// @ts-check /// // Helpers /** * @param {object} record * @param {string[]} [record.alpn] * @param {string[]} [record.ipv4hint] * @param {string[]} [record.ipv6hint] */ function https(record) { return Object.keys(record) .map(function (key) { return [key, record[key].join(',')].join('=') }) .join(' ') } // Fast, but no IPv6 support in 2024 var vercelIPv4A = '76.76.21.241' var vercelIPv4B = '76.76.21.98' // A bit slower but at least IPv6 is supported var netlifyIPv4A = '75.2.60.5' var netlifyIPv4B = '99.83.231.61' var netlifyIPv6A = '2a05:d014:275:cb01::c8' var netlifyIPv6B = '2a05:d014:275:cb00::c8' /** * @param {string} name */ function vercelv4Netlifyv6(name) { return [ A(name, vercelIPv4A), A(name, vercelIPv4B), AAAA(name, netlifyIPv6A), AAAA(name, netlifyIPv6B), // neither vercel nor netlify support HTTP/3 yet HTTPS(name, 1, '.', https({ alpn: ['h2'] })), ] } /** * @param {string} domain * @param {string} verification */ function iCloudMail(domain, verification) { return [ MX('@', 10, 'mx01.mail.icloud.com.'), MX('@', 10, 'mx02.mail.icloud.com.'), TXT('@', 'apple-domain=' + verification), SPF_BUILDER({ parts: ['v=spf1', 'redirect=icloud.com'], }), CNAME('sig1._domainkey', 'sig1.dkim.' + domain + '.at.icloudmailadmin.com.'), ] } /** * @param {string[]} sources * @param {string} target */ function bulkCNAME(sources, target) { return sources.map(function (source) { return CNAME(source, target) }) } var nameserversHE = [ NAMESERVER('ns1.he.net.'), NAMESERVER('ns2.he.net.'), NAMESERVER('ns3.he.net.'), NAMESERVER('ns4.he.net.'), NAMESERVER('ns5.he.net.'), ] var acmeLetsEncrypt = [ CAA_BUILDER({ iodef: 'mailto:alan@alanpearce.eu', issue: ['letsencrypt.org'], issuewild: ['letsencrypt.org'], }), IGNORE('_acme-challenge', 'TXT'), IGNORE('_acme-challenge.**', 'TXT'), ] var websiteHosting = [vercelv4Netlifyv6('@'), vercelv4Netlifyv6('www')] // Providers: var RegistrarNone = NewRegistrar('none') var RegistrarOVH = NewRegistrar('ovh') var PowerDNS = NewDnsProvider('powerdns') // Domains: DEFAULTS(DefaultTTL('1d'), NAMESERVER_TTL('1d')) D( 'alanpearce.eu', RegistrarOVH, DnsProvider(PowerDNS), nameserversHE, acmeLetsEncrypt, websiteHosting, // prettier-ignore bulkCNAME([ 'binarycache', 'ci', 'dns', 'files', 'git', 'id', 'legit', 'ntfy', 'pdns', 'test', ], 'linde'), // bluesky TXT('_atproto', 'did=did:plc:exkgyiknwmakcrbmebvk34do'), CNAME('searchix', 'searchix.vercel.app.'), CNAME('zola-bearblog', 'zola-bearblog.netlify.app.'), CNAME('home', 'nanopi'), IGNORE('nanopi', 'A,AAAA'), SSHFP('nanopi', 4, 2, '87383955296887ec069cfd2b41b556614918c2347306c5ef526f5306ad3e2dc7'), SSHFP('nanopi', 4, 1, '9401664debcab758c9450ac65070f7cd0be6de64'), SSHFP('nanopi', 3, 2, '5216e600a267675b4615c8a595323c455e8db8007d3bf01cd408166941019e38'), SSHFP('nanopi', 3, 1, '09f0ec4751014d32c32c7d67c1127be3306a1baf'), SSHFP('nanopi', 1, 2, 'ed6e750de7f6ddaa338f73c4140f0bd0d54711706986925bb8890a96abea1bc6'), SSHFP('nanopi', 1, 1, '90bee798b3a7fe8aeb7e84ee7717b04edb0b197d'), A('linde', '116.203.248.56'), AAAA('linde', '2a01:4f8:c012:23a4::1'), HTTPS('linde', 1, '.', 'alpn=h3,h2'), SSHFP('linde', 1, 1, 'ef6691558281a88b874ac41cf7c14d31209e64bc'), SSHFP('linde', 1, 2, '5d1b6ecff5dd5c624ee662eb1684c3c9e42f9a138aa938ba8d018fbc5cf628de'), SSHFP('linde', 4, 1, 'ec773b94dec19f70cb6df7c78df0229a6fbe9666'), SSHFP('linde', 4, 2, '72f576b32b5c2d16312574182b028671fa39c8bab03d802fae04eb7f649d2570'), CNAME('*.linde', 'linde'), iCloudMail('alanpearce.eu', 'anzQe301nq7grixH'), DMARC_BUILDER({ policy: 'reject', percent: 100, subdomainPolicy: 'reject', rua: ['mailto:re+xkh82ketimo@dmarc.postmarkapp.com'], alignmentSPF: 'r', }) ) D( 'alanpearce.uk', RegistrarOVH, DnsProvider(PowerDNS), acmeLetsEncrypt, websiteHosting, iCloudMail('alanpearce.uk', 'BNdyqalwDX8kwF6k'), DMARC_BUILDER({ policy: 'reject', percent: 100, subdomainPolicy: 'reject', rua: ['mailto:re+kef20qlkynz@dmarc.postmarkapp.com'], alignmentSPF: 'r', }), nameserversHE ) D( 'aln.pe', RegistrarNone, DnsProvider(PowerDNS), DefaultTTL(86400), NAMESERVER_TTL(86400), acmeLetsEncrypt, websiteHosting, SPF_BUILDER({ parts: ['v=spf1', '-all'], }), DNAME('@', 'alanpearce.eu.'), nameserversHE )