Migrate dns part

2024-09-25 01:10:59 +02:00 · 2024-09-25 01:10:59 +02:00 · 344710e831
commit 344710e831
12 changed files with 377 additions and 0 deletions
--- a/dns/default_records.js
+++ b/dns/default_records.js
@ -0,0 +1,40 @@
+
+function mx_default(dkim) {
+	return [
+		CNAME("autoconfig", "mail.serguzim.me."),
+		CNAME("autodiscover", "mail.serguzim.me."),
+		SRV("_autodiscover._tcp", 1, 1, 443, "mail.serguzim.me."),
+
+		TXT("@", "v=spf1 mx -all"),
+		TXT("mail-ses", "v=spf1 include:amazonses.com -all"),
+
+		TXT("_dmarc", "v=DMARC1; p=quarantine; rua=mailto:dmarcreports@serguzim.me; ruf=mailto:dmarcreports@serguzim.me; rf=afrf; sp=quarantine; fo=1; pct=100; ri=604800; adkim=r; aspf=r"),
+		TXT("dkim._domainkey", "v=DKIM1; k=rsa; t=s; s=email; p=" + dkim),
+
+		TLSA("_25._tcp", 3, 1, 1, "e66a608a3ec459bda7fb1f2d500b8abeb78f2910f26641204b6bc454b8aa2a49"),
+
+		MX("@", 10, "mail.serguzim.me."),
+		MX("*", 10, "mail.serguzim.me."),
+		MX("mail-ses", 10, "feedback-smtp.eu-north-1.amazonses.com.")
+	];
+}
+
+function pgp_verify() {
+	return TXT("@", "openpgp4fpr:723B78C0BF8D8C721D2C4EEF41E544A54E2533B2");
+}
+
+function all_defaults(domain, add_pgp) {
+	var result = [
+		collect_services(domain),
+	];
+
+	if (add_pgp) {
+		result.push(pgp_verify());
+	}
+
+	if (dkim[domain]) {
+		result.push(mx_default(dkim[domain]));
+	}
+
+	return result;
+}
--- a/dns/dkim.json
+++ b/dns/dkim.json
@ -0,0 +1,7 @@
+{
+	"serguzim.me": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZGmMeVFSFu9fIpp22JYMtYGlSdvZQXZOhQGL4beHiOm2uoor7wL/2vrwVBuE87xNFD1Rd/wPOOPUrejAf5RvQUOptOtL+yJPlu/LJPsa3RAEeerXjWaIYPgD47DEUW1ibFHgP66j8e5wh0dB8fzvcMpl/yCCBoO7G+4eowmGJcwIDAQAB",
+	"msrg.cc": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVhsx0fUgWdV9q/93cmnWZCkvcyT/qLLgbUaFof1VrjIANyCNMFo0FgBQNJ60AOxh8SMfJcybhR5ArtriUC1cxnWhk428SmKqgDNzR+CDP1/9/lF3TlLVzzgALu+8XFzlnvrVFZtSORgvYW9bvyT2RbGY+2qYlUWqtxeqC3QlrqQIDAQAB",
+	"msvg.cc": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrqMTg7H2Y54TjTsPV0HaysIZ6yRrnk1rBoIQ6x+MS+WqFdjVFyPdemdQh8T7D5dSM7uoSOicxYA8a9XuMJvYfQgHm7JX3WUQkotOMMGhjDmtc7om+cpQPB2seYZr0weT9ImHKPrL+3d987GCq8ia2Zj/fxmAoB5tAA6Mme1/63+ARHfM5yEFPefr3brDojN5QFLivtp9FXfkEjZfn6OIfS15lak/JqdbaF98GCRR/GEYn1UWfpH8nmMSVEhq/IueGsDc0Q+2hG6ey4HLGHBjdYRvr+qtvviYMB87iy+NA77kd7KddnmLqiOktdMJL7X/gEQjnd0+qPPTtqsLcn+TQIDAQAB",
+
+	"reitanlage-oranienburg.de": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZIA9DOxg5vLg5RZG6b6G6MI2mv4tRiHfRd8lDJZg9gI6DdYGibznw9ljYktcJruWPwTHPz7dr/YgKuzzqOTWBsdfsi4yVQywGsbEfbx/kSbHMMUsxhrDBC1wMAf1G+c2DbmixBLhmFyyY74ekOsWjPRMd/CpPMKQhOyzj/TSMwIDAQAB"
+}
--- a/dns/functions.js
+++ b/dns/functions.js
@ -0,0 +1,64 @@
+function service(target, domain, host, alias) {
+	return {
