Refactor DNS configuration and update flake.lock.
This commit is contained in:
215
dnsconfig.js
215
dnsconfig.js
@@ -7,78 +7,102 @@ var DNS_CLOUDFLARE = NewDnsProvider("cloudflare");
|
||||
/* ****************************************************************************************************************** *\
|
||||
Defaults & Common Records
|
||||
\* ****************************************************************************************************************** */
|
||||
var rexbox = "rexbox.prm.achl.fr.";
|
||||
var rexcloud = "rexcloud.cld.achl.fr.";
|
||||
var reportEmail = "0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email";
|
||||
var dmarcPolicy = "v=DMARC1; p=quarantine; adkim=s; aspf=s; rua=mailto:" + reportEmail + "; ruf=mailto:" + reportEmail + "; pct=100; fo=1";
|
||||
|
||||
DEFAULTS(
|
||||
DnsProvider(DNS_CLOUDFLARE),
|
||||
DefaultTTL(1),
|
||||
CF_MANAGE_COMMENTS, // opt into comments syncing
|
||||
CAA("@", "iodef", "mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email"),
|
||||
CAA("@", "iodef", "mailto:" + reportEmail),
|
||||
CAA("@", "issue", "letsencrypt.org"),
|
||||
);
|
||||
|
||||
var rexbox = "rexbox.prm.achl.fr.";
|
||||
var rexcloud = "rexcloud.cld.achl.fr.";
|
||||
|
||||
var PROTONMAIL_RECORDS = [
|
||||
MX("@", 10, "mail.protonmail.ch.", CF_COMMENT("ProtonMail MX")),
|
||||
MX("@", 20, "mailsec.protonmail.ch.", CF_COMMENT("ProtonMail MX")),
|
||||
TXT("@", "v=spf1 include:_spf.protonmail.ch mx ~all", CF_COMMENT("ProtonMail SPF")),
|
||||
TXT("_dmarc", "v=DMARC1; p=quarantine; adkim=s; aspf=s; rua=mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email; ruf=mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email; pct=100; fo=1", CF_COMMENT("ProtonMail DMARC")),
|
||||
];
|
||||
|
||||
var SIMPLELOGIN_RECORDS = [
|
||||
MX("@", 10, "mx1.simplelogin.co.", CF_COMMENT("SimpleLogin MX")),
|
||||
MX("@", 20, "mx2.simplelogin.co.", CF_COMMENT("SimpleLogin MX")),
|
||||
TXT("@", "v=spf1 include:simplelogin.co ~all", CF_COMMENT("SimpleLogin SPF")),
|
||||
CNAME("dkim._domainkey", "dkim._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
|
||||
CNAME("dkim02._domainkey", "dkim02._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
|
||||
CNAME("dkim03._domainkey", "dkim03._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
|
||||
TXT("_dmarc", "v=DMARC1; p=quarantine; adkim=s; aspf=s; rua=mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email; ruf=mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email; pct=100; fo=1", CF_COMMENT("SimpleLogin DMARC")),
|
||||
];
|
||||
|
||||
/* ****************************************************************************************************************** *\
|
||||
arirex.me
|
||||
Primary Domains
|
||||
\* ****************************************************************************************************************** */
|
||||
D("arirex.me", REG_101DOMAIN,
|
||||
ALIAS("@", rexbox),
|
||||
|
||||
// RexBox Services
|
||||
CNAME("ai", rexbox, CF_COMMENT("OpenWebUI")),
|
||||
CNAME("auth", rexbox, CF_COMMENT("Traefik Forward Auth")),
|
||||
CNAME("bin", rexbox, CF_COMMENT("Enclosed")),
|
||||
CNAME("chat", rexbox, CF_COMMENT("Matrix / Client")),
|
||||
CNAME("id", rexbox, CF_COMMENT("Pocket ID")),
|
||||
CNAME("it", rexbox, CF_COMMENT("IT Tools")),
|
||||
CNAME("karakeep", rexbox, CF_COMMENT("Karakeep")),
|
||||
CNAME("l", rexbox, CF_COMMENT("Chhoto URL")),
|
||||
CNAME("matrix", rexbox, CF_COMMENT("Matrix / Server")),
|
||||
CNAME("mc", rexbox, CF_COMMENT("Minecraft")),
|
||||
CNAME("ntfy", rexbox, CF_COMMENT("Ntfy")),
|
||||
CNAME("traefik", rexbox, CF_COMMENT("Traefik")),
|
||||
|
||||
// RexCloud Services
|
||||
CNAME("beszel", rexcloud, CF_COMMENT("Beszel")),
|
||||
CNAME("git", rexcloud, CF_COMMENT("Gitea")),
|
||||
CNAME("gw", rexcloud, CF_COMMENT("IPFS")),
|
||||
CNAME("*.ipfs.gw", rexcloud, CF_COMMENT("IPFS")),
|
||||
CNAME("*.ipns.gw", rexcloud, CF_COMMENT("IPFS")),
|
||||
CNAME("search", rexcloud, CF_COMMENT("SearXNG")),
|
||||
// CNAME("speedtest", rexcloud, CF_COMMENT("LibreSpeed")),
|
||||
protonmail("6fd60590dc31588ca5a85c7e311649ff5f93cab2", "dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq"),
|
||||
|
||||
// Verifications
|
||||
TXT("@", "oa1:xmr recipient_address=89dQNyY3E9gJGYrEeRw4EFAdezWQg7BBbHJdBpLRwrjH52ngNfAYRcEhAHQotCswGxTeSoFi5nQ7Gf86kySmXzuQE9CXjUH; recipient_name=AriRexouium;", CF_COMMENT("OpenAlias > XMR > Kraken")),
|
||||
TXT("_discord", "dh=1c93b7effbe0bf428cb55d33175c2721ef715bb6", CF_COMMENT("Discord Verify")),
|
||||
TXT("_atproto", "did=did:plc:53kf45pcsqgayjmoau42lhsk", CF_COMMENT("BlueSky Verify")),
|
||||
TXT("_github-pages-challenge-arirexouium", "0b62c2fb7a8422145d5b5e6637257d", CF_COMMENT("GitHub Pages Verify")),
|
||||
|
||||
// ProtonMail
|
||||
PROTONMAIL_RECORDS,
|
||||
TXT("@", "protonmail-verification=6fd60590dc31588ca5a85c7e311649ff5f93cab2", CF_COMMENT("ProtonMail Verify")),
|
||||
CNAME("protonmail._domainkey", "protonmail.domainkey.dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
||||
CNAME("protonmail2._domainkey", "protonmail2.domainkey.dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
||||
CNAME("protonmail3._domainkey", "protonmail3.domainkey.dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
||||
);
|
||||
|
||||
// Media Server
|
||||
D("achl.fr", REG_101DOMAIN,
|
||||
ALIAS("@", rexbox),
|
||||
protonmail("a5142b961ee71079de475ab173095ae7a8497159", "dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga"),
|
||||
|
||||
// On-prem & Cloud Servers
|
||||
IGNORE("rexbox.prm", "A"), // Managed by qmcgaw/ddns-updater
|
||||
A("rexcloud.cld", "5.161.231.128"),
|
||||
AAAA("rexcloud.cld", "2a01:4ff:f0:e504::"),
|
||||
|
||||
// Verifications
|
||||
TXT("_discord", "dh=d041188169640d1f23c6b379d97935981a7a07da", CF_COMMENT("Discord Verify")),
|
||||
TXT("_github-pages-challenge-arirexouium", "134234f292827135d74e0637efc575", CF_COMMENT("GitHub Pages Verify")),
|
||||
|
||||
);
|
||||
|
||||
/* ****************************************************************************************************************** *\
|
||||
Email Proxy Domains
|
||||
\* ****************************************************************************************************************** */
|
||||
D("arirex.email", REG_101DOMAIN,
|
||||
simplelogin("ngmfowygibangqmiobjznfmjhxniyi"),
|
||||
);
|
||||
|
||||
D("achlfr.email", REG_101DOMAIN,
|
||||
simplelogin("rsykypqtapcymkryscyoajdlajvqmx"),
|
||||
);
|
||||
|
||||
/* ****************************************************************************************************************** *\
|
||||
Service Records
|
||||
\* ****************************************************************************************************************** */
|
||||
|
||||
/* -------------------------------------------------------------------------- *\
