machines/nix/systems/aarch64-linux/mx.kaareskovgaard.net/mailserver/dmarc.nix

{ config, lib, ... }:
let
  cfg = config.khscodes."mx.kaareskovgaard.net";
in
{
  config = {
    khscodes.infrastructure.provisioning.pre.modules = [
      {
        khscodes.cloudflare.dns.txtRecords = lib.lists.map (domain: {
          fqdn = "_dmarc.${domain}";
          content = ''"v=DMARC1; p=reject; rua=mailto:postmaster@${domain}; ruf=mailto:postmaster@${domain}; adkim=s; aspf=s;"'';
          ttl = 600;
        }) cfg.domains;
      }
    ];
  };
}