1 files changed, 117 insertions, 0 deletions

diff --git a/terraform/admin/dns.nix b/terraform/admin/dns.nix
new file mode 100644
index 0000000..eeddfd5
--- /dev/null
+++ b/terraform/admin/dns.nix
@@ -0,0 +1,117 @@
+{ lib, ... }:
+let
+  zoneId = lib.tfRef "var.cloudflare_zone_id";
+  primaryIPv4 = "165.232.158.110";
+  domain = "fcuny.net";
+
+  # GitHub Pages IP addresses for root domain
+  githubPagesIPs = [
+    "185.199.108.153"
+    "185.199.110.153"
+    "185.199.109.153"
+    "185.199.111.153"
+  ];
+
+  mkARecord = name: content: ttl: {
+    inherit name content ttl;
+    type = "A";
+    proxied = false;
+    zone_id = zoneId;
+  };
+
+  mkCNAMERecord = name: content: ttl: {
+    inherit name content ttl;
+    type = "CNAME";
+    proxied = false;
+    zone_id = zoneId;
+  };
+
+  mkMXRecord = name: content: priority: {
+    inherit name content priority;
+    type = "MX";
+    proxied = false;
+    ttl = 1;
+    zone_id = zoneId;
+  };
+
+  mkSRVRecord = name: port: priority: target: weight: {
+    inherit name priority;
+    type = "SRV";
+    proxied = false;
+    ttl = 1;
+    zone_id = zoneId;
+    data = {
+      inherit
+        port
+        priority
+        target
+        weight
+        ;
+    };
+  };
+
+  mkTXTRecord = name: content: {
+    inherit name content;
+    type = "TXT";
+    proxied = false;
+    ttl = 1;
+    zone_id = zoneId;
+  };
+
+  mkMultipleARecords =
+    baseName: ips:
+    lib.listToAttrs (
+      lib.imap0 (i: ip: {
+        name = "${baseName}_${toString i}";
+        value = mkARecord domain ip 1;
+      }) ips
+    );
+
+  dkimRecords = lib.listToAttrs (
+    lib.imap1
+      (i: _: {
+        name = "cname_dkim_${toString (i - 1)}";
+        value = mkCNAMERecord "fm${toString i}._domainkey" "fm${toString i}.${domain}.dkim.fmhosted.com" 60;
+      })
+      [
+        1
+        2
+        3
+      ]
+  );
+
+  subdomainARecords = {
+    cname_code = mkARecord "code.${domain}" primaryIPv4 1;
+    cname_go = mkARecord "go.${domain}" primaryIPv4 1;
+    cname_id = mkARecord "id.${domain}" primaryIPv4 1;
+  };
+
+  mxRecords = {
+    mx_0 = mkMXRecord domain "in1-smtp.messagingengine.com" 10;
+    mx_1 = mkMXRecord domain "in2-smtp.messagingengine.com" 20;
+  };
+
+  srvRecords = {
+    srv_caldavs = mkSRVRecord "_caldavs._tcp" 443 0 "caldav.fastmail.com" 1;
+    srv_caldav = mkSRVRecord "_caldav._tcp" 0 0 "." 0;
+    srv_carddavs = mkSRVRecord "_carddavs._tcp" 443 0 "carddav.fastmail.com" 1;
+    srv_carddav = mkSRVRecord "_carddav._tcp" 0 0 "." 0;
+    srv_imaps = mkSRVRecord "_imaps._tcp" 993 0 "imap.fastmail.com" 1;
+    srv_imap = mkSRVRecord "_imap._tcp" 0 0 "." 0;
+    srv_smtp = mkSRVRecord "_submission._tcp" 587 0 "smtp.fastmail.com" 1;
+  };
+
+  txtRecords = {
+    txt_spf = mkTXTRecord domain "\"v=spf1 include:spf.messagingengine.com ?all\"";
+  };
+
+in
+{
+  resource.cloudflare_dns_record =
+    (mkMultipleARecords "cname_root" githubPagesIPs)
+    // subdomainARecords
+    // dkimRecords
+    // mxRecords
+    // srvRecords
+    // txtRecords;
+}