|
||||
RexBox Services
|
||||
\* -------------------------------------------------------------------------- */
|
||||
cnames("arirex.me", rexbox, [
|
||||
"OpenWebUI@ai",
|
||||
"Traefik Forward Auth@auth",
|
||||
"Enclosed@bin",
|
||||
"Matrix / Client@chat",
|
||||
"Pocket ID@id",
|
||||
"IT Tools@it",
|
||||
"Karakeep@karakeep",
|
||||
"Chhoto URL@l",
|
||||
"Matrix / Server@matrix",
|
||||
"Minecraft@mc",
|
||||
"Ntfy@ntfy",
|
||||
"Traefik@traefik",
|
||||
]);
|
||||
|
||||
cnames("achl.fr", rexbox, [
|
||||
"Matrix / Client@chat",
|
||||
"Matrix / Server@matrix",
|
||||
]);
|
||||
|
||||
/* -------------------------------------------------------------------------- *\
|
||||
RexCloud Services
|
||||
\* -------------------------------------------------------------------------- */
|
||||
cnames("arirex.me", rexcloud, [
|
||||
"Beszel@beszel",
|
||||
"Gitea@git",
|
||||
"IPFS@gw",
|
||||
"IPFS@*.ipfs.gw",
|
||||
"IPFS@*.ipns.gw",
|
||||
"SearXNG@search",
|
||||
// "LibreSpeed@speedtest",
|
||||
]);
|
||||
|
||||
/* -------------------------------------------------------------------------- *\
|
||||
Media Server
|
||||
\* -------------------------------------------------------------------------- */
|
||||
[
|
||||
"qBittorrent", // Downloader
|
||||
"Jellyfin", "Jellyseerr", // Provider & Requester
|
||||
@@ -91,44 +115,55 @@ D("arirex.me", REG_101DOMAIN,
|
||||
});
|
||||
|
||||
/* ****************************************************************************************************************** *\
|
||||
achl.fr
|
||||
Helper Functions
|
||||
\* ****************************************************************************************************************** */
|
||||
D("achl.fr", REG_101DOMAIN,
|
||||
ALIAS("@", rexbox),
|
||||
|
||||
// Devices & Servers
|
||||
IGNORE("rexbox.prm", "A"), // Managed by qmcgaw/ddns-updater
|
||||
IGNORE("rexcloud.cld", "A"), // Managed by qmcgaw/ddns-updater
|
||||
IGNORE("rexcloud.cld", "AAAA"), // Managed by qmcgaw/ddns-updater
|
||||
/**
|
||||
* Create CNAME records from "comment@subdomain" strings
|
||||
* @param {string} domain - Domain to extend
|
||||
* @param {string} target - Server target
|
||||
* @param {string[]} records - Array of "comment@subdomain" strings
|
||||
*/
|
||||
function cnames(domain, target, records) {
|
||||
records.forEach(function(r) {
|
||||
var parts = r.split("@");
|
||||
D_EXTEND(domain, CNAME(parts[1], target, CF_COMMENT(parts[0])));
|
||||
});
|
||||
}
|
||||
|
||||
// Services
|
||||
CNAME("chat", rexbox, CF_COMMENT("Matrix / Client")),
|
||||
CNAME("matrix", rexbox, CF_COMMENT("Matrix / Server")),
|
||||
/**
|
||||
* Generate ProtonMail DNS records (MX, SPF, DMARC, verification, DKIM)
|
||||
* @param {string} verification - ProtonMail verification token
|
||||
* @param {string} dkimKey - ProtonMail DKIM domain key
|
||||
* @returns {DomainModifier[]} Array of DNS records
|
||||
*/
|
||||
function protonmail(verification, dkimKey) {
|
||||
return [
|
||||
MX("@", 10, "mail.protonmail.ch.", CF_COMMENT("ProtonMail MX")),
|
||||
MX("@", 20, "mailsec.protonmail.ch.", CF_COMMENT("ProtonMail MX")),
|
||||
TXT("@", "v=spf1 include:_spf.protonmail.ch mx ~all", CF_COMMENT("ProtonMail SPF")),
|
||||
TXT("@", "protonmail-verification=" + verification, CF_COMMENT("ProtonMail Verify")),
|
||||
TXT("_dmarc", dmarcPolicy, CF_COMMENT("ProtonMail DMARC")),
|
||||
