{ lib, meta, dns, ... }:

let
  inherit (lib.extra)
    fuseAttrs
    mapSingleFuse;

  inherit (dns.lib.combinators)
    mx
    spf
    ttl;

  mkCNAME = host: { CNAME = [ host ]; };

  mkRecord = host:
    let net = meta.network.${host}; in
    {
      A = net.addresses.publicV4;
      AAAA = net.addresses.publicV6;
    };

  mkNS = { A, AAAA, ... }: { inherit A AAAA; };

  mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra");

  hosted = fuseAttrs (builtins.attrValues
    (builtins.mapAttrs mkHosted {
      compute01 = [
        "social"
      ];

      storage01 = [
        "cloud"
        "git"
        "s3"
        "video"
      ];

      web01 = [
        "analytics"
      ];
    })
  );

  infra.subdomains = builtins.mapAttrs
    (_: nodes: { subdomains = mapSingleFuse mkRecord nodes; })
    meta.infra;

  kurisuDKIM = [{
    selector = "kurisu";
    k = "rsa";
    s = [ "email" ];
    p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
  }];
in

{
  # Primary DNS servers
  NS = [
    "ns01.dgnum.eu."
  ];

  # dgnum.codeberg.pages
  # ALIAS = [ "codeberg.page" ];
  A = [ "217.197.91.145" ];
  AAAA = [ "2001:67c:1401:20f0::1" ];

  MX = map (ttl 3600) [
    (mx.mx 10 "kurisu.lahfa.xyz.")
  ];

  TXT = [
    "dgnum.codeberg.page"
    (spf.strict [ "a:kurisu.lahfa.xyz" ])
  ];
  DMARC = [{ p = "none"; }];
  DKIM = kurisuDKIM;

  subdomains = hosted // {
    ns01 = mkNS infra.subdomains.par01.subdomains.compute01;
  } // {
    infra = infra // {
      MX = map (ttl 3600) [
        (mx.mx 10 "kurisu.lahfa.xyz.")
      ];

      TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
      DMARC = [{ p = "none"; }];
      DKIM = kurisuDKIM;
    };

    dev.CNAME = [ "dev.pages.codeberg.page." ];
    irc.CNAME = [ "public.p.lahfa.xyz." ];
    webmail.CNAME = [ "kurisu.dual.lahfa.xyz." ];
  };
}