{ config, dns, ... }:
with dns.lib.combinators;
let
  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6 publicRouterIPv6;
in
{
  CAA = letsEncrypt "caa@kun.is";

  SOA = {
    nameServer = "ns1";
    adminEmail = "webmaster@kun.is";
    serial = 2024011401;
  };

  NS = [
    "ns1.kun.is."
    "ns2.kun.is."
  ];

  MX = [
    (mx.mx 10 "mail.kun.is.")
  ];

  subdomains = {
    "*" = {
      A = [ publicIPv4 ];
      AAAA = [ dockerSwarmIPv6 ];
    };

    ns = {
      A = [ publicIPv4 ];
      AAAA = [ dmzServicesIPv6 ];
    };

    ns1 = {
      A = [ publicIPv4 ];
      AAAA = [ dmzServicesIPv6 ];
    };

    ns2 = {
      A = [ publicIPv4 ];
      AAAA = [ dmzServicesIPv6 ];
    };

    # Override because we don't support IPv6 for Git SSH.
    git = {
      A = [ publicIPv4 ];
      AAAA = [ ];
    };

    # Override because we don't support IPv6 for KMS.
    kms = {
      A = [ publicIPv4 ];
      AAAA = [ ];
    };

    # Override because wg is on opnsense so ipv6 differs from "dmzServicesIPv6"
    wg = {
      A = [ publicIPv4 ];
      AAAA = [ publicRouterIPv6 ];
    };

  };
}