{ pkgs, }: let zoneId = "6878e48b5cb81c7d789040632153719d"; zoneName = "fcuny.net"; # Helper function to create DNS records with common fields mkRecord = type: name: content: extra: { inherit name type; zone_id = zoneId; ttl = 1; proxied = false; content = content; } // extra; # Helper for A records (typically proxied) mkARecord = name: ip: mkRecord "A" name ip { proxied = true; }; # Helper for CNAME records mkCNAME = name: target: mkRecord "CNAME" name target { }; # Helper for MX records mkMXRecord = priority: target: mkRecord "MX" zoneName target { inherit priority; }; # Helper for SRV records with data block mkSRVRecord = name: port: target: weight: priority: { inherit name; type = "SRV"; zone_id = zoneId; ttl = 1; proxied = false; priority = priority; data = { inherit port target weight priority ; }; }; # Helper for TXT records mkTXTRecord = name: content: mkRecord "TXT" name content { }; in pkgs.writeTextFile { name = "cloudflare-dns.tf.json"; text = builtins.toJSON ([ { terraform = { required_providers = { cloudflare = { source = "cloudflare/cloudflare"; version = "~> 4.0"; }; }; backend = { gcs = { bucket = "fcuny-infra-tofu-state"; prefix = "cloudflare-dns"; }; }; }; } { provider = { cloudflare = [ { } ]; }; } { # Use data source for existing zone instead of managing it data = { cloudflare_zone = { "main" = { name = zoneName; }; }; }; } { resource = { cloudflare_record = { # A records for root domain "cname_root_0" = mkARecord zoneName "185.199.108.153"; "cname_root_1" = mkARecord zoneName "185.199.110.153"; "cname_root_2" = mkARecord zoneName "185.199.109.153"; "cname_root_3" = mkARecord zoneName "185.199.111.153"; # DKIM CNAME records "cname_dkim_0" = mkCNAME "fm1._domainkey" "fm1.fcuny.net.dkim.fmhosted.com" // { ttl = 60; }; "cname_dkim_1" = mkCNAME "fm2._domainkey" "fm2.fcuny.net.dkim.fmhosted.com" // { ttl = 60; }; "cname_dkim_2" = mkCNAME "fm3._domainkey" "fm3.fcuny.net.dkim.fmhosted.com" // { ttl = 60; }; # Git subdomain via Cloudflare tunnel "cname_git" = mkCNAME "git" "b5d5071d-3c09-4379-9d6c-0684c478f151.cfargotunnel.com" // { proxied = true; }; # MX records "mx_0" = mkMXRecord 10 "in1-smtp.messagingengine.com"; "mx_1" = mkMXRecord 20 "in2-smtp.messagingengine.com"; # SPF TXT record "txt_spf" = mkTXTRecord zoneName "v=spf1 include:spf.messagingengine.com ?all"; }; }; } { resource = { cloudflare_record = { # SRV records for email services "srv_caldavs" = mkSRVRecord "_caldavs._tcp" 443 "caldav.fastmail.com" 1 0; "srv_caldav" = mkSRVRecord "_caldav._tcp" 0 "." 0 0; "srv_carddavs" = mkSRVRecord "_carddavs._tcp" 443 "carddav.fastmail.com" 1 0; "srv_carddav" = mkSRVRecord "_carddav._tcp" 0 "." 0 0; "srv_imaps" = mkSRVRecord "_imaps._tcp" 993 "imap.fastmail.com" 1 0; "srv_imap" = mkSRVRecord "_imap._tcp" 0 "." 0 0; "srv_smtp" = mkSRVRecord "_submission._tcp" 587 "smtp.fastmail.com" 1 0; }; }; } ]); }