// @ts-check /// var REG_101DOMAIN = NewRegistrar("none"); var DNS_CLOUDFLARE = NewDnsProvider("cloudflare"); /* ****************************************************************************************************************** *\ Defaults & Common Records \* ****************************************************************************************************************** */ var rexbox = "rexbox.prm.achl.fr."; var rexcloud = "rexcloud.cld.achl.fr."; var reportEmail = "mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email"; var dmarcRecord = DMARC_BUILDER({ policy: "reject", subdomainPolicy: "reject", alignmentDKIM: "strict", alignmentSPF: "strict", rua: [reportEmail], ruf: [reportEmail], percent: 100, failureOptions: "1", }); DEFAULTS( DnsProvider(DNS_CLOUDFLARE), DefaultTTL(1), CF_MANAGE_COMMENTS, // opt into comments syncing CAA_BUILDER({ iodef: reportEmail, iodef_critical: true, issue: ["letsencrypt.org"], issue_critical: true, issuewild: ["letsencrypt.org"], issuewild_critical: true, issuevmc: "none", issuevmc_critical: true, issuemail: "none", issuemail_critical: true, }), ); /* ****************************************************************************************************************** *\ Managed Domains \* ****************************************************************************************************************** */ /* -------------------------------------------------------------------------- *\ Primary Domains \* -------------------------------------------------------------------------- */ D("arirex.me", REG_101DOMAIN, ALIAS("@", rexbox), protonmail("6fd60590dc31588ca5a85c7e311649ff5f93cab2", "dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq"), // Verifications TXT("_discord", "dh=1c93b7effbe0bf428cb55d33175c2721ef715bb6", CF_COMMENT("Discord Verify")), TXT("_atproto", "did=did:plc:53kf45pcsqgayjmoau42lhsk", CF_COMMENT("BlueSky Verify")), TXT("_github-pages-challenge-arirexouium", "0b62c2fb7a8422145d5b5e6637257d", CF_COMMENT("GitHub Pages Verify")), // OpenAlias openalias("xmr", "89dQNyY3E9gJGYrEeRw4EFAdezWQg7BBbHJdBpLRwrjH52ngNfAYRcEhAHQotCswGxTeSoFi5nQ7Gf86kySmXzuQE9CXjUH", { name: "AriRexouium", checksum: true, }), ); D("achl.fr", REG_101DOMAIN, ALIAS("@", rexbox), protonmail("a5142b961ee71079de475ab173095ae7a8497159", "dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga"), // On-prem & Cloud Servers IGNORE("rexbox.prm", "A"), // Managed by qmcgaw/ddns-updater A("rexcloud.cld", "5.161.231.128"), AAAA("rexcloud.cld", "2a01:4ff:f0:e504::"), // Verifications TXT("_discord", "dh=d041188169640d1f23c6b379d97935981a7a07da", CF_COMMENT("Discord Verify")), TXT("_github-pages-challenge-arirexouium", "134234f292827135d74e0637efc575", CF_COMMENT("GitHub Pages Verify")), ); /* -------------------------------------------------------------------------- *\ Email Proxy Domains \* -------------------------------------------------------------------------- */ D("arirex.email", REG_101DOMAIN, simplelogin("ngmfowygibangqmiobjznfmjhxniyi"), ); D("achlfr.email", REG_101DOMAIN, simplelogin("rsykypqtapcymkryscyoajdlajvqmx"), ); /* ****************************************************************************************************************** *\ Service Records \* ****************************************************************************************************************** */ /* -------------------------------------------------------------------------- *\ RexBox Services \* -------------------------------------------------------------------------- */ cnames("arirex.me", rexbox, [ "Chhoto URL@l", "Enclosed@bin", "IT Tools@it", "Karakeep@karakeep", "Matrix > Client@chat", "Matrix > Server@matrix", "Ntfy@ntfy", "OpenWebUI@ai", "Pocket ID@id", "Traefik@traefik", "Traefik Forward Auth@auth", ]); cnames("achl.fr", rexbox, [ "Matrix > Client@chat", "Matrix > Server@matrix", ]); minecraft("Frantic", "frantic.mc", "arirex.me", 63548); minecraft("The Furry Cult", "thefurrycult.mc", "arirex.me", 54924); /* -------------------------------------------------------------------------- *\ RexCloud Services \* -------------------------------------------------------------------------- */ cnames("arirex.me", rexcloud, [ "Beszel@beszel", "Gitea@git", // "IPFS Subdomain Gateway@*.ipfs.gw", // "IPFS Subdomain Gateway@*.ipns.gw", // "IPFS Path Gateway@gw", "SearXNG@search", ]); /* -------------------------------------------------------------------------- *\ Media Server \* -------------------------------------------------------------------------- */ [ "qBittorrent", // Downloader "Jellyfin", "Jellyseerr", // Provider & Requester "Prowlarr", "Profilarr", // Synchronization "Radarr", "Sonarr", "Lidarr", // Movies, Shows, Music ].forEach(function(i) { D_EXTEND("arirex.me", CNAME(i.toLowerCase() + ".servarr", rexbox, CF_COMMENT(i)) ); }); /* ****************************************************************************************************************** *\ Helper Functions \* ****************************************************************************************************************** */ /* -------------------------------------------------------------------------- *\ Basic Builders \* -------------------------------------------------------------------------- */ /** * Create CNAME records from "comment@subdomain" strings * @param {string} domain - Domain to extend * @param {string} target - Server target * @param {string[]} records - Array of "comment@subdomain" strings */ function cnames(domain, target, records) { records.forEach(function(rec) { var part = rec.split("@"); D_EXTEND(domain, CNAME(part[1], target, CF_COMMENT(part[0]))); }); } /** * Create a Minecraft server subdomain with CNAME and SRV records * @param {string} comment - Human-readable server name * @param {string} subdomain - Subdomain for the server * @param {string} domain - Domain to extend * @param {number} port - Port the server listens on */ function minecraft(comment, subdomain, domain, port) { var fqdn = subdomain + "." + domain + "."; D_EXTEND(domain, CNAME(subdomain, rexbox, CF_COMMENT("Minecraft > " + comment)), SRV("_minecraft._tcp." + subdomain, 0, 0, port, fqdn, CF_COMMENT("Minecraft > " + comment)), ); } /* -------------------------------------------------------------------------- *\ Email Builders \* -------------------------------------------------------------------------- */ /** * Generate ProtonMail DNS records (MX, SPF, DMARC, verification, DKIM) * @param {string} verification - ProtonMail verification token * @param {string} dkimKey - ProtonMail DKIM domain key * @returns {DomainModifier[]} Array of DNS records */ function protonmail(verification, dkimKey) { return [ // Stage 1: Verify TXT("@", "protonmail-verification=" + verification, CF_COMMENT("ProtonMail Verify")), // Stage 2: MX MX("@", 10, "mail.protonmail.ch.", CF_COMMENT("ProtonMail MX")), MX("@", 20, "mailsec.protonmail.ch.", CF_COMMENT("ProtonMail MX")), // Stage 3: SPF TXT("@", "v=spf1 include:_spf.protonmail.ch mx ~all", CF_COMMENT("ProtonMail SPF")), // Stage 3: DKIM CNAME("protonmail._domainkey", "protonmail.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), CNAME("protonmail2._domainkey", "protonmail2.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), CNAME("protonmail3._domainkey", "protonmail3.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), // Stage 4: DMARC dmarcRecord, ]; } /** * Generate SimpleLogin DNS records (MX, SPF, DMARC, verification, DKIM) * @param {string} verification - SimpleLogin verification token * @returns {DomainModifier[]} Array of DNS records */ function simplelogin(verification) { return [ // Stage 1: Verify TXT("@", "sl-verification=" + verification, CF_COMMENT("SimpleLogin Verify")), // Stage 2: MX MX("@", 10, "mx1.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), MX("@", 20, "mx2.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), // Stage 3: SPF TXT("@", "v=spf1 include:simplelogin.co ~all", CF_COMMENT("SimpleLogin SPF")), // Stage 4: DKIM CNAME("dkim._domainkey", "dkim._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), CNAME("dkim02._domainkey", "dkim02._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), CNAME("dkim03._domainkey", "dkim03._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), // Stage 5: DMARC dmarcRecord, ]; } /* -------------------------------------------------------------------------- *\ Open Alias Builder \* -------------------------------------------------------------------------- */ /** * Generate OpenAlias TXT record * @param {string} prefix - Application prefix (e.g., "xmr", "btc") * @param {string} address - Recipient address * @param {object} [opts] - Optional key-value pairs * @param {string} [opts.name] - Recipient name * @param {string} [opts.description] - Transaction description * @param {string} [opts.amount] - Transaction amount * @param {string} [opts.paymentId] - Payment ID (e.g., for Monero) * @param {string} [opts.signature] - Address signature * @param {boolean} [opts.checksum] - Optional CRC-32 checksum * @returns {DomainModifier} TXT record */ function openalias(prefix, address, opts) { // Prefix and address are minimum requirement. // Everything else is optional. opts = opts || {}; var record = "oa1:" + prefix + " recipient_address=" + address + ";"; if (opts.name) { record += " recipient_name=" + opts.name + ";"; } if (opts.description) { record += " tx_description=" + opts.description + ";"; } if (opts.amount) { record += " tx_amount=" + opts.amount + ";"; } if (opts.paymentId) { record += " tx_payment_id=" + opts.paymentId + ";"; } if (opts.signature) { record += " address_signature=" + opts.signature + ";"; } if (opts.checksum) { record += " checksum=" + crc32(record.trim()).toString(16).toUpperCase() + ";"; } // Checksum must be last: CRC-32 of the record trimmed of surrounding spaces. return TXT("@", record, CF_COMMENT("OpenAlias > " + prefix.toUpperCase() + (opts.name ? " > " + opts.name : ""))); } /** * Calculate CRC-32 checksum of a string * Handles UTF-8 strings correctly for use with DNSControl. * @param {string} str - Input string * @returns {number} CRC-32 value * @see https://github.com/nabijaczleweli/openalias.rs/blob/master/src/crypto_addr.rs */ function crc32(str) { // 1. Generate the CRC Table var table = []; for (var i = 0; i < 256; i++) { var c = i; for (var j = 0; j < 8; j++) { c = (c & 1) ? (0xEDB88320 ^ (c >>> 1)) : (c >>> 1); } table[i] = c; } // 2. Convert string to UTF-8 "binary" string // This ensures characters like '€' are treated as 3 bytes, not 1. var utf8Str = unescape(encodeURIComponent(str)); // 3. Calculate CRC var crc = 0xFFFFFFFF; for (var k = 0; k < utf8Str.length; k++) { crc = table[(crc ^ utf8Str.charCodeAt(k)) & 0xFF] ^ (crc >>> 8); } return (crc ^ 0xFFFFFFFF) >>> 0; }