blob: 4da90ababb5398ec9dc57efd205228b54e4f9fcd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
{lib, ...}: let
mkRecord = {
name,
value,
type,
zone_id,
}:
{
inherit name value type zone_id;
ttl = 1;
}
// lib.optionalAttrs (type != "TXT") {proxied = true;};
zones = {
getchoo_com = lib.tfRef "var.getchoo_com_zone_id";
};
inherit
(zones)
getchoo_com
;
atlas_tunnel = lib.tfRef "data.cloudflare_tunnel.atlas-nginx.id" + ".cfargotunnel.com";
pagesSubdomainFor = project: lib.tfRef "resource.cloudflare_pages_project.${project}.subdomain";
blockEmailSpoofingFor = domain: let
zone_id = zones.${domain};
in {
"${domain}_dmarc" = {
name = "_dmarc";
value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;";
type = "TXT";
inherit zone_id;
};
"${domain}_domainkey" = {
name = "*._domainkey";
value = "v=DKIM1; p=";
type = "TXT";
inherit zone_id;
};
"${domain}_email" = {
name = "@";
value = "v=spf1 -all";
type = "TXT";
inherit zone_id;
};
};
in {
resource.cloudflare_zone_dnssec = {
getchoo_com_dnssec = {
zone_id = getchoo_com;
};
};
resource.cloudflare_record =
lib.mapAttrs (_: mkRecord) {
getchoo_com_website = {
name = "@";
value = pagesSubdomainFor "personal_website";
type = "CNAME";
zone_id = getchoo_com;
};
getchoo_com_www = {
name = "www";
value = "getchoo.com";
type = "CNAME";
zone_id = getchoo_com;
};
getchoo_com_api = {
name = "api";
value = pagesSubdomainFor "teawie_api";
type = "CNAME";
zone_id = getchoo_com;
};
getchoo_com_miniflux = {
name = "miniflux";
value = atlas_tunnel;
type = "CNAME";
zone_id = getchoo_com;
};
getchoo_com_keyoxide = {
name = "@";
value = "$argon2id$v=19$m=512,t=256,p=1$AlA6W5fP7J14zMsw0W5KFQ$EQz/NCE0/TQpE64r2Eo/yOpjtMZ9WXevHsv3YYP7CXg";
type = "TXT";
zone_id = getchoo_com;
};
}
// blockEmailSpoofingFor "getchoo_com";
}
|
