Merge pull request #14 from mhutter/v2

V2
mhutter · Jul 2, 2024 · 8f080d8 · 8f080d8
2 parents e85ab27 + 337961d
commit 8f080d8
Show file tree

Hide file tree

Showing 17 changed files with 153 additions and 103 deletions.
diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml
@@ -7,14 +7,15 @@ jobs:
   preview:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: DNSControl preview
-        uses: koenrh/dnscontrol-action@v3
+        uses: wblondel/dnscontrol-action@v4.11
         id: dnscontrol_preview
         env:
           CLOUDFLARE_APITOKEN: ${{ secrets.CLOUDFLARE_APITOKEN }}
-          GANDI_APIKEY: ${{ secrets.GANDI_APIKEY }}
+          PORKBUN_API_KEY: ${{ secrets.PORKBUN_API_KEY }}
+          PORKBUN_SECRET_KEY: ${{ secrets.PORKBUN_SECRET_KEY }}
         with:
           args: preview
 

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -10,12 +10,14 @@ jobs:
   push:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: DNSControl push
-        uses: koenrh/dnscontrol-action@v3
+        uses: wblondel/[email protected]
+        id: dnscontrol_preview
         env:
           CLOUDFLARE_APITOKEN: ${{ secrets.CLOUDFLARE_APITOKEN }}
-          GANDI_APIKEY: ${{ secrets.GANDI_APIKEY }}
+          PORKBUN_API_KEY: ${{ secrets.PORKBUN_API_KEY }}
+          PORKBUN_SECRET_KEY: ${{ secrets.PORKBUN_SECRET_KEY }}
         with:
           args: push
diff --git a/.prettierrc.toml b/.prettierrc.toml
@@ -0,0 +1,6 @@
+tabWidth = 2
+singleQuote = true
+
+# DNSControl specifics
+trailingComma = "none"
+singleAttributePerLine = false
diff --git a/README.txt b/README.txt
@@ -9,4 +9,5 @@ Documentation
 Language Reference: https://docs.dnscontrol.org/language-reference/js
 
 Providers:
-  Cloudflare: https://docs.dnscontrol.org/service-providers/providers/cloudflareapi
+  Cloudflare: https://docs.dnscontrol.org/provider/cloudflareapi
+  Porkbun: https://docs.dnscontrol.org/provider/porkbun
diff --git a/creds.json b/creds.json
@@ -1,11 +1,11 @@
 {
+  "cloudflare": {
+    "TYPE": "CLOUDFLAREAPI",
+    "apitoken": "$CLOUDFLARE_APITOKEN"
+  },
   "porkbun": {
     "TYPE": "PORKBUN",
     "api_key": "$PORKBUN_API_KEY",
     "secret_key": "$PORKBUN_SECRET_KEY"
-  },
-  "cloudflare": {
-    "TYPE": "CLOUDFLAREAPI",
-    "apitoken": "$CLOUDFLARE_APITOKEN"
   }
 }
diff --git a/dnsconfig.js b/dnsconfig.js
@@ -1,22 +1,61 @@
-// Providers
+// Registrars
 var REG_NONE = NewRegistrar('none');
-var DNS_CF = NewDnsProvider('cloudflare', {'manage_redirects': true});
-var DNS_PB = NewDnsProvider("porkbun");
-DEFAULTS(
-  DnsProvider(DNS_CF),
-  CF_PROXY_DEFAULT_OFF
-);
-
-// Templates
-var GANDI_MX = [
-  MX('@', 10, 'spool.mail.gandi.net.'),
-  MX('@', 50, 'fb.mail.gandi.net.'),
-  TXT('@', 'v=spf1 include:_mailcust.gandi.net ?all'),
-];
-
-// IPs
+var REG_PORKBUN = NewRegistrar('porkbun');
+
+// DNS providers
+var DNS_CLOUDFLARE = NewDnsProvider('cloudflare', { manage_redirects: true });
+var DNS_PORKBUN = NewDnsProvider('porkbun');
+
+// Helpers
 var RHEA_A = '116.202.233.38';
 var RHEA_AAAA = '2a01:4f8:241:4c27::1';
 
