aboutsummaryrefslogblamecommitdiff
path: root/terraform/admin/dns.nix
blob: ff23e252f656a6901538b356897000bc818ab865 (plain) (tree) 
145e1da







145e1da















































145e1da














bd07ecf

145e1da



























bd07ecf

145e1da

1
2
3
4
5
6
7

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

55
56
57
58
59
60
61
62
63
64
65
66
67
68

69

70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

97

98







                                              














































                                                       













                                                                                                            
                                                


























                                                                                   
                                                                              
 
{ lib, ... }:
let
  zoneId = lib.tfRef "var.cloudflare_zone_id";
  primaryIPv4 = "165.232.158.110";
  domain = "fcuny.net";

  # GitHub Pages IP addresses for root domain

  mkARecord = name: content: ttl: {
    inherit name content ttl;
    type = "A";
    proxied = false;
    zone_id = zoneId;
  };

  mkCNAMERecord = name: content: ttl: {
    inherit name content ttl;
    type = "CNAME";
    proxied = false;
    zone_id = zoneId;
  };

  mkMXRecord = name: content: priority: {
    inherit name content priority;
    type = "MX";
    proxied = false;
    ttl = 1;
    zone_id = zoneId;
  };

  mkSRVRecord = name: port: priority: target: weight: {
    inherit name priority;
    type = "SRV";
    proxied = false;
    ttl = 1;
    zone_id = zoneId;
    data = {
      inherit
        port
        priority
        target
        weight
        ;
    };
  };

  mkTXTRecord = name: content: {
    inherit name content;
    type = "TXT";
    proxied = false;
    ttl = 1;
    zone_id = zoneId;
  };

  dkimRecords = lib.listToAttrs (
    lib.imap1
      (i: _: {
        name = "cname_dkim_${toString (i - 1)}";
        value = mkCNAMERecord "fm${toString i}._domainkey" "fm${toString i}.${domain}.dkim.fmhosted.com" 60;
      })
      [
        1
        2
        3
      ]
  );

  subdomainARecords = {
    cname_root = mkARecord domain primaryIPv4 1;
    cname_code = mkARecord "code.${domain}" primaryIPv4 1;
    cname_go = mkARecord "go.${domain}" primaryIPv4 1;
    cname_id = mkARecord "id.${domain}" primaryIPv4 1;
  };

  mxRecords = {
    mx_0 = mkMXRecord domain "in1-smtp.messagingengine.com" 10;
    mx_1 = mkMXRecord domain "in2-smtp.messagingengine.com" 20;
  };

  srvRecords = {
    srv_caldavs = mkSRVRecord "_caldavs._tcp" 443 0 "caldav.fastmail.com" 1;
    srv_caldav = mkSRVRecord "_caldav._tcp" 0 0 "." 0;
    srv_carddavs = mkSRVRecord "_carddavs._tcp" 443 0 "carddav.fastmail.com" 1;
    srv_carddav = mkSRVRecord "_carddav._tcp" 0 0 "." 0;
    srv_imaps = mkSRVRecord "_imaps._tcp" 993 0 "imap.fastmail.com" 1;
    srv_imap = mkSRVRecord "_imap._tcp" 0 0 "." 0;
    srv_smtp = mkSRVRecord "_submission._tcp" 587 0 "smtp.fastmail.com" 1;
  };

  txtRecords = {
    txt_spf = mkTXTRecord domain "\"v=spf1 include:spf.messagingengine.com ?all\"";
  };

in
{
  resource.cloudflare_dns_record =
    subdomainARecords // dkimRecords // mxRecords // srvRecords // txtRecords;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 20:45:45 +0000