ctucx.git: dns.nix

combinators: Add SPF

diff --git a/README.md b/README.md
@@ -39,6 +39,10 @@ with dns.combinators; {
 
   CAA = letsEncrypt "admin@example.com";  # Common template combinators included
 
+  TXT = [
+    (with spf; strict [google])  # SPF: only allow gmail
+  ];
+
   subdomains = {
     www = {
       A = [ (a "203.0.114.1") ];

diff --git a/dns/combinators.nix b/dns/combinators.nix
@@ -8,6 +8,7 @@
 
 let
   inherit (builtins) map;
+  inherit (pkgs) lib;
 
 in
 

@@ -54,4 +55,15 @@ letsEncrypt = email: [
   }
 ];
 
+spf =
+  let
+    toSpf = rs:
+      txt (lib.concatStringsSep " " (["v=spf1"] ++ rs));
+  in {
+    soft = rs: toSpf (rs ++ ["~all"]);
+    strict = rs: toSpf (rs ++ ["-all"]);
+
+    google = "include:_spf.google.com";
+  };
+
 }

diff --git a/example.nix b/example.nix
@@ -29,6 +29,10 @@ let
       (aaaa "4321:0:1:2:3:4:567:89ab")
     ];
 
+    TXT = [
+      (with spf; strict ["a:mail.example.com" google])
+    ];
+
     CAA = letsEncrypt "admin@example.com";
 
     subdomains = {