blob: df0ed652c9761cac9092561667c283aa08539ca7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
{
pkgs,
}:
let
zoneId = "6878e48b5cb81c7d789040632153719d";
zoneName = "fcuny.net";
# Helper function to create DNS records with common fields
mkRecord =
type: name: content: extra:
{
inherit name type;
zone_id = zoneId;
ttl = 1;
proxied = false;
content = content;
}
// extra;
# Helper for A records (typically proxied)
mkARecord = name: ip: mkRecord "A" name ip { proxied = true; };
# Helper for CNAME records
mkCNAME = name: target: mkRecord "CNAME" name target { };
# Helper for MX records
mkMXRecord =
priority: target:
mkRecord "MX" zoneName target {
inherit priority;
};
# Helper for SRV records with data block
mkSRVRecord = name: port: target: weight: priority: {
inherit name;
type = "SRV";
zone_id = zoneId;
ttl = 1;
proxied = false;
priority = priority;
data = {
inherit
port
target
weight
priority
;
};
};
# Helper for TXT records
mkTXTRecord = name: content: mkRecord "TXT" name content { };
in
pkgs.writeTextFile {
name = "cloudflare-dns.tf.json";
text = builtins.toJSON ([
{
terraform = {
required_providers = {
cloudflare = {
source = "cloudflare/cloudflare";
version = "~> 4.0";
};
};
backend = {
gcs = {
bucket = "fcuny-infra-tofu-state";
prefix = "cloudflare-dns";
};
};
};
}
{
provider = {
cloudflare = [ { } ];
};
}
{
# Use data source for existing zone instead of managing it
data = {
cloudflare_zone = {
"main" = {
name = zoneName;
};
};
};
}
{
resource = {
cloudflare_record = {
# A records for root domain
"cname_root_0" = mkARecord zoneName "185.199.108.153";
"cname_root_1" = mkARecord zoneName "185.199.110.153";
"cname_root_2" = mkARecord zoneName "185.199.109.153";
"cname_root_3" = mkARecord zoneName "185.199.111.153";
# DKIM CNAME records
"cname_dkim_0" = mkCNAME "fm1._domainkey" "fm1.fcuny.net.dkim.fmhosted.com" // {
ttl = 60;
};
"cname_dkim_1" = mkCNAME "fm2._domainkey" "fm2.fcuny.net.dkim.fmhosted.com" // {
ttl = 60;
};
"cname_dkim_2" = mkCNAME "fm3._domainkey" "fm3.fcuny.net.dkim.fmhosted.com" // {
ttl = 60;
};
# Git subdomain via Cloudflare tunnel
"cname_git" = mkCNAME "git" "b5d5071d-3c09-4379-9d6c-0684c478f151.cfargotunnel.com" // {
proxied = true;
};
# MX records
"mx_0" = mkMXRecord 10 "in1-smtp.messagingengine.com";
"mx_1" = mkMXRecord 20 "in2-smtp.messagingengine.com";
# SPF TXT record
"txt_spf" = mkTXTRecord zoneName "v=spf1 include:spf.messagingengine.com ?all";
};
};
}
{
resource = {
cloudflare_record = {
# SRV records for email services
"srv_caldavs" = mkSRVRecord "_caldavs._tcp" 443 "caldav.fastmail.com" 1 0;
"srv_caldav" = mkSRVRecord "_caldav._tcp" 0 "." 0 0;
"srv_carddavs" = mkSRVRecord "_carddavs._tcp" 443 "carddav.fastmail.com" 1 0;
"srv_carddav" = mkSRVRecord "_carddav._tcp" 0 "." 0 0;
"srv_imaps" = mkSRVRecord "_imaps._tcp" 993 "imap.fastmail.com" 1 0;
"srv_imap" = mkSRVRecord "_imap._tcp" 0 "." 0 0;
"srv_smtp" = mkSRVRecord "_submission._tcp" 587 "smtp.fastmail.com" 1 0;
};
};
}
]);
}
|