-// Zones
+function PROTONMAIL(verification, domainkey) {
+  return [
+    // Verification
+    TXT('@', 'protonmail-verification=' + verification),
+
+    // MX records
+    MX('@', 10, 'mail.protonmail.ch.'),
+    MX('@', 20, 'mailsec.protonmail.ch.'),
+
+    // SPF
+    TXT('@', 'v=spf1 include:_spf.protonmail.ch ~all'),
+
+    // DKIM
+    CNAME(
+      'protonmail._domainkey',
+      'protonmail.domainkey.' + domainkey + '.domains.proton.ch.'
+    ),
+    CNAME(
+      'protonmail2._domainkey',
+      'protonmail2.domainkey.' + domainkey + '.domains.proton.ch.'
+    ),
+    CNAME(
+      'protonmail3._domainkey',
+      'protonmail3.domainkey.' + domainkey + '.domains.proton.ch.'
+    ),
+
+    // DMARC
+    TXT('_dmarc', 'v=DMARC1; p=quarantine')
+  ];
+}
+
+function SENDGRID(domain) {
+  return [
+    // Verification
+    CNAME(domain, 'u22452480.wl231.sendgrid.net.'),
+
+    // SPF
+    TXT('@', 'v=spf1 include:sendgrid.net -all'),
+
+    // DKIM
+    CNAME('s1._domainkey', 's1.domainkey.u22452480.wl231.sendgrid.net.'),
+    CNAME('s2._domainkey', 's2.domainkey.u22452480.wl231.sendgrid.net.'),
+
+    // DMARC
+    TXT('_dmarc', 'v=DMARC1; p=quarantine;')
+  ];
+}
+
 require_glob('./zones/');
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -1,5 +1,7 @@
 {
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  # Lock dnscontrol to < v4.12 until a fix for #3016 is released (v4.12.2?)
+  # https://github.com/StackExchange/dnscontrol/issues/3016
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs?rev=78fde8eb6016e101554f01899f07f2ff3bfd6c55";
   outputs = { self, nixpkgs }:
     let
       system = "x86_64-linux";

diff --git a/renovate.json b/renovate.json
@@ -1,5 +1,4 @@
 {
-  "extends": [
-    "config:base"
-  ]
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["local>mhutter/.github:renovate-config", ":automergePatch"]
 }
diff --git a/zones/hutter.io.js b/zones/hutter.io.js
@@ -1,16 +1,16 @@
-D('hutter.io', REG_NONE,
-  ALIAS('@', 'mhu-dev.pages.dev.', CF_PROXY_ON),
-  CNAME('www', '@', CF_PROXY_ON),
+D(
+  'hutter.io',
+  REG_PORKBUN,
+  DnsProvider(DNS_PORKBUN),
 
   // Mail
-  MX('@', 10, 'in1-smtp.messagingengine.com.'),
-  MX('@', 20, 'in2-smtp.messagingengine.com.'),
-  CNAME('fm1._domainkey', 'fm1.hutter.io.dkim.fmhosted.com.'),
-  CNAME('fm2._domainkey', 'fm2.hutter.io.dkim.fmhosted.com.'),
-  CNAME('fm3._domainkey', 'fm3.hutter.io.dkim.fmhosted.com.'),
-  TXT('@', 'v=spf1 include:spf.messagingengine.com ?all'),
+  PROTONMAIL(
+    '4772488bb32d7e1f190fcaf885ba14658ba34612',
+    'dicpqgsjgs3pqp6vlr6lau3zio23chtdzcgdmy4bxn7krq7d6saoq'
+  ),
 
-  // Redirects
-  CF_REDIRECT('hutter.io/*', 'https://mhu.dev/$1'),
-  CF_REDIRECT('www.hutter.io/*', 'https://mhu.dev/$1')
+  // Web redirect
+  CNAME('www', 'mhu.dev.'),
+
+  END
 );
diff --git a/zones/izibizi.js b/zones/izibizi.js
diff --git a/zones/mhnet.app.js b/zones/mhnet.app.js
@@ -1,13 +1,13 @@
-D('mhnet.app', REG_NONE,
+D(
+  'mhnet.app',
+  REG_PORKBUN,
+  DnsProvider(DNS_PORKBUN),
+
+  // Presets
+  SENDGRID('em6609'),
+
   A('*', RHEA_A),
   AAAA('*', RHEA_AAAA),
 
-  // Sendgrid
-  CNAME('em6609', 'u22452480.wl231.sendgrid.net.'),
-  CNAME('s1._domainkey', 's1.domainkey.u22452480.wl231.sendgrid.net.'),
-  CNAME('s2._domainkey', 's2.domainkey.u22452480.wl231.sendgrid.net.'),
-  TXT('_dmarc', 'v=DMARC1; p=none;'),
-
-  // CAA
-  CAA('@', 'issue', 'letsencrypt.org')
+  END
 );
diff --git a/zones/mhnet.dev.js b/zones/mhnet.dev.js
@@ -1,21 +1,17 @@
-D('mhnet.dev', REG_NONE,
-  // Rhea
-  A('rhea', RHEA_A),
-  AAAA('rhea', RHEA_AAAA),
+D(
+  'mhnet.dev',
+  REG_PORKBUN,
+  DnsProvider(DNS_PORKBUN),
 
