{ lib, ... }:
let
  zoneId = lib.tfRef "var.cloudflare_zone_id";
  primaryIPv4 = "165.232.158.110";
  domain = "fcuny.net";

  # GitHub Pages IP addresses for root domain

  mkARecord = name: content: ttl: {
    inherit name content ttl;
    type = "A";
    proxied = false;
    zone_id = zoneId;
  };

  mkCNAMERecord = name: content: ttl: {
    inherit name content ttl;
    type = "CNAME";
    proxied = false;
    zone_id = zoneId;
  };

  mkMXRecord = name: content: priority: {
    inherit name content priority;
    type = "MX";
    proxied = false;
    ttl = 1;
    zone_id = zoneId;
  };

  mkSRVRecord = name: port: priority: target: weight: {
    inherit name priority;
    type = "SRV";
    proxied = false;
    ttl = 1;
    zone_id = zoneId;
    data = {
      inherit
        port
        priority
        target
        weight
        ;
    };
  };

  mkTXTRecord = name: content: {
    inherit name content;
    type = "TXT";
    proxied = false;
    ttl = 1;
    zone_id = zoneId;
  };

  dkimRecords = lib.listToAttrs (
    lib.imap1
      (i: _: {
        name = "cname_dkim_${toString (i - 1)}";
        value = mkCNAMERecord "fm${toString i}._domainkey" "fm${toString i}.${domain}.dkim.fmhosted.com" 60;
      })
      [
        1
        2
        3
      ]
  );

  subdomainARecords = {
    cname_root = mkARecord domain primaryIPv4 1;
    cname_code = mkARecord "code.${domain}" primaryIPv4 1;
    cname_go = mkARecord "go.${domain}" primaryIPv4 1;
    cname_id = mkARecord "id.${domain}" primaryIPv4 1;
  };

  mxRecords = {
    mx_0 = mkMXRecord domain "in1-smtp.messagingengine.com" 10;
    mx_1 = mkMXRecord domain "in2-smtp.messagingengine.com" 20;
  };

  srvRecords = {
    srv_caldavs = mkSRVRecord "_caldavs._tcp" 443 0 "caldav.fastmail.com" 1;
    srv_caldav = mkSRVRecord "_caldav._tcp" 0 0 "." 0;
    srv_carddavs = mkSRVRecord "_carddavs._tcp" 443 0 "carddav.fastmail.com" 1;
    srv_carddav = mkSRVRecord "_carddav._tcp" 0 0 "." 0;
    srv_imaps = mkSRVRecord "_imaps._tcp" 993 0 "imap.fastmail.com" 1;
    srv_imap = mkSRVRecord "_imap._tcp" 0 0 "." 0;
    srv_smtp = mkSRVRecord "_submission._tcp" 587 0 "smtp.fastmail.com" 1;
  };

  txtRecords = {
    txt_spf = mkTXTRecord domain "\"v=spf1 include:spf.messagingengine.com ?all\"";
  };

in
{
  resource.cloudflare_dns_record =
    subdomainARecords // dkimRecords // mxRecords // srvRecords // txtRecords;
}