218 lines
8.2 KiB
JavaScript
218 lines
8.2 KiB
JavaScript
// @ts-check
|
|
/// <reference path="types-dnscontrol.d.ts" />
|
|
|
|
var REG_101DOMAIN = NewRegistrar("none");
|
|
var DNS_CLOUDFLARE = NewDnsProvider("cloudflare");
|
|
|
|
/* ****************************************************************************************************************** *\
|
|
Defaults & Common Records
|
|
\* ****************************************************************************************************************** */
|
|
var rexbox = "rexbox.prm.achl.fr.";
|
|
var rexcloud = "rexcloud.cld.achl.fr.";
|
|
var reportEmail = "mailto:0acbbb8a-1558-419a-ab2d-3f2773a1247d@arirex.email";
|
|
var dmarcRecord = DMARC_BUILDER({
|
|
policy: "reject",
|
|
subdomainPolicy: "reject",
|
|
alignmentDKIM: "strict",
|
|
alignmentSPF: "strict",
|
|
rua: [reportEmail],
|
|
ruf: [reportEmail],
|
|
percent: 100,
|
|
failureOptions: "1",
|
|
});
|
|
|
|
DEFAULTS(
|
|
DnsProvider(DNS_CLOUDFLARE),
|
|
DefaultTTL(1),
|
|
CF_MANAGE_COMMENTS, // opt into comments syncing
|
|
CAA_BUILDER({
|
|
iodef: reportEmail,
|
|
iodef_critical: true,
|
|
issue: ["letsencrypt.org"],
|
|
issue_critical: true,
|
|
issuewild: ["letsencrypt.org"],
|
|
issuewild_critical: true,
|
|
issuevmc: "none",
|
|
issuevmc_critical: true,
|
|
issuemail: "none",
|
|
issuemail_critical: true,
|
|
}),
|
|
);
|
|
|
|
/* ****************************************************************************************************************** *\
|
|
Managed Domains
|
|
\* ****************************************************************************************************************** */
|
|
|
|
/* -------------------------------------------------------------------------- *\
|
|
Primary Domains
|
|
\* -------------------------------------------------------------------------- */
|
|
D("arirex.me", REG_101DOMAIN,
|
|
ALIAS("@", rexbox),
|
|
protonmail("6fd60590dc31588ca5a85c7e311649ff5f93cab2", "dodai2qaszneyk5jeyfloq24ttjcqfer2gdopw3nfmxn3bugtw2hq"),
|
|
|
|
// Verifications
|
|
TXT("@", "oa1:xmr recipient_address=89dQNyY3E9gJGYrEeRw4EFAdezWQg7BBbHJdBpLRwrjH52ngNfAYRcEhAHQotCswGxTeSoFi5nQ7Gf86kySmXzuQE9CXjUH; recipient_name=AriRexouium;", CF_COMMENT("OpenAlias > XMR > Kraken")),
|
|
TXT("_discord", "dh=1c93b7effbe0bf428cb55d33175c2721ef715bb6", CF_COMMENT("Discord Verify")),
|
|
TXT("_atproto", "did=did:plc:53kf45pcsqgayjmoau42lhsk", CF_COMMENT("BlueSky Verify")),
|
|
TXT("_github-pages-challenge-arirexouium", "0b62c2fb7a8422145d5b5e6637257d", CF_COMMENT("GitHub Pages Verify")),
|
|
);
|
|
|
|
D("achl.fr", REG_101DOMAIN,
|
|
ALIAS("@", rexbox),
|
|
protonmail("a5142b961ee71079de475ab173095ae7a8497159", "dptdmdzwbeybqhgo544aqzi6w7vqiojzxbbm6hoev3nni5kewj4ga"),
|
|
|
|
// On-prem & Cloud Servers
|
|
IGNORE("rexbox.prm", "A"), // Managed by qmcgaw/ddns-updater
|
|
A("rexcloud.cld", "5.161.231.128"),
|
|
AAAA("rexcloud.cld", "2a01:4ff:f0:e504::"),
|
|
|
|
// Verifications
|
|
TXT("_discord", "dh=d041188169640d1f23c6b379d97935981a7a07da", CF_COMMENT("Discord Verify")),
|
|
TXT("_github-pages-challenge-arirexouium", "134234f292827135d74e0637efc575", CF_COMMENT("GitHub Pages Verify")),
|
|
);
|
|
|
|
/* -------------------------------------------------------------------------- *\
|
|
Email Proxy Domains
|
|
\* -------------------------------------------------------------------------- */
|
|
D("arirex.email", REG_101DOMAIN,
|
|
simplelogin("ngmfowygibangqmiobjznfmjhxniyi"),
|
|
);
|
|
|
|
D("achlfr.email", REG_101DOMAIN,
|
|
simplelogin("rsykypqtapcymkryscyoajdlajvqmx"),
|
|
);
|
|
|
|
/* ****************************************************************************************************************** *\
|
|
Service Records
|
|
\* ****************************************************************************************************************** */
|
|
|
|
/* -------------------------------------------------------------------------- *\
|
|
RexBox Services
|
|
\* -------------------------------------------------------------------------- */
|
|
cnames("arirex.me", rexbox, [
|
|
"Chhoto URL@l",
|
|
"Enclosed@bin",
|
|
"IT Tools@it",
|
|
"Karakeep@karakeep",
|
|
"Matrix > Client@chat",
|
|
"Matrix > Server@matrix",
|
|
"Ntfy@ntfy",
|
|
"OpenWebUI@ai",
|
|
"Pocket ID@id",
|
|
"Traefik@traefik",
|
|
"Traefik Forward Auth@auth",
|
|
]);
|
|
|
|
cnames("achl.fr", rexbox, [
|
|
"Matrix > Client@chat",
|
|
"Matrix > Server@matrix",
|
|
]);
|
|
|
|
minecraft("Frantic", "frantic.mc", "arirex.me", 63548);
|
|
