From f2a01cfd1fb4fc2510ce1df00def189a10be42d7 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Wed, 28 Nov 2018 00:42:39 +0100
Subject: [PATCH] WIP.

---
 all_new_2018/letsencrypt_local_set.sh         | 26 +++++++++++++++++++
 .../linkable_etc_files/mail/etc/aliases       | 23 ++++++++++++++++
 .../server/etc/iptables/rules.v4              |  1 -
 3 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100755 all_new_2018/letsencrypt_local_set.sh
 create mode 100644 all_new_2018/linkable_etc_files/mail/etc/aliases

diff --git a/all_new_2018/letsencrypt_local_set.sh b/all_new_2018/letsencrypt_local_set.sh
new file mode 100755
index 0000000..a7ec6e5
--- /dev/null
+++ b/all_new_2018/letsencrypt_local_set.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+# Ensure we have a mail address as argument.
+if [ $# -lt 1 ]; then
+    echo "Need mail address as argument."
+    false
+fi
+mail_address="$1"
+
+# If port 80 blocked by iptables, open it.
+set +e
+iptables -C INPUT -p tcp --dport 80 -j ACCEPT
+open_iptables="$?"
+set -e
+if [ "${open_iptables}" -eq "1" ]; then
+    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
+fi
+
+# Create new certificate and copy it to /etc/letsencrypt.
+certbot certonly --standalone --agree-tos -m "${mail}" -d "$(hostname -f)"
+
+# Remove iptables rule to open port 80 if we added it.
+if [ "${open_iptables}" -eq "1" ]; then
+    iptables -D INPUT -p tcp --dport 80 -j ACCEPT
+fi
diff --git a/all_new_2018/linkable_etc_files/mail/etc/aliases b/all_new_2018/linkable_etc_files/mail/etc/aliases
new file mode 100644
index 0000000..59c52b4
--- /dev/null
+++ b/all_new_2018/linkable_etc_files/mail/etc/aliases
@@ -0,0 +1,23 @@
+# /etc/aliases
+
+# As per RFC 2142.
+mailer-daemon: plom
+postmaster: plom
+hostmaster: plom
+usenet: plom
+news: plom
+webmaster: plom
+www: plom
+ftp: plom
+abuse: plom
+noc: plom
+security: plom
+root: plom
+
+# Personal aliases.
+plomlompom: plom
+christian.heller: plom
+christian_heller: plom
+christianheller: plom
+c.heller: plom
+heller: plom
diff --git a/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4
index 3e518d5..7eff1b0 100644
--- a/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4
+++ b/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4
@@ -10,7 +10,6 @@
 -A INPUT -p tcp --dport 22 -j ACCEPT
 # HTTP; uncomment for creating LetsEncrypt certificates in standalone mode.
 #-A INPUT -p tcp --dport 80 -j ACCEPT
-# SMTP (allowing for STARTTLS); necessary for mail server to mail server banter
 # HTTPS in theory, in practice my second SSH port, see sshd_config
 -A INPUT -p tcp --dport 443 -j ACCEPT
 # SMTP (allowing for STARTTLS); necessary for mail server to mail server banter
-- 
2.30.2