set GW4 91.211.5.21
set GW6 2a03:e2c0:2663:1::1

set VPS4 45.10.110.72
set VPS6 2a04:ac00:a:146::25

set Y6 21a:af91:8d0e:b05:9645:e4e9:12be:3c39

set NS1 uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org.
set NS2 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.

set NoSPF {"v=spf1 -all"}
set NoMX "MX 0 ."
set ReSPF {"v=spf1 redirect=_spf.stargrave.org"}

proc zone {serial} {
    global DOMAIN NS1 NS2
    puts "\$TTL 21600
\$ORIGIN $DOMAIN.
$DOMAIN. 21600 IN SOA $NS1 admin.$DOMAIN. (
    $serial ; Serial
    12h ; Refresh
    2h ; Retry
    2w ; Expire
    6h ; TTL
)"
    puts "@ NS $NS1"
    puts "@ NS $NS2"
    puts {_dmarc TXT "v=DMARC1; p=none"}
}

proc fqdn {dn} {
    global DOMAIN
    switch -glob -- $dn {
        @ { return $DOMAIN. }
        *. { return $dn }
        * { return $dn.$DOMAIN. }
    }
}

proc shorten {dn} {
    set dn [fqdn $dn]
    global DOMAIN
    if {$dn == "$DOMAIN."} { return @ }
    set domainLen [llength [split $DOMAIN .]]
    return [join [lrange [split $dn .] 0 end-[expr $domainLen + 1]] .]
}

proc mx {dn} {
    set dn [shorten $dn]
    puts "$dn MX 10 mailfake0.stargrave.org."
    puts "$dn MX 20 mail2.stargrave.org."
    puts "$dn MX 30 mailfake1.stargrave.org."
    global ReSPF
    puts "$dn TXT $ReSPF"
}

proc dane {dn {port 443}} {
    set dn [fqdn $dn]
    set dirname [string trimright $dn .]
    set was [pwd]
    set caas [list]
    cd tls
    foreach ca [lsort [glob ca/*/*]] {
        set ca [join [lrange [split $ca /] 1 end] /]
        set ee [file join ee $ca $dirname]
        if {![file exists $ee]} { continue }
        set caas [lappend $caas [lindex [split $ca /] end]]
        puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane $ee]"
    }
    cd $was
    foreach ca [lsort -unique $caas] {
        puts "[shorten $dn] CAA 0 issue \"$ca\""
    }
}

proc ssh {dn} {
    set dn [fqdn $dn]
    set fn ssh/[string trimright $dn .]
    if {![file exists $fn]} { return }
    set fd [open "|ssh-keygen -f $fn -r $dn"]
    while {[gets $fd line] >= 0} {
        if {[string first "SSHFP 4 2" $line] == -1} { continue }
        puts "[shorten $dn] [lrange [split $line " "] 2 end]"
    }
    close $fd
}

proc subdomain {dn addrs {flags {}}} {
    set short [shorten $dn]
    foreach addr $addrs {
        if {[string first : $addr] == -1} { set atyp A } { set atyp AAAA }
        puts "$short $atyp $addr"
    }

    set danePort [lsearch -inline $flags dane:*]
    if {$danePort == ""} {
        set danePort 443
    } {
        set danePort [lindex [split $danePort :] end]
    }
    dane $dn $danePort
    ssh $dn

    global NoSPF NoMX
    if {[lsearch $flags mailable] == -1} {
        puts "$short TXT $NoSPF"
        puts "$short $NoMX"
    }
    if {[lsearch $flags y] != -1} {
        global Y6
        set short [shorten y.[fqdn $dn]]
        puts "$short AAAA $Y6"
        puts "$short TXT $NoSPF"
        puts "$short $NoMX"
        ssh $short
    }
}

proc pgp {keyid {uid ""}} {
    if {$uid == ""} { set uid $keyid }
    set fd [open "|gpg --export-options export-dane --export $keyid"]
    while {[gets $fd line] >= 0} {
        if {[string first $uid $line] != -1} { break }
    }
    puts $line
    set line [split [gets $fd]]
    set line [lreplace $line 0 0 "[lindex $line 0]._openpgpkey"]
    puts [join $line]
    while {[gets $fd line] >= 0} {
        if {$line == ""} { break }
        puts $line
    }
    catch {close $fd}
}