~artoj/artojonsson.com.site

871ee131a2fc241819f2d8052ce7b015cb38ccf6 — Arto Jonsson 3 years ago master
initial commit
6 files changed, 127 insertions(+), 0 deletions(-)

A etc/acme-client.conf
A etc/daily.local
A etc/doas.conf
A etc/httpd.conf
A etc/relayd.conf
A etc/weekly.local
A  => etc/acme-client.conf +31 -0
@@ 1,31 @@
#
# $OpenBSD: acme-client.conf,v 1.4 2020/09/17 09:13:06 florian Exp $
#
authority letsencrypt {
	api url "https://acme-v02.api.letsencrypt.org/directory"
	account key "/etc/acme/letsencrypt-privkey.pem"
}

authority letsencrypt-staging {
	api url "https://acme-staging-v02.api.letsencrypt.org/directory"
	account key "/etc/acme/letsencrypt-staging-privkey.pem"
}

authority buypass {
	api url "https://api.buypass.com/acme/directory"
	account key "/etc/acme/buypass-privkey.pem"
	contact "mailto:me@example.com"
}

authority buypass-test {
	api url "https://api.test4.buypass.no/acme/directory"
	account key "/etc/acme/buypass-test-privkey.pem"
	contact "mailto:me@example.com"
}

domain artojonsson.com {
	alternative names { www.artojonsson.com }
	domain key "/etc/ssl/private/artojonsson.com.key"
	domain full chain certificate "/etc/ssl/artojonsson.com.crt"
	sign with letsencrypt
}

A  => etc/daily.local +4 -0
@@ 1,4 @@
VERBOSESTATUS=0

next_part "Available patches:"
syspatch -c

A  => etc/doas.conf +2 -0
@@ 1,2 @@
permit persist artoj
permit nopass keepenv root as root

A  => etc/httpd.conf +44 -0
@@ 1,44 @@
types {
	include "/usr/share/misc/mime.types"
}

server "artojonsson.com" {
	alias "www.artojonsson.com"

	listen on 127.0.0.1 port 8080
	listen on ::1 port 8080

	log style forwarded

	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}

	block return 301 "https://www.artojonsson.com$REQUEST_URI"
}

server "artojonsson.com" {

	listen on 127.0.0.1 port 8443
	listen on ::1 port 8443

	log style forwarded

	block return 301 "https://www.artojonsson.com$REQUEST_URI"
}

server "www.artojonsson.com" {

	listen on 127.0.0.1 port 8443
	listen on ::1 port 8443

	log style forwarded

	root "/htdocs/artojonsson.com"

	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
}

A  => etc/relayd.conf +38 -0
@@ 1,38 @@
ext_ipv4 = ""
ext_ipv6 = ""

http protocol "http" {
	match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
	match request header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
}

http protocol "https" {
	match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
	match request header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"

	tls keypair artojonsson.com
}

relay "http-ipv4" {
	listen on $ext_ipv4 port 80
	protocol "http"
	forward to 127.0.0.1 port 8080
}

relay "http-ipv6" {
	listen on $ext_ipv6 port 80
	protocol "http"
	forward to ::1 port 8080
}

relay "https-ipv4" {
	listen on $ext_ipv4 port 443 tls
	protocol "https"
	forward to 127.0.0.1 port 8443
}

relay "https-ipv6" {
	listen on $ext_ipv6 port 443 tls
	protocol "https"
	forward to ::1 port 8443
}

A  => etc/weekly.local +8 -0
@@ 1,8 @@
# these are taken from daily.local
next_part "Disk status:"
df -ikl
echo ""
dump W

next_part "Network status:"
netstat -ivn