// @ts-check /// var REG_101DOMAIN = NewRegistrar("none"); var DNS_CLOUDFLARE = NewDnsProvider("cloudflare"); /* ****************************************************************************************************************** *\ Defaults & Common Records \* ****************************************************************************************************************** */ var rexbox = "rexbox.prm.achl.fr."; var rexcloud = "rexcloud.cld.achl.fr."; var reportEmail = "mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email"; var dmarcRecord = DMARC_BUILDER({ policy: "reject", subdomainPolicy: "reject", alignmentDKIM: "strict", alignmentSPF: "strict", rua: [reportEmail], ruf: [reportEmail], percent: 100, failureOptions: "1", }); DEFAULTS( DnsProvider(DNS_CLOUDFLARE), DefaultTTL(1), CF_MANAGE_COMMENTS, // opt into comments syncing CAA_BUILDER({ iodef: reportEmail, iodef_critical: true, issue: ["letsencrypt.org"], issue_critical: true, issuewild: ["letsencrypt.org"], issuewild_critical: true, issuevmc: "none", issuevmc_critical: true, issuemail: "none", issuemail_critical: true, }), ); /* ****************************************************************************************************************** *\ Managed Domains \* ****************************************************************************************************************** */ /* -------------------------------------------------------------------------- *\ Primary Domains \* -------------------------------------------------------------------------- */ D("arirex.me", REG_101DOMAIN, ALIAS("@", rexbox), protonmail("6fd60590dc31588ca5a85c7e311649ff5f93cab2", "dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq"), // Verifications TXT("@", "oa1:xmr recipient_address=89dQNyY3E9gJGYrEeRw4EFAdezWQg7BBbHJdBpLRwrjH52ngNfAYRcEhAHQotCswGxTeSoFi5nQ7Gf86kySmXzuQE9CXjUH; recipient_name=AriRexouium;", CF_COMMENT("OpenAlias > XMR > Kraken")), TXT("_discord", "dh=1c93b7effbe0bf428cb55d33175c2721ef715bb6", CF_COMMENT("Discord Verify")), TXT("_atproto", "did=did:plc:53kf45pcsqgayjmoau42lhsk", CF_COMMENT("BlueSky Verify")), TXT("_github-pages-challenge-arirexouium", "0b62c2fb7a8422145d5b5e6637257d", CF_COMMENT("GitHub Pages Verify")), ); D("achl.fr", REG_101DOMAIN, ALIAS("@", rexbox), protonmail("a5142b961ee71079de475ab173095ae7a8497159", "dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga"), // On-prem & Cloud Servers IGNORE("rexbox.prm", "A"), // Managed by qmcgaw/ddns-updater A("rexcloud.cld", "5.161.231.128"), AAAA("rexcloud.cld", "2a01:4ff:f0:e504::"), // Verifications TXT("_discord", "dh=d041188169640d1f23c6b379d97935981a7a07da", CF_COMMENT("Discord Verify")), TXT("_github-pages-challenge-arirexouium", "134234f292827135d74e0637efc575", CF_COMMENT("GitHub Pages Verify")), ); /* -------------------------------------------------------------------------- *\ Email Proxy Domains \* -------------------------------------------------------------------------- */ D("arirex.email", REG_101DOMAIN, simplelogin("ngmfowygibangqmiobjznfmjhxniyi"), ); D("achlfr.email", REG_101DOMAIN, simplelogin("rsykypqtapcymkryscyoajdlajvqmx"), ); /* ****************************************************************************************************************** *\ Service Records \* ****************************************************************************************************************** */ /* -------------------------------------------------------------------------- *\ RexBox Services \* -------------------------------------------------------------------------- */ cnames("arirex.me", rexbox, [ "Chhoto URL@l", "Enclosed@bin", "IT Tools@it", "Karakeep@karakeep", "Matrix > Client@chat", "Matrix > Server@matrix", "Ntfy@ntfy", "OpenWebUI@ai", "Pocket ID@id", "Traefik@traefik", "Traefik Forward Auth@auth", ]); cnames("achl.fr", rexbox, [ "Matrix > Client@chat", "Matrix > Server@matrix", ]); minecraft("Frantic", "frantic.mc", "arirex.me", 63548); minecraft("The Furry