diff options
| author | seth <[email protected]> | 2024-10-18 03:10:35 -0400 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-10-18 07:10:35 +0000 |
| commit | e6f79b30e620cf7bd5b06e2579e979ff090e925a (patch) | |
| tree | 1dd2b20126602ef448f77fbb9cdd44ba7f02a58c /ext/terranix/cloudflare/dns.nix | |
| parent | fdaf8680ef5bbcadb7cece43911beff18f90cdb2 (diff) | |
more refactors & outsource some things (#477)
* tree-wide: drop flake-parts
* drop nixinate
* justfile: cleanup
* drop treefmt-nix
* doc: update READMEs
* flake: cleanup
* seth: don't use `./.`
* modules/nixos,darwin: bundle all modules
They all depend on each other anyways so
* systems: manually import internal modules
* seth: use riff module from nix-exprs
* flake: back to flake-parts
* Revert "flake: back to flake-parts"
This reverts commit 35334882f7c0c23991a4efd65ea08b216006b2b0.
Saving the last commit so I can go back if I want
* flake: use lib.const
this looks better...right?
* flake: declare systems like a normal person
Diffstat (limited to 'ext/terranix/cloudflare/dns.nix')
| -rw-r--r-- | ext/terranix/cloudflare/dns.nix | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/ext/terranix/cloudflare/dns.nix b/ext/terranix/cloudflare/dns.nix deleted file mode 100644 index 335562d..0000000 --- a/ext/terranix/cloudflare/dns.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ lib, ... }: -let - mkRecord = - { - name, - content, - type, - zone_id, - }: - { - inherit - name - content - type - zone_id - ; - ttl = 1; - } - // lib.optionalAttrs (type != "TXT") { proxied = true; }; - - zones = { - getchoo_com = lib.tfRef "var.getchoo_com_zone_id"; - }; - inherit (zones) getchoo_com; - - atlas_tunnel = - lib.tfRef "data.cloudflare_zero_trust_tunnel_cloudflared.atlas-nginx.id" + ".cfargotunnel.com"; - - pagesSubdomainFor = project: lib.tfRef "resource.cloudflare_pages_project.${project}.subdomain"; - blockEmailSpoofingFor = - domain: - let - zone_id = zones.${domain}; - in - { - "${domain}_dmarc" = { - name = "_dmarc"; - content = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"; - type = "TXT"; - inherit zone_id; - }; - - "${domain}_domainkey" = { - name = "*._domainkey"; - content = "v=DKIM1; p="; - type = "TXT"; - inherit zone_id; - }; - - "${domain}_email" = { - name = "@"; - content = "v=spf1 -all"; - type = "TXT"; - inherit zone_id; - }; - }; -in -{ - resource.cloudflare_zone_dnssec = { - getchoo_com_dnssec = { - zone_id = getchoo_com; - }; - }; - - resource.cloudflare_record = - lib.mapAttrs (_: mkRecord) { - getchoo_com_website = { - name = "@"; - content = pagesSubdomainFor "personal_website"; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_www = { - name = "www"; - content = "getchoo.com"; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_api = { - name = "api"; - content = pagesSubdomainFor "teawie_api"; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_miniflux = { - name = "miniflux"; - content = atlas_tunnel; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_git = { - name = "git"; - content = atlas_tunnel; - type = "CNAME"; - zone_id = getchoo_com; - }; - - getchoo_com_keyoxide = { - name = "@"; - content = "$argon2id$v=19$m=512,t=256,p=1$AlA6W5fP7J14zMsw0W5KFQ$EQz/NCE0/TQpE64r2Eo/yOpjtMZ9WXevHsv3YYP7CXg"; - type = "TXT"; - zone_id = getchoo_com; - }; - } - // blockEmailSpoofingFor "getchoo_com"; -} |