// @ts-check /// // Helpers /** * @param {object} record * @param {string[]} [record.alpn] * @param {string[]} [record.ipv4hint] * @param {string[]} [record.ipv6hint] */ function https(record) { return Object.keys(record) .map(function (key) { return [key, record[key].join(',')].join('=') }) .join(' ') } /** * @param {string} name */ function fly(name) { // prettier-ignore return [ ALIAS(name, 'alanpearce-eu.fly.dev.'), HTTPS(name, 1, '.', https({ alpn: ['h2'] })) ] } /** * @param {string} domain * @param {string} verification * @param {string[]} [extras] */ function iCloudMail(domain, verification, extras) { if (extras == null) { extras = [] } return [ MX('@', 10, 'mx01.mail.icloud.com.'), MX('@', 10, 'mx02.mail.icloud.com.'), TXT('@', 'apple-domain=' + verification), SPF_BUILDER({ parts: ['v=spf1'].concat(extras).concat('include:icloud.com', '-all'), }), CNAME('sig1._domainkey', 'sig1.dkim.' + domain + '.at.icloudmailadmin.com.'), ] } /** * @param {string[]} sources * @param {string} target */ function bulkCNAME(sources, target) { return sources.map(function (source) { return CNAME(source, target) }) } /** * @param {string} subdomain */ function acme(subdomain) { return CNAME('_acme-challenge', subdomain + '.acme.alanpearce.eu.') } var nameserversHE = [ NAMESERVER('ns1.he.net.'), NAMESERVER('ns2.he.net.'), NAMESERVER('ns3.he.net.'), NAMESERVER('ns4.he.net.'), NAMESERVER('ns5.he.net.'), ] var acmeLetsEncrypt = [ CAA_BUILDER({ iodef: 'mailto:alan@alanpearce.eu', issue: ['letsencrypt.org'], issuewild: ['letsencrypt.org'], }), ] var websiteHosting = [fly('@'), acme('6b17e53d-6090-4820-a557-51ee3324f38c')] // Providers: var RegistrarNone = NewRegistrar('none') var RegistrarOVH = NewRegistrar('ovh') var PowerDNS = NewDnsProvider('powerdns') // Domains: DEFAULTS(DefaultTTL('1d'), NAMESERVER_TTL('1d')) D( 'alanpearce.eu', RegistrarOVH, DnsProvider(PowerDNS), nameserversHE, acmeLetsEncrypt, websiteHosting, fly('www'), // prettier-ignore bulkCNAME([ 'binarycache', 'ci', 'dns', 'files', 'git', 'go', 'id', 'legit', 'ntfy', 'pdns', 'stats', 'test', ], 'linde'), CNAME('*.stats', 'linde'), // bluesky TXT('_atproto', 'did=did:plc:exkgyiknwmakcrbmebvk34do'), CNAME('searchix', 'searchix.vercel.app.'), CNAME('zola-bearblog', 'zola-bearblog.netlify.app.'), CNAME('home', 'nanopi'), IGNORE('nanopi', 'A,AAAA'), SSHFP('nanopi', 4, 2, '87383955296887ec069cfd2b41b556614918c2347306c5ef526f5306ad3e2dc7'), SSHFP('nanopi', 4, 1, '9401664debcab758c9450ac65070f7cd0be6de64'), SSHFP('nanopi', 3, 2, '5216e600a267675b4615c8a595323c455e8db8007d3bf01cd408166941019e38'), SSHFP('nanopi', 3, 1, '09f0ec4751014d32c32c7d67c1127be3306a1baf'), SSHFP('nanopi', 1, 2, 'ed6e750de7f6ddaa338f73c4140f0bd0d54711706986925bb8890a96abea1bc6'), SSHFP('nanopi', 1, 1, '90bee798b3a7fe8aeb7e84ee7717b04edb0b197d'), A('linde', '116.203.248.56'), AAAA('linde', '2a01:4f8:c012:23a4::1'), HTTPS('linde', 1, '.', 'alpn=h3,h2'), SSHFP('linde', 1, 1, 'ef6691558281a88b874ac41cf7c14d31209e64bc'), SSHFP('linde', 1, 2, '5d1b6ecff5dd5c624ee662eb1684c3c9e42f9a138aa938ba8d018fbc5cf628de'), SSHFP('linde', 4, 1, 'ec773b94dec19f70cb6df7c78df0229a6fbe9666'), SSHFP('linde', 4, 2, '72f576b32b5c2d16312574182b028671fa39c8bab03d802fae04eb7f649d2570'), CNAME('*.linde', 'linde'), AAAA('acme', '2a01:4f8:c012:23a4::715'), NS('acme', 'acme'), iCloudMail('alanpearce.eu', 'anzQe301nq7grixH', ['a:linde.alanpearce.eu']), DMARC_BUILDER({ policy: 'reject', percent: 100, subdomainPolicy: 'reject', rua: ['mailto:re+xkh82ketimo@dmarc.postmarkapp.com'], alignmentSPF: 'r', }) ) D( 'alanpearce.uk', RegistrarOVH, DnsProvider(PowerDNS), acmeLetsEncrypt, websiteHosting, fly('www'), iCloudMail('alanpearce.uk', 'BNdyqalwDX8kwF6k'), DMARC_BUILDER({ policy: 'reject', percent: 100, subdomainPolicy: 'reject', rua: ['mailto:re+kef20qlkynz@dmarc.postmarkapp.com'], alignmentSPF: 'r', }), nameserversHE ) D( 'aln.pe', RegistrarNone, DnsProvider(PowerDNS), DefaultTTL(86400), NAMESERVER_TTL(86400), acmeLetsEncrypt, websiteHosting, SPF_BUILDER({ parts: ['v=spf1', '-all'], }), CNAME('*', 'alanpearce.eu.'), nameserversHE )