frieder.barnslig.eu
+
+	listen on * port 80
+
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+
+	location * {
+		block return 302 "https://$HTTP_HOST$REQUEST_URI"
+	}
+}
+
+server "barnslig.xyz" {
+    alias mail.barnslig.xyz
+    alias frieder.barnslig.eu
+
+	listen on * tls port 443
+
+	tls {
+		certificate "/etc/ssl/barnslig.xyz.fullchain.pem"
+		key "/etc/ssl/private/barnslig.xyz.key"
+	}
+
+	location "/pub/*" {
+		directory auto index
+	}
+
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+}
diff --git a/etc/mail/smtpd.conf b/etc/mail/smtpd.conf
new file mode 100644
index 0000000..e69de29
-- 
GitLab