diff --git a/maddy/files/etc/maddy/Makefile b/maddy/files/etc/maddy/Makefile
new file mode 100644
index 0000000..61cc331
--- /dev/null
+++ b/maddy/files/etc/maddy/Makefile
@@ -0,0 +1,17 @@
+.PHONY: certs
+
+all:
+	echo none of this works yet
+
+# ?
+tls:
+	setfacl -R -m u:maddy:rX /etc/ssl/mx1.example.org.crt /etc/ssl/mx1.example.org.key
+	setfacl -R -m u:maddy:rX /etc/letsencrypt/{live,archive}
+
+# git clone https://github.com/acmesh-official/acme.sh.git
+certs:
+	mkdir -p certs/mx1.example.org
+	./acme.sh/acme.sh --force --install-cert -d mx1.example.org \
+		--key-file       certs/mx1.example.org/privkey.pem  \
+		--fullchain-file certs/mx1.example.org/fullchain.pem
+
diff --git a/maddy/postinst b/maddy/postinst
index 1a24852..d417af6 100755
--- a/maddy/postinst
+++ b/maddy/postinst
@@ -1 +1,4 @@
-#!/bin/sh
+#!/bin/sh -x
+
+systemctl daemon-reload
+useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy