diff --git a/dnsconfig.js b/dnsconfig.js index 0a9f8d9..025fed6 100644 --- a/dnsconfig.js +++ b/dnsconfig.js @@ -7,78 +7,102 @@ var DNS_CLOUDFLARE = NewDnsProvider("cloudflare"); /* ****************************************************************************************************************** *\ Defaults & Common Records \* ****************************************************************************************************************** */ +var rexbox = "rexbox.prm.achl.fr."; +var rexcloud = "rexcloud.cld.achl.fr."; +var reportEmail = "0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email"; +var dmarcPolicy = "v=DMARC1; p=quarantine; adkim=s; aspf=s; rua=mailto:" + reportEmail + "; ruf=mailto:" + reportEmail + "; pct=100; fo=1"; + DEFAULTS( DnsProvider(DNS_CLOUDFLARE), DefaultTTL(1), CF_MANAGE_COMMENTS, // opt into comments syncing - CAA("@", "iodef", "mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email"), + CAA("@", "iodef", "mailto:" + reportEmail), CAA("@", "issue", "letsencrypt.org"), ); -var rexbox = "rexbox.prm.achl.fr."; -var rexcloud = "rexcloud.cld.achl.fr."; - -var PROTONMAIL_RECORDS = [ - MX("@", 10, "mail.protonmail.ch.", CF_COMMENT("ProtonMail MX")), - MX("@", 20, "mailsec.protonmail.ch.", CF_COMMENT("ProtonMail MX")), - TXT("@", "v=spf1 include:_spf.protonmail.ch mx ~all", CF_COMMENT("ProtonMail SPF")), - TXT("_dmarc", "v=DMARC1; p=quarantine; adkim=s; aspf=s; rua=mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email; ruf=mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email; pct=100; fo=1", CF_COMMENT("ProtonMail DMARC")), -]; - -var SIMPLELOGIN_RECORDS = [ - MX("@", 10, "mx1.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), - MX("@", 20, "mx2.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), - TXT("@", "v=spf1 include:simplelogin.co ~all", CF_COMMENT("SimpleLogin SPF")), - CNAME("dkim._domainkey", "dkim._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), - CNAME("dkim02._domainkey", "dkim02._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), - CNAME("dkim03._domainkey", "dkim03._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), - TXT("_dmarc", "v=DMARC1; p=quarantine; adkim=s; aspf=s; rua=mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email; ruf=mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email; pct=100; fo=1", CF_COMMENT("SimpleLogin DMARC")), -]; - /* ****************************************************************************************************************** *\ - arirex.me + Primary Domains \* ****************************************************************************************************************** */ D("arirex.me", REG_101DOMAIN, ALIAS("@", rexbox), - - // RexBox Services - CNAME("ai", rexbox, CF_COMMENT("OpenWebUI")), - CNAME("auth", rexbox, CF_COMMENT("Traefik Forward Auth")), - CNAME("bin", rexbox, CF_COMMENT("Enclosed")), - CNAME("chat", rexbox, CF_COMMENT("Matrix / Client")), - CNAME("id", rexbox, CF_COMMENT("Pocket ID")), - CNAME("it", rexbox, CF_COMMENT("IT Tools")), - CNAME("karakeep", rexbox, CF_COMMENT("Karakeep")), - CNAME("l", rexbox, CF_COMMENT("Chhoto URL")), - CNAME("matrix", rexbox, CF_COMMENT("Matrix / Server")), - CNAME("mc", rexbox, CF_COMMENT("Minecraft")), - CNAME("ntfy", rexbox, CF_COMMENT("Ntfy")), - CNAME("traefik", rexbox, CF_COMMENT("Traefik")), - - // RexCloud Services - CNAME("beszel", rexcloud, CF_COMMENT("Beszel")), - CNAME("git", rexcloud, CF_COMMENT("Gitea")), - CNAME("gw", rexcloud, CF_COMMENT("IPFS")), - CNAME("*.ipfs.gw", rexcloud, CF_COMMENT("IPFS")), - CNAME("*.ipns.gw", rexcloud, CF_COMMENT("IPFS")), - CNAME("search", rexcloud, CF_COMMENT("SearXNG")), - // CNAME("speedtest", rexcloud, CF_COMMENT("LibreSpeed")), + protonmail("6fd60590dc31588ca5a85c7e311649ff5f93cab2", "dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq"), // Verifications TXT("@", "oa1:xmr recipient_address=89dQNyY3E9gJGYrEeRw4EFAdezWQg7BBbHJdBpLRwrjH52ngNfAYRcEhAHQotCswGxTeSoFi5nQ7Gf86kySmXzuQE9CXjUH; recipient_name=AriRexouium;", CF_COMMENT("OpenAlias > XMR > Kraken")), TXT("_discord", "dh=1c93b7effbe0bf428cb55d33175c2721ef715bb6", CF_COMMENT("Discord Verify")), TXT("_atproto", "did=did:plc:53kf45pcsqgayjmoau42lhsk", CF_COMMENT("BlueSky Verify")), TXT("_github-pages-challenge-arirexouium", "0b62c2fb7a8422145d5b5e6637257d", CF_COMMENT("GitHub Pages Verify")), - - // ProtonMail - PROTONMAIL_RECORDS, - TXT("@", "protonmail-verification=6fd60590dc31588ca5a85c7e311649ff5f93cab2", CF_COMMENT("ProtonMail Verify")), - CNAME("protonmail._domainkey", "protonmail.domainkey.dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), - CNAME("protonmail2._domainkey", "protonmail2.domainkey.dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), - CNAME("protonmail3._domainkey", "protonmail3.domainkey.dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), ); -// Media Server +D("achl.fr", REG_101DOMAIN, + ALIAS("@", rexbox), + protonmail("a5142b961ee71079de475ab173095ae7a8497159", "dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga"), + + // On-prem & Cloud Servers + IGNORE("rexbox.prm", "A"), // Managed by qmcgaw/ddns-updater + A("rexcloud.cld", "5.161.231.128"), + AAAA("rexcloud.cld", "2a01:4ff:f0:e504::"), + + // Verifications + TXT("_discord", "dh=d041188169640d1f23c6b379d97935981a7a07da", CF_COMMENT("Discord Verify")), + TXT("_github-pages-challenge-arirexouium", "134234f292827135d74e0637efc575", CF_COMMENT("GitHub Pages Verify")), + +); + +/* ****************************************************************************************************************** *\ + Email Proxy Domains +\* ****************************************************************************************************************** */ +D("arirex.email", REG_101DOMAIN, + simplelogin("ngmfowygibangqmiobjznfmjhxniyi"), +); + +D("achlfr.email", REG_101DOMAIN, + simplelogin("rsykypqtapcymkryscyoajdlajvqmx"), +); + +/* ****************************************************************************************************************** *\ + Service Records +\* ****************************************************************************************************************** */ + +/* -------------------------------------------------------------------------- *\ + RexBox Services +\* -------------------------------------------------------------------------- */ +cnames("arirex.me", rexbox, [ + "OpenWebUI@ai", + "Traefik Forward Auth@auth", + "Enclosed@bin", + "Matrix / Client@chat", + "Pocket ID@id", + "IT Tools@it", + "Karakeep@karakeep", + "Chhoto URL@l", + "Matrix / Server@matrix", + "Minecraft@mc", + "Ntfy@ntfy", + "Traefik@traefik", +]); + +cnames("achl.fr", rexbox, [ + "Matrix / Client@chat", + "Matrix / Server@matrix", +]); + +/* -------------------------------------------------------------------------- *\ + RexCloud Services +\* -------------------------------------------------------------------------- */ +cnames("arirex.me", rexcloud, [ + "Beszel@beszel", + "Gitea@git", + "IPFS@gw", + "IPFS@*.ipfs.gw", + "IPFS@*.ipns.gw", + "SearXNG@search", + // "LibreSpeed@speedtest", +]); + +/* -------------------------------------------------------------------------- *\ + Media Server +\* -------------------------------------------------------------------------- */ [ "qBittorrent", // Downloader "Jellyfin", "Jellyseerr", // Provider & Requester @@ -91,44 +115,55 @@ D("arirex.me", REG_101DOMAIN, }); /* ****************************************************************************************************************** *\ - achl.fr + Helper Functions \* ****************************************************************************************************************** */ -D("achl.fr", REG_101DOMAIN, - ALIAS("@", rexbox), - // Devices & Servers - IGNORE("rexbox.prm", "A"), // Managed by qmcgaw/ddns-updater - IGNORE("rexcloud.cld", "A"), // Managed by qmcgaw/ddns-updater - IGNORE("rexcloud.cld", "AAAA"), // Managed by qmcgaw/ddns-updater +/** + * Create CNAME records from "comment@subdomain" strings + * @param {string} domain - Domain to extend + * @param {string} target - Server target + * @param {string[]} records - Array of "comment@subdomain" strings + */ +function cnames(domain, target, records) { + records.forEach(function(r) { + var parts = r.split("@"); + D_EXTEND(domain, CNAME(parts[1], target, CF_COMMENT(parts[0]))); + }); +} - // Services - CNAME("chat", rexbox, CF_COMMENT("Matrix / Client")), - CNAME("matrix", rexbox, CF_COMMENT("Matrix / Server")), +/** + * Generate ProtonMail DNS records (MX, SPF, DMARC, verification, DKIM) + * @param {string} verification - ProtonMail verification token + * @param {string} dkimKey - ProtonMail DKIM domain key + * @returns {DomainModifier[]} Array of DNS records + */ +function protonmail(verification, dkimKey) { + return [ + MX("@", 10, "mail.protonmail.ch.", CF_COMMENT("ProtonMail MX")), + MX("@", 20, "mailsec.protonmail.ch.", CF_COMMENT("ProtonMail MX")), + TXT("@", "v=spf1 include:_spf.protonmail.ch mx ~all", CF_COMMENT("ProtonMail SPF")), + TXT("@", "protonmail-verification=" + verification, CF_COMMENT("ProtonMail Verify")), + TXT("_dmarc", dmarcPolicy, CF_COMMENT("ProtonMail DMARC")), + CNAME("protonmail._domainkey", "protonmail.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), + CNAME("protonmail2._domainkey", "protonmail2.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), + CNAME("protonmail3._domainkey", "protonmail3.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), + ]; +} - // Verifications - TXT("_discord", "dh=d041188169640d1f23c6b379d97935981a7a07da", CF_COMMENT("Discord Verify")), - TXT("_github-pages-challenge-arirexouium", "134234f292827135d74e0637efc575", CF_COMMENT("GitHub Pages Verify")), - - // ProtonMail - PROTONMAIL_RECORDS, - TXT("@", "protonmail-verification=a5142b961ee71079de475ab173095ae7a8497159", CF_COMMENT("ProtonMail Verify")), - CNAME("protonmail._domainkey", "protonmail.domainkey.dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), - CNAME("protonmail2._domainkey", "protonmail2.domainkey.dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), - CNAME("protonmail3._domainkey", "protonmail3.domainkey.dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga.domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), -); - -/* ****************************************************************************************************************** *\ - arirex.email -\* ****************************************************************************************************************** */ -D("arirex.email", REG_101DOMAIN, - SIMPLELOGIN_RECORDS, - TXT("@", "sl-verification=ngmfowygibangqmiobjznfmjhxniyi", CF_COMMENT("SimpleLogin Verify")), -); - -/* ****************************************************************************************************************** *\ - achlfr.email -\* ****************************************************************************************************************** */ -D("achlfr.email", REG_101DOMAIN, - SIMPLELOGIN_RECORDS, - TXT("@", "sl-verification=rsykypqtapcymkryscyoajdlajvqmx", CF_COMMENT("SimpleLogin Verify")), -); +/** + * Generate SimpleLogin DNS records (MX, SPF, DMARC, verification, DKIM) + * @param {string} verification - SimpleLogin verification token + * @returns {DomainModifier[]} Array of DNS records + */ +function simplelogin(verification) { + return [ + MX("@", 10, "mx1.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), + MX("@", 20, "mx2.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), + TXT("@", "v=spf1 include:simplelogin.co ~all", CF_COMMENT("SimpleLogin SPF")), + TXT("@", "sl-verification=" + verification, CF_COMMENT("SimpleLogin Verify")), + TXT("_dmarc", dmarcPolicy, CF_COMMENT("SimpleLogin DMARC")), + CNAME("dkim._domainkey", "dkim._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), + CNAME("dkim02._domainkey", "dkim02._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), + CNAME("dkim03._domainkey", "dkim03._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), + ]; +} diff --git a/flake.lock b/flake.lock index 5bbb065..eec8233 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "lastModified": 1772773019, + "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", "type": "github" }, "original": {