minecraft("The Furry Cult", "thefurrycult.mc", "arirex.me", 54924);
|
|
|
|
/* -------------------------------------------------------------------------- *\
|
|
RexCloud Services
|
|
\* -------------------------------------------------------------------------- */
|
|
cnames("arirex.me", rexcloud, [
|
|
"Beszel@beszel",
|
|
"Gitea@git",
|
|
// "IPFS Subdomain Gateway@*.ipfs.gw",
|
|
// "IPFS Subdomain Gateway@*.ipns.gw",
|
|
// "IPFS Path Gateway@gw",
|
|
"SearXNG@search",
|
|
]);
|
|
|
|
/* -------------------------------------------------------------------------- *\
|
|
Media Server
|
|
\* -------------------------------------------------------------------------- */
|
|
[
|
|
"qBittorrent", // Downloader
|
|
"Jellyfin", "Jellyseerr", // Provider & Requester
|
|
"Prowlarr", "Profilarr", // Synchronization
|
|
"Radarr", "Sonarr", "Lidarr", // Movies, Shows, Music
|
|
].forEach(function(i) {
|
|
D_EXTEND("arirex.me",
|
|
CNAME(i.toLowerCase() + ".servarr", rexbox, CF_COMMENT(i))
|
|
);
|
|
});
|
|
|
|
/* ****************************************************************************************************************** *\
|
|
Helper Functions
|
|
\* ****************************************************************************************************************** */
|
|
|
|
/**
|
|
* Create CNAME records from "comment@subdomain" strings
|
|
* @param {string} domain - Domain to extend
|
|
* @param {string} target - Server target
|
|
* @param {string[]} records - Array of "comment@subdomain" strings
|
|
*/
|
|
function cnames(domain, target, records) {
|
|
records.forEach(function(rec) {
|
|
var part = rec.split("@");
|
|
D_EXTEND(domain, CNAME(part[1], target, CF_COMMENT(part[0])));
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Create a Minecraft server subdomain with CNAME and SRV records
|
|
* @param {string} comment - Human-readable server name
|
|
* @param {string} subdomain - Subdomain for the server
|
|
* @param {string} domain - Domain to extend
|
|
* @param {number} port - Port the server listens on
|
|
*/
|
|
function minecraft(comment, subdomain, domain, port) {
|
|
var fqdn = subdomain + "." + domain + ".";
|
|
D_EXTEND(domain,
|
|
CNAME(subdomain, rexbox, CF_COMMENT("Minecraft > " + comment)),
|
|
SRV("_minecraft._tcp." + subdomain, 0, 0, port, fqdn, CF_COMMENT("Minecraft > " + comment)),
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Generate ProtonMail DNS records (MX, SPF, DMARC, verification, DKIM)
|
|
* @param {string} verification - ProtonMail verification token
|
|
* @param {string} dkimKey - ProtonMail DKIM domain key
|
|
* @returns {DomainModifier[]} Array of DNS records
|
|
*/
|
|
function protonmail(verification, dkimKey) {
|
|
return [
|
|
// Stage 1: Verify
|
|
TXT("@", "protonmail-verification=" + verification, CF_COMMENT("ProtonMail Verify")),
|
|
// Stage 2: MX
|
|
MX("@", 10, "mail.protonmail.ch.", CF_COMMENT("ProtonMail MX")),
|
|
MX("@", 20, "mailsec.protonmail.ch.", CF_COMMENT("ProtonMail MX")),
|
|
// Stage 3: SPF
|
|
TXT("@", "v=spf1 include:_spf.protonmail.ch mx ~all", CF_COMMENT("ProtonMail SPF")),
|
|
// Stage 3: DKIM
|
|
CNAME("protonmail._domainkey", "protonmail.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
|
CNAME("protonmail2._domainkey", "protonmail2.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
|
CNAME("protonmail3._domainkey", "protonmail3.domainkey." + dkimKey + ".domains.proton.ch.", CF_COMMENT("ProtonMail DKIM")),
|
|
// Stage 4: DMARC
|
|
dmarcRecord,
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Generate SimpleLogin DNS records (MX, SPF, DMARC, verification, DKIM)
|
|
* @param {string} verification - SimpleLogin verification token
|
|
* @returns {DomainModifier[]} Array of DNS records
|
|
*/
|
|
function simplelogin(verification) {
|
|
return [
|
|
// Stage 1: Verify
|
|
TXT("@", "sl-verification=" + verification, CF_COMMENT("SimpleLogin Verify")),
|
|
// Stage 2: MX
|
|
MX("@", 10, "mx1.simplelogin.co.", CF_COMMENT("SimpleLogin MX")),
|
|
MX("@", 20, "mx2.simplelogin.co.", CF_COMMENT("SimpleLogin MX")),
|
|
// Stage 3: SPF
|
|
TXT("@", "v=spf1 include:simplelogin.co ~all", CF_COMMENT("SimpleLogin SPF")),
|
|
// Stage 4: DKIM
|
|
CNAME("dkim._domainkey", "dkim._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
|
|
CNAME("dkim02._domainkey", "dkim02._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
|
|
CNAME("dkim03._domainkey", "dkim03._domainkey.simplelogin.co.", CF_COMMENT("SimpleLogin DKIM")),
|
|
// Stage 5: DMARC
|
|
dmarcRecord,
|
|
];
|
|
}
|