CNAME("protonmail._domainkey", "protonmail.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
||||
CNAME("protonmail2._domainkey", "protonmail2.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
||||
CNAME("protonmail3._domainkey", "protonmail3.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
||||
];
|
||||
}
|
||||
|
||||
// Verifications
|
||||
TXT("_discord", "dh=d041188169640d1f23c6b379d97935981a7a07da", CF_COMMENT("Discord Verify")),
|
||||
TXT("_github-pages-challenge-arirexouium", "134234f292827135d74e0637efc575", CF_COMMENT("GitHub Pages Verify")),
|
||||
|
||||
// ProtonMail
|
||||
PROTONMAIL_RECORDS,
|
||||
TXT("@", "protonmail-verification=a5142b961ee71079de475ab173095ae7a8497159", CF_COMMENT("ProtonMail Verify")),
|
||||
CNAME("protonmail._domainkey", "protonmail.domainkey.dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
||||
CNAME("protonmail2._domainkey", "protonmail2.domainkey.dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
||||
CNAME("protonmail3._domainkey", "protonmail3.domainkey.dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
||||
);
|
||||
|
||||
/* ****************************************************************************************************************** *\
|
||||
arirex.email
|
||||
\* ****************************************************************************************************************** */
|
||||
D("arirex.email", REG_101DOMAIN,
|
||||
SIMPLELOGIN_RECORDS,
|
||||
TXT("@", "sl-verification=ngmfowygibangqmiobjznfmjhxniyi", CF_COMMENT("SimpleLogin Verify")),
|
||||
);
|
||||
|
||||
/* ****************************************************************************************************************** *\
|
||||
achlfr.email
|
||||
\* ****************************************************************************************************************** */
|
||||
D("achlfr.email", REG_101DOMAIN,
|
||||
SIMPLELOGIN_RECORDS,
|
||||
TXT("@", "sl-verification=rsykypqtapcymkryscyoajdlajvqmx", CF_COMMENT("SimpleLogin Verify")),
|
||||
);
|
||||
/**
|
||||
* Generate SimpleLogin DNS records (MX, SPF, DMARC, verification, DKIM)
|
||||
* @param {string} verification - SimpleLogin verification token
|
||||
* @returns {DomainModifier[]} Array of DNS records
|
||||
*/
|
||||
function simplelogin(verification) {
|
||||
return [
|
||||
MX("@", 10, "mx1.simplelogin.co.", CF_COMMENT("SimpleLogin MX")),
|
||||
MX("@", 20, "mx2.simplelogin.co.", CF_COMMENT("SimpleLogin MX")),
|
||||
TXT("@", "v=spf1 include:simplelogin.co ~all", CF_COMMENT("SimpleLogin SPF")),
|
||||
TXT("@", "sl-verification=" + verification, CF_COMMENT("SimpleLogin Verify")),
|
||||
TXT("_dmarc", dmarcPolicy, CF_COMMENT("SimpleLogin DMARC")),
|
||||
CNAME("dkim._domainkey", "dkim._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
|
||||
CNAME("dkim02._domainkey", "dkim02._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
|
||||
CNAME("dkim03._domainkey", "dkim03._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
|
||||
];
|
||||
}
|
||||
|
||||
6
flake.lock
generated
6
flake.lock
generated
@@ -20,11 +20,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1771848320,
|
||||
"narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
|
||||
"lastModified": 1772773019,
|
||||
"narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2fc6539b481e1d2569f25f8799236694180c0993",
|
||||
"rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
Reference in New Issue
Block a user