Makefile, hosts.lisp: New network for untrusted hosts on the VPN.

[zones] / distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index 4794842..142b047 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -80,6 +80,7 @@
 
   ;; Mail servers.
   ((@ mail blackhole) :mx mail :srv ((:smtp mail)))
+  ((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
   ((lists) :ttl 300 :mx lists :srv ((:smtp lists)))
 
   (stratocaster.20140403._domainkey
@@ -142,19 +143,19 @@
   ;; Colocated services.
   ((irc vox keys) (colo :svc jazz.colo :sshfp "jazz")
                  (jump :svc jazz.jump :sshfp "jazz"))
-  (lists (colo :svc telecaster.colo :sshfp "telecaster")
-        (jump :svc telecaster.jump :sshfp "telecaster"))
+  ((bugs lists) (colo :svc telecaster.colo :sshfp "telecaster")
+               (jump :svc telecaster.jump :sshfp "telecaster"))
   ((git www mail) (colo :svc stratocaster.colo :sshfp "stratocaster")
                  (jump :svc stratocaster.jump :sshfp "stratocaster"))
   ((www @) :tlsa (:https (:service-certificate-constraint
                          :certificate :sha-256 #p"http-server-www#1")))
-  (git :tlsa (:https (:trust-anchor-assertion
-                     :certificate :sha-256 #p"distorted-ca")))
+  ((git mail) :tlsa (:https (:trust-anchor-assertion
+                            :certificate :sha-256 #p"distorted-ca")))
   (www-cache :tlsa (3127 (:trust-anchor-assertion
                          :certificate :sha-256 #p"distorted-ca")))
-  (lists :tlsa ((:smtp :https) (:trust-anchor-assertion
-                               :certificate :sha-256 #p"distorted-ca")))
-  (mail :tlsa ((:smtp :submission :imap)
+  ((bugs lists) :tlsa (:smtp (:trust-anchor-assertion
+                             :certificate :sha-256 #p"distorted-ca")))
+  (mail :tlsa ((:smtp :submission :imap :imaps)
               (:trust-anchor-assertion
                :certificate :sha-256 #p"distorted-ca")))
   :svc #+view/inside stratocaster.colo