blob: df0ed652c9761cac9092561667c283aa08539ca7 (
plain) (
tree)
|
|
{
pkgs,
}:
let
zoneId = "6878e48b5cb81c7d789040632153719d";
zoneName = "fcuny.net";
# Helper function to create DNS records with common fields
mkRecord =
type: name: content: extra:
{
inherit name type;
zone_id = zoneId;
ttl = 1;
proxied = false;
content = content;
}
// extra;
# Helper for A records (typically proxied)
mkARecord = name: ip: mkRecord "A" name ip { proxied = true; };
# Helper for CNAME records
mkCNAME = name: target: mkRecord "CNAME" name target { };
# Helper for MX records
mkMXRecord =
priority: target:
mkRecord "MX" zoneName target {
inherit priority;
};
# Helper for SRV records with data block
mkSRVRecord = name: port: target: weight: priority: {
inherit name;
type = "SRV";
zone_id = zoneId;
ttl = 1;
proxied = false;
priority = priority;
data = {
inherit
port
target
weight
priority
;
};
};
# Helper for TXT records
mkTXTRecord = name: content: mkRecord "TXT" name content { };
in
pkgs.writeTextFile {
name = "cloudflare-dns.tf.json";
text = builtins.toJSON ([
{
terraform = {
required_providers = {
cloudflare = {
source = "cloudflare/cloudflare";
version = "~> 4.0";
};
};
backend = {
gcs = {
bucket = "fcuny-infra-tofu-state";
prefix = "cloudflare-dns";
};
};
};
}
{
provider = {
cloudflare = [ { } ];
};
}
{
# Use data source for existing zone instead of managing it
data = {
cloudflare_zone = {
"main" = {
name = zoneName;
};
};
};
}
{
resource = {
cloudflare_record = {
# A records for root domain
"cname_root_0" = mkARecord zoneName "185.199.108.153";
"cname_root_1" = mkARecord zoneName "185.199.110.153";
"cname_root_2" = mkARecord zoneName "185.199.109.153";
"cname_root_3" = mkARecord zoneName "185.199.111.153";
# DKIM CNAME records
"cname_dkim_0" = mkCNAME "fm1._domainkey" "fm1.fcuny.net.dkim.fmhosted.com" // {
ttl = 60;
};
"cname_dkim_1" = mkCNAME "fm2._domainkey" "fm2.fcuny.net.dkim.fmhosted.com" // {
ttl = 60;
};
"cname_dkim_2" = mkCNAME "fm3._domainkey" "fm3.fcuny.net.dkim.fmhosted.com" // {
ttl = 60;
};
# Git subdomain via Cloudflare tunnel
"cname_git" = mkCNAME "git" "b5d5071d-3c09-4379-9d6c-0684c478f151.cfargotunnel.com" // {
proxied = true;
};
# MX records
"mx_0" = mkMXRecord 10 "in1-smtp.messagingengine.com";
"mx_1" = mkMXRecord 20 "in2-smtp.messagingengine.com";
# SPF TXT record
"txt_spf" = mkTXTRecord zoneName "v=spf1 include:spf.messagingengine.com ?all";
};
};
}
{
resource = {
cloudflare_record = {
# SRV records for email services
"srv_caldavs" = mkSRVRecord "_caldavs._tcp" 443 "caldav.fastmail.com" 1 0;
"srv_caldav" = mkSRVRecord "_caldav._tcp" 0 "." 0 0;
"srv_carddavs" = mkSRVRecord "_carddavs._tcp" 443 "carddav.fastmail.com" 1 0;
"srv_carddav" = mkSRVRecord "_carddav._tcp" 0 "." 0 0;
"srv_imaps" = mkSRVRecord "_imaps._tcp" 993 "imap.fastmail.com" 1 0;
"srv_imap" = mkSRVRecord "_imap._tcp" 0 "." 0 0;
"srv_smtp" = mkSRVRecord "_submission._tcp" 587 "smtp.fastmail.com" 1 0;
};
};
}
]);
}
|