+		target: target,
+		domain: domain,
+		host: hosts[host],
+		alias: alias,
+		record: function() {
+			return my_host_record(this.target, this.resolve_host());
+		},
+		resolve_host: function() {
+			if (this.alias) {
+				return services[this.alias].resolve_host();
+			}
+			return this.host;
+		}
+	};
+}
+
+function collect_services(domain) {
+	var result = [];
+	for (var key in services) {
+		var s = services[key];
+		if (s.domain == domain) {
+			result.push(s.record());
+		}
+	}
+	return result;
+}
+
+function my_host_record(target, host) {
+	return [
+		A(target, host.ipv4_address),
+		AAAA(target, host.ipv6_address)
+	];
+}
+
+function verify_amazon_ses(dkims) {
+	var result = [];
+	for (var i in dkims) {
+		var my_dkim = dkims[i] + "._domainkey";
+		var ses_dkim = dkims[i] + ".dkim.amazonses.com.";
+		result.push(CNAME(my_dkim, ses_dkim));
+	}
+	return result;
+}
+
+function acme_challenge(subd, target) {
+	var final_subd = "_acme-challenge";
+	if (subd) {
+		final_subd += "." + subd;
+	}
+
+	final_target = target + ".acme.serguzim.me.";
+
+	return CNAME(final_subd, final_target);
+}
+
+function verify_dmarc_reports(domains) {
+	var result = [];
+	for (d in domains) {
+		result.push(TXT(d + "._report._dmarc", "v=DMARC1"));
+	}
+	return result;
+}
--- a/dns/services.json
+++ b/dns/services.json
@ -0,0 +1,79 @@
+{
+	"*": {
+		"target": "*",
+		"domain": "serguzim.me",
+		"host": "node002"
+	},
+	"coder": {
+		"target": "coder",
+		"domain": "serguzim.me",
+		"host": "node002"
+	},
+	"coder-wildcard": {
+		"target": "*.coder",
+		"domain": "serguzim.me",
+		"alias": "coder"
+	},
+	"faas": {
+		"target": "faas",
+		"domain": "serguzim.me",
+		"host": "node002"
+	},
+	"mail": {
+		"target": "mail",
+		"domain": "serguzim.me",
+		"host": "node003"
+	},
+	"matrix": {
+		"target": "matrix",
+		"domain": "serguzim.me",
+		"host": "node002"
+	},
+	"registry": {
+		"target": "registry",
+		"domain": "serguzim.me",
+		"host": "node002"
+	},
+	"s3": {
+		"target": "s3",
+		"domain": "serguzim.me",
+		"host": "node002"
+	},
+	"s3-console": {
+		"target": "console.s3",
+		"domain": "serguzim.me",
+		"alias": "s3"
+	},
+	"serguzim.me": {
+		"target": "@",
+		"domain": "serguzim.me",
+		"alias": "faas"
+	},
+
+	"matrix_msrg": {
+		"target": "matrix",
+		"domain": "msrg.cc",
+		"alias": "matrix"
+	},
+	"link": {
+		"target": "@",
+		"domain": "msrg.cc",
+		"host": "node002"
+	},
+	"link_msvg": {
+		"target": "@",
+		"domain": "msvg.cc",
+		"alias": "link"
+	},
+
+	"reitanlage": {
+		"target": "@",
+		"domain": "reitanlage-oranienburg.de",
+		"host": "node002"
+	},
+	"reitanlage_www": {
+		"target": "www",
+		"domain": "reitanlage-oranienburg.de",
+		"alias": "reitanlage"
+	}
+}