blob: c3372cf7a10464502dbee4a54ea4bb16cebe44b4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
{lib, ...}: let
mkRecord = {
name,
value,
type,
zone_id,
}:
{
inherit name value type zone_id;
ttl = 1;
}
// lib.optionalAttrs (type != "TXT") {proxied = true;};
zones = {
mydadleft_me = lib.tfRef "var.mydadleft_me_zone_id";
getchoo_com = lib.tfRef "var.getchoo_com_zone_id";
};
inherit
(zones)
mydadleft_me
getchoo_com
;
atlas_tunnel = lib.tfRef "data.cloudflare_tunnel.atlas-nginx.id" + ".cfargotunnel.com";
blockEmailSpoofingFor = domain: let
zone_id = zones.${domain};
in {
"${domain}_dmarc" = {
name = "_dmarc";
value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;";
type = "TXT";
inherit zone_id;
};
"${domain}_domainkey" = {
name = "*._domainkey";
value = "v=DKIM1; p=";
type = "TXT";
inherit zone_id;
};
"${domain}_email" = {
name = "@";
value = "v=spf1 -all";
type = "TXT";
inherit zone_id;
};
};
in {
resource.cloudflare_zone_dnssec = {
mydadleft_me_dnssec = {
zone_id = mydadleft_me;
};
getchoo_com_dnssec = {
zone_id = getchoo_com;
};
};
resource.cloudflare_record =
lib.mapAttrs (_: mkRecord) {
getchoo_com_website = {
name = "@";
value = "website-86j.pages.dev";
type = "CNAME";
zone_id = getchoo_com;
};
getchoo_com_www = {
name = "www";
value = "getchoo.com";
type = "CNAME";
zone_id = getchoo_com;
};
getchoo_com_api = {
name = "api";
value = "teawieapi.pages.dev";
type = "CNAME";
zone_id = getchoo_com;
};
getchoo_com_miniflux = {
name = "miniflux";
value = atlas_tunnel;
type = "CNAME";
zone_id = getchoo_com;
};
getchoo_com_keyoxide = {
name = "@";
value = "$argon2id$v=19$m=512,t=256,p=1$AlA6W5fP7J14zMsw0W5KFQ$EQz/NCE0/TQpE64r2Eo/yOpjtMZ9WXevHsv3YYP7CXg";
type = "TXT";
zone_id = getchoo_com;
};
mydadleft_me_website = {
name = "@";
value = "website-86j.pages.dev";
type = "CNAME";
zone_id = mydadleft_me;
};
mydadleft_me_keyoxide = {
name = "@";
value = "$argon2id$v=19$m=512,t=256,p=1$AlA6W5fP7J14zMsw0W5KFQ$EQz/NCE0/TQpE64r2Eo/yOpjtMZ9WXevHsv3YYP7CXg";
type = "TXT";
zone_id = mydadleft_me;
};
mydadleft_me_www = {
name = "www";
value = "mydadleft.me";
type = "CNAME";
zone_id = mydadleft_me;
};
mydadleft_me_api = {
name = "api";
value = "teawieapi.pages.dev";
type = "CNAME";
zone_id = mydadleft_me;
};
mydadleft_me_miniflux = {
name = "miniflux";
value = atlas_tunnel;
type = "CNAME";
zone_id = mydadleft_me;
};
}
// blockEmailSpoofingFor "mydadleft_me"
// blockEmailSpoofingFor "getchoo_com";
}
|
