terraform/admin/dns.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

{ lib, ... }:
let
  zoneId = lib.tfRef "var.cloudflare_zone_id";
  primaryIPv4 = "165.232.158.110";
  domain = "fcuny.net";

  # GitHub Pages IP addresses for root domain
  githubPagesIPs = [
    "185.199.108.153"
    "185.199.110.153"
    "185.199.109.153"
    "185.199.111.153"
  ];

  mkARecord = name: content: ttl: {
    inherit name content ttl;
    type = "A";
    proxied = false;
    zone_id = zoneId;
  };

  mkCNAMERecord = name: content: ttl: {
    inherit name content ttl;
    type = "CNAME";
    proxied = false;
    zone_id = zoneId;
  };

  mkMXRecord = name: content: priority: {
    inherit name content priority;
    type = "MX";
    proxied = false;
    ttl = 1;
    zone_id = zoneId;
  };

  mkSRVRecord = name: port: priority: target: weight: {
    inherit name priority;
    type = "SRV";
    proxied = false;
    ttl = 1;
    zone_id = zoneId;
    data = {
      inherit
        port
        priority
        target
        weight
        ;
    };
  };

  mkTXTRecord = name: content: {
    inherit name content;
    type = "TXT";
    proxied = false;
    ttl = 1;
    zone_id = zoneId;
  };

  mkMultipleARecords =
    baseName: ips:
    lib.listToAttrs (
      lib.imap0 (i: ip: {
        name = "${baseName}_${toString i}";
        value = mkARecord domain ip 1;
      }) ips
    );

  dkimRecords = lib.listToAttrs (
    lib.imap1
      (i: _: {
        name = "cname_dkim_${toString (i - 1)}";
        value = mkCNAMERecord "fm${toString i}._domainkey" "fm${toString i}.${domain}.dkim.fmhosted.com" 60;
      })
      [
        1
        2
        3
      ]
  );

  subdomainARecords = {
    cname_code = mkARecord "code.${domain}" primaryIPv4 1;
    cname_go = mkARecord "go.${domain}" primaryIPv4 1;
    cname_id = mkARecord "id.${domain}" primaryIPv4 1;
  };

  mxRecords = {
    mx_0 = mkMXRecord domain "in1-smtp.messagingengine.com" 10;
    mx_1 = mkMXRecord domain "in2-smtp.messagingengine.com" 20;
  };

  srvRecords = {
    srv_caldavs = mkSRVRecord "_caldavs._tcp" 443 0 "caldav.fastmail.com" 1;
    srv_caldav = mkSRVRecord "_caldav._tcp" 0 0 "." 0;
    srv_carddavs = mkSRVRecord "_carddavs._tcp" 443 0 "carddav.fastmail.com" 1;
    srv_carddav = mkSRVRecord "_carddav._tcp" 0 0 "." 0;
    srv_imaps = mkSRVRecord "_imaps._tcp" 993 0 "imap.fastmail.com" 1;
    srv_imap = mkSRVRecord "_imap._tcp" 0 0 "." 0;
    srv_smtp = mkSRVRecord "_submission._tcp" 587 0 "smtp.fastmail.com" 1;
  };

  txtRecords = {
    txt_spf = mkTXTRecord domain "\"v=spf1 include:spf.messagingengine.com ?all\"";
  };

in
{
  resource.cloudflare_dns_record =
    (mkMultipleARecords "cname_root" githubPagesIPs)
    // subdomainARecords
    // dkimRecords
    // mxRecords
    // srvRecords
    // txtRecords;
}