From c2d37edad89cad217d9e01021ff36ac79e033028 Mon Sep 17 00:00:00 2001
From: Noratrieb <48135649+Noratrieb@users.noreply.github.com>
Date: Thu, 19 Sep 2024 19:38:58 +0200
Subject: [PATCH] Various DNS updates

- add email stuff for noratrieb.dev
- change default TTL
---
 newinfra/nix/deploy/smoke-tests.sh         |  4 ++--
 newinfra/nix/modules/dns/nilstrieb.dev.nix | 15 +++---------
 newinfra/nix/modules/dns/noratrieb.dev.nix | 28 +++++++++++++++++++---
 3 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/newinfra/nix/deploy/smoke-tests.sh b/newinfra/nix/deploy/smoke-tests.sh
index 78e5e50..798c9ae 100755
--- a/newinfra/nix/deploy/smoke-tests.sh
+++ b/newinfra/nix/deploy/smoke-tests.sh
@@ -12,8 +12,8 @@ dig @dns1.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1
 dig @dns2.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1
 
 # Check the NS records. The trailing dot matters!
-dig @dns1.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*86400.*IN.*NS.*ns1.noratrieb.dev."
-dig @dns2.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*86400.*IN.*NS.*ns1.noratrieb.dev."
+dig @dns1.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev."
+dig @dns2.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev."
 
 # Check HTTP responses
 curl --fail -s https://vps1.infra.noratrieb.dev -o /dev/null
diff --git a/newinfra/nix/modules/dns/nilstrieb.dev.nix b/newinfra/nix/modules/dns/nilstrieb.dev.nix
index fecea2e..cad6b83 100644
--- a/newinfra/nix/modules/dns/nilstrieb.dev.nix
+++ b/newinfra/nix/modules/dns/nilstrieb.dev.nix
@@ -6,8 +6,8 @@ let
       hour1 = 3600;
       hostsToDns = builtins.mapAttrs
         (name: { publicIPv4, publicIPv6, ... }:
-          lib.optionalAttrs (publicIPv4 != null) { A = [ (ttl hour1 (a publicIPv4)) ]; } //
-          lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (ttl hour1 (aaaa publicIPv6)) ]; })
+          lib.optionalAttrs (publicIPv4 != null) { A = [ (a publicIPv4) ]; } //
+          lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (aaaa publicIPv6) ]; })
         networkingConfig;
       vps2 = {
         A = [ "184.174.32.252" ];
@@ -16,17 +16,13 @@ let
     with hostsToDns;
     # point nilstrieb.dev to vps1 (retired)
     vps1 // {
+      TTL = hour1;
       SOA = {
         nameServer = "ns1.nilstrieb.dev.";
         adminEmail = "void@nilstrieb.dev";
         serial = 2024072601;
       };
 
-      TXT = [
-        "protonmail-verification=86964dcc4994261eab23dbc53dad613b10bab6de"
-        "v=spf1 include:_spf.protonmail.ch ~all"
-      ];
-
       CAA = [
         { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; }
         { issuerCritical = false; tag = "issue"; value = "sectigo.com"; }
@@ -37,11 +33,6 @@ let
         "ns2.nilstrieb.dev."
       ];
 
-      MX = with mx; [
-        (mx 10 "mail.protonmail.ch.")
-        (mx 20 "mailsec.protonmail.ch.")
-      ];
-
       subdomains = {
         ns1 = dns1;
         ns2 = dns2;
diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix
index 82a67a2..7b90bf5 100644
--- a/newinfra/nix/modules/dns/noratrieb.dev.nix
+++ b/newinfra/nix/modules/dns/noratrieb.dev.nix
@@ -6,8 +6,8 @@ let
       hour1 = 3600;
       hostsToDns = builtins.mapAttrs
         (name: { publicIPv4, publicIPv6, ... }:
-          lib.optionalAttrs (publicIPv4 != null) { A = [ (ttl hour1 (a publicIPv4)) ]; } //
-          lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (ttl hour1 (aaaa publicIPv6)) ]; })
+          lib.optionalAttrs (publicIPv4 != null) { A = [ (a publicIPv4) ]; } //
+          lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (aaaa publicIPv6) ]; })
         networkingConfig;
       vps2 = {
         A = [ "184.174.32.252" ];
@@ -21,6 +21,7 @@ let
     with hostsToDns;
     # vps{1,3,4} contains root noratrieb.dev
     combine [ vps1 vps3 vps4 ] // {
+      TTL = hour1;
       SOA = {
         nameServer = "ns1.noratrieb.dev.";
         adminEmail = "void@noratrieb.dev";
@@ -37,13 +38,24 @@ let
         { issuerCritical = false; tag = "issue"; value = "sectigo.com"; }
       ];
 
+      TXT = [
+        "protonmail-verification=09106d260e40df267109be219d9c7b2759e808b5"
+        "v=spf1 include:_spf.protonmail.ch ~all"
+      ];
+
+
+      MX = [
+        (mx.mx 10 "mail.protonmail.ch.")
+        (mx.mx 20 "mailsec.protonmail.ch.")
+      ];
+
       subdomains = {
         # --- NS records
         ns1 = dns1;
         ns2 = dns2;
 
         # --- website stuff
-        blog.CNAME = map (ttl hour1) [ (cname "noratrieb.github.io") ];
+        blog.CNAME = [ (cname "noratrieb.github.io") ];
         www = vps1;
 
         # --- legacy crap
@@ -69,6 +81,16 @@ let
         # --- infra
         grafana = vps3;
         infra.subdomains = hostsToDns;
+
+        # --- email
+        _domainkey.subdomains = {
+          protonmail.CNAME = [ (cname "protonmail.domainkey.deenxxi4ieo32na6brazky2h7bt5ezko6vexdbvbzzbtj6oj43kca.domains.proton.ch.") ];
+          protonmail2.CNAME = [ (cname "protonmail2.domainkey.deenxxi4ieo32na6brazky2h7bt5ezko6vexdbvbzzbtj6oj43kca.domains.proton.ch.") ];
+          protonmail3.CNAME = [ (cname "protonmail3.domainkey.deenxxi4ieo32na6brazky2h7bt5ezko6vexdbvbzzbtj6oj43kca.domains.proton.ch.") ];
+        };
+        _dmarc.TXT = [
+          { data = "v=DMARC1; p=quarantine"; }
+        ];
       };
     };
 in