garbash-config

etc files for garbash tilde
git clone git://git.alexkarle.com.com/garbash-config
Log | Files | Refs | README | LICENSE

commit ad8194721a5ef49dc8c0e0817d790d5cc190f384 (patch)
parent 650268f21ce54d447e3f2351a24f304195e826ed
Author: alex <alex@garbash.com>
Date:   Wed, 22 Sep 2021 22:06:21 -0400

Add initial httpd, acme-client, smtpd configs

From our first night of hacking!

Diffstat:
AMakefile | 10++++++++++
MREADME | 2++
Aetc/acme-client.conf | 31+++++++++++++++++++++++++++++++
Aetc/httpd.conf | 25+++++++++++++++++++++++++
Aetc/mail/smtpd.conf | 39+++++++++++++++++++++++++++++++++++++++
5 files changed, 107 insertions(+), 0 deletions(-)

diff --git a/Makefile b/Makefile @@ -0,0 +1,10 @@ +# Simple Makefile to pull from /etc +FILES = /etc/httpd.conf \ + /etc/acme-client.conf \ + /etc/mail/smtpd.conf + +.PHONY: pull +pull: + for f in $(FILES); do \ + cp $$f .$$f; \ + done diff --git a/README b/README @@ -1,3 +1,5 @@ config ====== System config files for garbash.com + +Run `make` to sync up with what's installed in the system! diff --git a/etc/acme-client.conf b/etc/acme-client.conf @@ -0,0 +1,31 @@ +# +# $OpenBSD: acme-client.conf,v 1.4 2020/09/17 09:13:06 florian Exp $ +# +authority letsencrypt { + api url "https://acme-v02.api.letsencrypt.org/directory" + account key "/etc/acme/letsencrypt-privkey.pem" +} + +authority letsencrypt-staging { + api url "https://acme-staging-v02.api.letsencrypt.org/directory" + account key "/etc/acme/letsencrypt-staging-privkey.pem" +} + +authority buypass { + api url "https://api.buypass.com/acme/directory" + account key "/etc/acme/buypass-privkey.pem" + contact "mailto:me@example.com" +} + +authority buypass-test { + api url "https://api.test4.buypass.no/acme/directory" + account key "/etc/acme/buypass-test-privkey.pem" + contact "mailto:me@example.com" +} + +domain garbash.com { + alternative names { waste.garbash.com, mail.garbash.com } + domain key "/etc/ssl/private/garbash.com.key" + domain full chain certificate "/etc/ssl/garbash.com.fullchain.pem" + sign with letsencrypt +} diff --git a/etc/httpd.conf b/etc/httpd.conf @@ -0,0 +1,25 @@ +# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $ + +server "garbash.com" { + listen on * port 80 + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + location * { + block return 302 "https://$HTTP_HOST$REQUEST_URI" + } +} + +server "garbash.com" { + listen on * tls port 443 + tls { + certificate "/etc/ssl/garbash.com.fullchain.pem" + key "/etc/ssl/private/garbash.com.key" + } + directory auto index + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } +} diff --git a/etc/mail/smtpd.conf b/etc/mail/smtpd.conf @@ -0,0 +1,39 @@ +# $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $ + +# This is the smtpd server system-wide configuration file. +# See smtpd.conf(5) for more information. + +pki mail.garbash.com cert "/etc/ssl/garbash.com.fullchain.pem" +pki mail.garbash.com key "/etc/ssl/private/garbash.com.key" + +filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } \ + disconnect "550 no residential connections" + +filter check_rdns phase connect match !rdns \ + disconnect "550 no rDNS is so 80s" + +filter check_fcrdns phase connect match !fcrdns \ + disconnect "550 no FCrDNS is so 80s" + +filter senderscore \ + proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000" + +filter "dkimsign" proc-exec "filter-dkimsign -d garbash.com -s 20210921 -k /etc/mail/dkim/garbash.com.key" user _dkimsign group _dkimsign + +table aliases file:/etc/mail/aliases + +listen on socket filter "dkimsign" + +# To accept external mail, replace with: listen on all +# +listen on all tls pki mail.garbash.com \ + filter { check_dyndns, check_rdns, check_fcrdns, senderscore, dkimsign } + +listen on lo0 port submission tls-require pki mail.garbash.com auth filter "dkimsign" + +action "local_mail" maildir alias <aliases> +action "outbound" relay helo mail.garbash.com + +match from any for domain "garbash.com" action "local_mail" +match from local for local action "local_mail" +match from local for any action "outbound"