#!/usr/bin/env bash
set -euo pipefail

API_URL="http://127.0.0.1:8081/api/v1/servers/localhost/zones/hexname.com."
API_KEY="${API_KEY:?API_KEY not set}"

declare -A RRSETS

add_record() {
  local type="$1"
  local ttl="$2"
  local name="$3"
  local content="$4"

  local key="${name}|${type}|${ttl}"
  RRSETS["$key"]+="${content}"$'\n'
}

flush_rrsets() {
  local rrsets_json="[]"

  for key in "${!RRSETS[@]}"; do
    IFS='|' read -r name type ttl <<<"$key"

    local records_json
    records_json=$(printf '%s' "${RRSETS[$key]}" \
      | sed '/^$/d' \
      | jq -R '{content: ., disabled: false}' \
      | jq -s '.')

    rrsets_json=$(jq \
      --arg name "$name" \
      --arg type "$type" \
      --argjson ttl "$ttl" \
      --argjson records "$records_json" \
      '. + [{
        name: $name,
        type: $type,
        ttl: $ttl,
        changetype: "REPLACE",
        records: $records
      }]' <<<"$rrsets_json")
  done

  jq -n --argjson rrsets "$rrsets_json" '{ rrsets: $rrsets }' \
    | curl -sS -X PATCH \
      -H "X-API-Key: $API_KEY" \
      -H "Content-Type: application/json" \
      --data-binary @- \
      "$API_URL"
}

add_record "NS" 604800 "hexname.com." "ns1.hexname.com."
add_record "NS" 604800 "hexname.com." "ns2.hexname.com."
add_record "A" 604800 "hexname.com." "188.245.239.209"
add_record "A" 604800 "ns1.hexname.com." "188.245.239.209"
add_record "A" 604800 "ns2.hexname.com." "91.99.69.65"

# Mailserver records
add_record "A" 3600 "mx.hexname.com." "188.245.239.209"
add_record "A" 3600 "email.hexname.com." "188.245.239.209"
add_record "A" 3600 "mta-sts.hexname.com." "188.245.239.209"
add_record "CNAME" 3600 "mail.hexname.com." "mx.hexname.com."
add_record "MX" 3600 "hexname.com." "10 mx.hexname.com."

add_record "TXT" 3600 "_mta-sts.hexname.com." "\"v=STSv1; id=20260127182600Z;\""

add_record "TXT" 3600 "202601e._domainkey.hexname.com." "\"v=DKIM1; k=ed25519; h=sha256; p=C30gZd1CbkUpIGInw/wZgZQD0pmUEnwTp+svCLm1oCk=\""
add_record "TXT" 3600 "202601r._domainkey.hexname.com." "\"v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyQRHisJtMpgRCAKAE5mfq63n1hvguiNheRrGWcLjEziA9r3M8oaxM71gDNeDEZj19yXlYBWlZZiPsdkMNsumFaElTt3E810JjZxvWslvRgCQ9qMK6lE4ytJZHXJD1a+g82/j4Pfu3C0iz0GfMvngXf03pDl5jWeScwfSFgvKx/0tRdzCAzwkSZfZaSKCh5bcvVwoxzXqHjz3zxwxDJGlUPoERymd18/7NkdRRfJZoqAo/aHdsh5JsYa8APtNIHjSjp2vUBPQnNrtx9+lI0qRnwdyrim8v8CRKin+QUW0sstWGuyqZxgxOGXO2Ek2fqTrpzVu2fu6pzGqJdbTVf5BQIDAQAB\""

add_record "TXT" 3600 "mx.hexname.com." "\"v=spf1 a ra=spf-reports -all\""
add_record "TXT" 3600 "hexname.com." "\"v=spf1 mx ra=spf-reports -all\""
add_record "TXT" 3600 "_dmarc.hexname.com." "\"v=DMARC1; p=reject; rua=mailto:dmarc-reports@hexname.com; ruf=mailto:dmarc-reports@hexname.com\""
add_record "TXT" 3600 "_smtp._tls.hexname.com." "\"v=TLSRPTv1; rua=mailto:tls-reports@hexname.com\""
add_record "SRV" 3600 "_imaps._tcp.hexname.com." "0 1 993 mx.hexname.com."
add_record "SRV" 3600 "_imap._tcp.hexname.com." "0 1 143 mx.hexname.com."
add_record "SRV" 3600 "_submissions._tcp.hexname.com." "0 1 465 mx.hexname.com."
add_record "SRV" 3600 "_submission._tcp.hexname.com." "0 1 587 mx.hexname.com."
add_record "TLSA" 3600 "_25._tcp.mx.hexname.com." "3 1 1 88151fff33b6c5b820d83b3030d55376f57085a154652a27089d9d9a71fe6a7e"

# Create the zone
curl -d '{
    "name": "hexname.com.",
    "kind": "Native",
    "masters": [],
    "nameservers": [
      "ns1.hexname.com.",
      "ns2.hexname.com."
    ]
  }' -X POST -H "X-API-Key: $API_KEY" http://127.0.0.1:8081/api/v1/servers/localhost/zones

flush_rrsets

# Secure/update DDNSEC
sudo podman exec -it hexname-powerdns pdnsutil zone secure hexname.com