From 4d4a42b57666d5aae7facd3327972236ad986cbb Mon Sep 17 00:00:00 2001
From: Marek Paśnikowski <marek@marekpasnikowski.pl>
Date: Sun, 14 Jan 2024 09:51:15 +0100
Subject: Kill history to remove past secrets

---
 system-files/smtpd.conf | 24 ++++++++++++++++++++++++
 system-files/sudoers    |  3 +++
 2 files changed, 27 insertions(+)
 create mode 100644 system-files/smtpd.conf
 create mode 100644 system-files/sudoers

(limited to 'system-files')

diff --git a/system-files/smtpd.conf b/system-files/smtpd.conf
new file mode 100644
index 0000000..9fe7503
--- /dev/null
+++ b/system-files/smtpd.conf
@@ -0,0 +1,24 @@
+# The prefix on GUIX is not the default one — it is /etc .
+table aliases file:/etc/aliases
+
+# The mail certificates are issued by Let‘s Encrypt and served by NGINX
+pki marekpasnikowski.pl cert "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem"
+pki marekpasnikowski.pl key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem"
+
+# Listen for local messages.
+listen on lo
+
+# Listen for messages from the internet.
+listen on enp1s0 tls port 25 pki "marekpasnikowski.pl"
+listen on enp1s0 smtps port 465 pki "marekpasnikowski.pl"
+
+# There is no filtering in the design, so the two actions are enough.
+action receive maildir alias <aliases>
+action send relay
+
+# Match incoming messages.
+match from local for local action receive
+match from any for domain "marekpasnikowski.pl" action receive
+
+# Match outgoing messages.
+match for any action send
diff --git a/system-files/sudoers b/system-files/sudoers
new file mode 100644
index 0000000..6af6e3b
--- /dev/null
+++ b/system-files/sudoers
@@ -0,0 +1,3 @@
+root ALL=(ALL) ALL
+%wheel ALL=(ALL) ALL
+Defaults passwd_timeout=0
-- 
cgit v1.2.3