{ lib, dns, ... }:

let
  inherit (lib) mapAttrs' nameValuePair;
  inherit (lib.extra) fuseAttrs mapSingleFuse;

  inherit (dns.lib.combinators) mx spf ttl;

  meta = (import ./.) lib;

  mkCNAME = host: { CNAME = [ host ]; };

  mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.site}.infra");

  cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
    "dev" = "dev.pages.codeberg.page.";
    "irc" = "public.p.lahfa.xyz.";
    "webmail" = "kurisu.dual.lahfa.xyz.";
  };

  hosted = fuseAttrs (
    builtins.attrValues (
      builtins.mapAttrs mkHosted {
        compute01 = [
          "arkheon" # Arkheon
          "cloud" # Nextcloud
          "code" # Collabora Online
          "demarches" # Démarches Normaliennes
          "docs" # Outline
          "grafana" # Grafana
          "nms" # LibreNMS
          "pads" # Hedgedoc
          "pass" # Vaultwarden
          "saml-idp" # Satosa
          "social" # Mastodon
          "sso" # Kanidm
          "support" # Zammad support
          "telegraf" # Telegraf
        ];

        storage01 = [
          "cachix" # Attic
          "git" # Forgejo
          "influx" # InfluxDB
          "netbird" # Netbird
          "prometheus" # Prometheus
          "videos" # Peertube

          # Garage S3
          "*.cdn"
          "*.s3"
          "cdn"
          "s3"
        ];

        web01 = [
          "*.wp" # Wordpress
          "analytics" # Plausible Analytics
          "calendrier" # Metis
          "netbox" # Netbox
          "podcasts" # Castopod
          "push" # Ntfy.sh

          # Static websites
          "eleves"
          "migrated.rz"
          "qr"
          "retired"
          "web-static"

          # Linkal
          "*.cal"
          "cal"
          "linkal"

          # Crab Fit
          "api.meet"
          "meet"
          "rdv" # C.f. loi Toubon
        ];
      }
    )
  );

  kurisuDKIM = [
    {
      selector = "kurisu";
      k = "rsa";
      s = [ "email" ];
      p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
    }
  ];
in

{
  SOA = {
    nameServer = "ns01.dgnum.eu.";
    adminEmail = "dns.dgnum.eu";
    retry = 3600;
    minimum = 300;
  };

  # Primary DNS servers
  NS = [
    "ns01.dgnum.eu." # ns-03.hubrecht.ovh
    "ns02.dgnum.eu." # kurisu.lahfa.xyz
  ];

  # dgnum.codeberg.pages
  # ALIAS = [ "codeberg.page" ];
  A = [ "217.197.91.145" ];
  AAAA = [ "2001:67c:1401:20f0::1" ];

  MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];

  SRV = [
    {
      service = "autodiscover";
      proto = "tcp";
      port = 443;
      target = "autoconfig.mail.lahfa.xyz.";
    }
  ];

  TXT = [
    "dgnum.codeberg.page"
    (spf.strict [ "a:kurisu.lahfa.xyz" ])
  ];
  DMARC = [ { p = "none"; } ];
  DKIM = kurisuDKIM;

  subdomains =
    hosted
    // cnames
    // {
      ns01 = {
        A = [ "51.178.27.125" ];
        AAAA = [ "2001:41d0:305:2100::542c" ];
      };
      ns02 = {
        A = [ "163.172.69.160" ];
        AAAA = [ "2001:bc8:38ee::1" ];
      };
    }
    // {
      infra = {
        MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];

        TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
        DMARC = [ { p = "none"; } ];
        DKIM = kurisuDKIM;

        subdomains = mapAttrs' (
          host:
          { site, ... }:
          nameValuePair "${host}.${site}" (
            with meta.network.${host}.addresses;
            {
              A = ipv4;
              AAAA = ipv6;
            }
          )
        ) meta.nodes;
      };
    };
}