-  // Testing
-  CNAME('appuio', 'cname.cloudscale-lpg-2.appuio.cloud.'),
+  // Presets
+  SENDGRID('em5597'),
 
-  // Sendgrid
-  CNAME('em5597', 'u22452480.wl231.sendgrid.net.'),
-  CNAME('s1._domainkey', 's1.domainkey.u22452480.wl231.sendgrid.net.'),
-  CNAME('s2._domainkey', 's2.domainkey.u22452480.wl231.sendgrid.net.'),
+  A('rhea', RHEA_A),
+  AAAA('rhea', RHEA_AAAA),
 
-  // Mail
-  TXT('_dmarc', 'v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;'),
-  TXT('*._domainkey', 'v=DKIM1; p='),
-  TXT('@', 'v=spf1 -all'),
+  // k3s LB
+  A('*', '49.12.21.173'),
+  AAAA('*', '2a01:4f8:c01e:2b8::1'),
 
-  // CAA
-  CAA('@', 'issue', 'letsencrypt.org')
+  END
 );
diff --git a/zones/mhu.dev.js b/zones/mhu.dev.js
@@ -1,15 +1,19 @@
-D('mhu.dev', REG_NONE,
+D(
+  'mhu.dev',
+  REG_NONE,
+  DnsProvider(DNS_CLOUDFLARE),
+
   ALIAS('@', 'mhu-dev.pages.dev.', CF_PROXY_ON),
   CNAME('www', '@', CF_PROXY_ON),
 
-  // K3s cluster
-  A('*', '142.132.241.164'),
-  AAAA('*', '2a01:4f8:c01e:373::1'),
-
-
   // Verifications
-  TXT('@', 'keybase-site-verification=botR69lNhVxiuwNAtCVRefDHgZauZaH7XdFfTIlnZkA'),
+  TXT(
+    '@',
+    'keybase-site-verification=botR69lNhVxiuwNAtCVRefDHgZauZaH7XdFfTIlnZkA'
+  ),
 
   // Redirects
-  CF_REDIRECT('www.mhu.dev/*', 'https://mhu.dev/$1')
+  CF_REDIRECT('www.mhu.dev/*', 'https://mhu.dev/$1'),
+
+  END
 );
diff --git a/zones/mhutter.net.js b/zones/mhutter.net.js
@@ -1,9 +1,16 @@
-D('mhutter.net', REG_NONE, DnsProvider(DNS_PB),
+D(
+  'mhutter.net',
+  REG_PORKBUN,
+  DnsProvider(DNS_PORKBUN),
+
   // Mail
-  MX('@', 10, 'in1-smtp.messagingengine.com.'),
-  MX('@', 20, 'in2-smtp.messagingengine.com.'),
-  CNAME('fm1._domainkey', 'fm1.mhutter.net.dkim.fmhosted.com.'),
-  CNAME('fm2._domainkey', 'fm2.mhutter.net.dkim.fmhosted.com.'),
-  CNAME('fm3._domainkey', 'fm3.mhutter.net.dkim.fmhosted.com.'),
-  TXT('@', 'v=spf1 include:spf.messagingengine.com ?all')
+  PROTONMAIL(
+    '5b98aa6e07dafc70dcb79311e037f09f2a00da72',
+    'dq5m6searbzpjcthudg7hjzlt7tch4rltfijorhafkqbvdujyky3a'
+  ),
+
+  // Web redirect
+  CNAME('www', 'mhu.dev.'),
+
+  END
 );
diff --git a/zones/neweden.tech.js b/zones/neweden.tech.js
diff --git a/zones/the-voice.cc.js b/zones/the-voice.cc.js
@@ -1,9 +1,15 @@
-D('the-voice.cc', REG_NONE,
+D(
+  'the-voice.cc',
+  REG_NONE,
+  DnsProvider(DNS_CLOUDFLARE),
+
   ALIAS('@', 'the-voice.pages.dev.', CF_PROXY_ON),
   CNAME('www', '@', CF_PROXY_ON),
 
   // Mail setup
-  GANDI_MX,
+  MX('@', 1, 'fwd1.porkbun.com.'),
+  MX('@', 1, 'fwd2.porkbun.com.'),
+  TXT('@', 'v=spf1 include:_spf.porkbun.com ~all'),
 
   // Redirects
   CF_REDIRECT('www.the-voice.cc/*', 'https://the-voice.cc/$1')