escape special characters

README.md

@@ -0,0 +1,8 @@
+# Central DNS management
+
+## Overview
+This repository contains the configuration for managing the DNS records for `moll.re` and other domains.
+
+It uses [octodns](https://github.com/octodns/octodns/) along with submodules for cloudflare and ddns.
+
+This configuration is applied through a cron job on the k8s cluster, configured under [https://git.kluster.moll.re/remoll/k3s-infra](https://git.kluster.moll.re/remoll/k3s-infra).

config.yaml

@@ -12,15 +12,7 @@ providers:
 
   cloudflare:
     class: octodns_cloudflare.CloudflareProvider
-    # Your Cloudflare account email address (required, optional if using token)
-    email: env/CLOUDFLARE_EMAIL
-    # The API Token or API Key.
-    # Required permissions for API Tokens are Zone:Read, DNS:Read and DNS:Key.
     token: env/CLOUDFLARE_TOKEN
-    # Optional. Filter by account ID in environments where a token has access
-    # across more than the permitted number of accounts allowed by Cloudflare.
-    account_id: env/CLOUDFLARE_ACCOUNT_ID
-
 
 
 zones:
@@ -29,4 +21,4 @@ zones:
       - config # sets all other records
       - kluster # sets kluster.moll.re
     targets:
-      - cloudflare
+      - cloudflare

config/moll.re.yaml

@@ -1,10 +1,25 @@
 '':
-  octodns:
-    lenient: true
-    # CNAMES are not allowed at the root of a zone, but cloudflare allows it
-  ttl: 60
-  type: CNAME
-  value: homepage.kluster.moll.re.
+  - type: ALIAS
+    value: homepage.kluster.moll.re.
+  # mail forwarding by cloudflare set the auto-ttl to the same value as prescribed by cloudflare
+  - octodns:
+      cloudflare:
+        auto-ttl: true
+    ttl: 300
+    type: MX
+    values:
+      - exchange: route1.mx.cloudflare.net.
+        preference: 62
+      - exchange: route2.mx.cloudflare.net.
+        preference: 77
+      - exchange: route3.mx.cloudflare.net.
+        preference: 27
+  - octodns:
+      cloudflare:
+        auto-ttl: true
+    ttl: 300
+    type: TXT
+    value: v=spf1 include:_spf.mx.cloudflare.net ~all
 
 
 '*.kluster':
@@ -13,40 +28,45 @@
   value: kluster.moll.re.
 
 
-'_dmarc':
-  type: TXT
-  values:
-    - v=DMARC1\; p=reject\; pct=100\; adkim=s\; aspf=s
-
-
+# gitea SSH advertised on port 2222
 '_ssh._tcp':
-  port: 2222
-  priority: 0
-  target: git.kluster.moll.re.
   type: SRV
-  weight: 500
+  values:
+    - port: 2222
+      priority: 0
+      target: git.kluster.moll.re.
+      weight: 500
 
 
-'moll.re':
-  - exchange: inbound-smtp.skiff.com.
-    preference: 0
-    type: MX
+# cloudflare DKIM for cloudflare email routing
+'cf2024-1._domainkey':
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: TXT
+  value: '"v=DKIM1\; h=sha256\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiweykoi+o48IOGuP7GR3X0MOExCUDY/BCRHoWBnh3rChl7WhdyCxW3jgq1daEjPPqoi7sJvdg5hEQVsgVRQP4DcnQDVjGMbASQtrY4WmB1VebF+RPJB2ECPsEDTpeiI5ZyUAwJaVX7r6bznU67g7LvFq35yIo4sdlmtZGV+i0H4cpYH9+3JJ78k" "m4KXwaf9xUJCWF6nxeD+qG6Fyruw1Qlbds2r85U9dkNDVAS3gioCvELryh1TxKGiVTkg4wqHTyHfWsp7KD3WQHYJn0RyfJJu6YEmL77zonn7p2SRMvTMP3ZEXibnC9gz3nnhR6wcYL8Q7zXypKTMD58bTixDSJwIDAQAB"'
+
+
+# SMTP by smtp2go
+'em604688':
+  type: CNAME
+  value: return.smtp2go.net.
+
+
+# SMTP by smtp2go
+'link':
+  type: CNAME
+  value: track.smtp2go.net.
+
+
+# DKIM by smtp2go
+'s604688._domainkey':
+  type: CNAME
+  value: dkim.smtp2go.net.
 
-  - type: TXT
-    values:
-      - v=spf1 include:tlfind3ul99o2wi.spf.skiff.com -all
 
 'short':
   ttl: 60
   type: CNAME
   value: shlink.kluster.moll.re.
-
-
-'skiff1._domainkey':
-  type: CNAME
-  value: skiff1.tlfind3ul99o2wi.dkim.skiff.com.
-
-
-'skiff2._domainkey':
-  type: CNAME
-  value: skiff2.tlfind3ul99o2wi.dkim.skiff.com.