Cult", "thefurrycult.mc", "arirex.me", 54924); /* -------------------------------------------------------------------------- *\ RexCloud Services \* -------------------------------------------------------------------------- */ cnames("arirex.me", rexcloud, [ "Beszel@beszel", "Gitea@git", // "IPFS Subdomain Gateway@*.ipfs.gw", // "IPFS Subdomain Gateway@*.ipns.gw", // "IPFS Path Gateway@gw", "SearXNG@search", ]); /* -------------------------------------------------------------------------- *\ Media Server \* -------------------------------------------------------------------------- */ [ "qBittorrent", // Downloader "Jellyfin", "Jellyseerr", // Provider & Requester "Prowlarr", "Profilarr", // Synchronization "Radarr", "Sonarr", "Lidarr", // Movies, Shows, Music ].forEach(function(i) { D_EXTEND("arirex.me", CNAME(i.toLowerCase() + ".servarr", rexbox, CF_COMMENT(i)) ); }); /* ****************************************************************************************************************** *\ Helper Functions \* ****************************************************************************************************************** */ /** * Create CNAME records from "comment@subdomain" strings * @param {string} domain - Domain to extend * @param {string} target - Server target * @param {string[]} records - Array of "comment@subdomain" strings */ function cnames(domain, target, records) { records.forEach(function(rec) { var part = rec.split("@"); D_EXTEND(domain, CNAME(part[1], target, CF_COMMENT(part[0]))); }); } /** * Create a Minecraft server subdomain with CNAME and SRV records * @param {string} comment - Human-readable server name * @param {string} subdomain - Subdomain for the server * @param {string} domain - Domain to extend * @param {number} port - Port the server listens on */ function minecraft(comment, subdomain, domain, port) { var fqdn = subdomain + "." + domain + "."; D_EXTEND(domain, CNAME(subdomain, rexbox, CF_COMMENT("Minecraft > " + comment)), SRV("_minecraft._tcp." + subdomain, 0, 0, port, fqdn, CF_COMMENT("Minecraft > " + comment)), ); } /** * Generate ProtonMail DNS records (MX, SPF, DMARC, verification, DKIM) * @param {string} verification - ProtonMail verification token * @param {string} dkimKey - ProtonMail DKIM domain key * @returns {DomainModifier[]} Array of DNS records */ function protonmail(verification, dkimKey) { return [ // Stage 1: Verify TXT("@", "protonmail-verification=" + verification, CF_COMMENT("ProtonMail Verify")), // Stage 2: MX MX("@", 10, "mail.protonmail.ch.", CF_COMMENT("ProtonMail MX")), MX("@", 20, "mailsec.protonmail.ch.", CF_COMMENT("ProtonMail MX")), // Stage 3: SPF TXT("@", "v=spf1 include:_spf.protonmail.ch mx ~all", CF_COMMENT("ProtonMail SPF")), // Stage 3: DKIM CNAME("protonmail._domainkey", "protonmail.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), CNAME("protonmail2._domainkey", "protonmail2.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), CNAME("protonmail3._domainkey", "protonmail3.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")), // Stage 4: DMARC dmarcRecord, ]; } /** * Generate SimpleLogin DNS records (MX, SPF, DMARC, verification, DKIM) * @param {string} verification - SimpleLogin verification token * @returns {DomainModifier[]} Array of DNS records */ function simplelogin(verification) { return [ // Stage 1: Verify TXT("@", "sl-verification=" + verification, CF_COMMENT("SimpleLogin Verify")), // Stage 2: MX MX("@", 10, "mx1.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), MX("@", 20, "mx2.simplelogin.co.", CF_COMMENT("SimpleLogin MX")), // Stage 3: SPF TXT("@", "v=spf1 include:simplelogin.co ~all", CF_COMMENT("SimpleLogin SPF")), // Stage 4: DKIM CNAME("dkim._domainkey", "dkim._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), CNAME("dkim02._domainkey", "dkim02._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), CNAME("dkim03._domainkey", "dkim03._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")), // Stage 5: DMARC dmarcRecord, ]; }