1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#
# SPDX-FileCopyrightText: 2019 Kirill Elagin <https://kir.elagin.me/>
#
# SPDX-License-Identifier: MPL-2.0 or MIT
#
{ lib }:
let
inherit (builtins) map;
in
rec {
#
# Simple records
#
a = address: { inherit address; };
aaaa = address: { inherit address; };
cname = cname: { inherit cname; };
ns = nsdname: { inherit nsdname; };
txt = data: { inherit data; };
#
# Modifiers
#
ttl = ttl: record: record // { inherit ttl; };
#
# Templates/shortcuts
#
host = ipv4: ipv6:
lib.optionalAttrs (ipv4 != null) { A = [ipv4]; } //
lib.optionalAttrs (ipv6 != null) { AAAA = [ipv6]; };
delegateTo = nameservers: {
NS = map ns nameservers;
};
mx = rec {
mx = preference: exchange: { inherit preference exchange; };
google = map (ttl 3600) [
(mx 1 "aspmx.l.google.com.")
(mx 5 "alt1.aspmx.l.google.com.")
(mx 5 "alt2.aspmx.l.google.com.")
(mx 10 "alt3.aspmx.l.google.com.")
(mx 10 "alt4.aspmx.l.google.com.")
];
};
letsEncrypt = email: [
{ issuerCritical = false;
tag = "issue";
value = "letsencrypt.org";
}
{ issuerCritical = false;
tag = "issuewild";
value = ";";
}
{ issuerCritical = false;
tag = "iodef";
value = "mailto:${email}";
}
];
spf =
let
toSpf = rs:
txt (lib.concatStringsSep " " (["v=spf1"] ++ rs));
in {
soft = rs: toSpf (rs ++ ["~all"]);
strict = rs: toSpf (rs ++ ["-all"]);
google = "include:_spf.google.com";
};
dmarc = {
postmarkapp = rua: {
p = "none";
pct = 100;
inherit rua;
sp = "none";
aspf = "relaxed";
};
};
}