Makefile, hosts.lisp: New network for untrusted hosts on the VPN.

[zones] / distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index ae1c623..142b047 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -149,13 +149,13 @@
                  (jump :svc stratocaster.jump :sshfp "stratocaster"))
   ((www @) :tlsa (:https (:service-certificate-constraint
                          :certificate :sha-256 #p"http-server-www#1")))
-  (git :tlsa (:https (:trust-anchor-assertion
-                     :certificate :sha-256 #p"distorted-ca")))
+  ((git mail) :tlsa (:https (:trust-anchor-assertion
+                            :certificate :sha-256 #p"distorted-ca")))
   (www-cache :tlsa (3127 (:trust-anchor-assertion
                          :certificate :sha-256 #p"distorted-ca")))
   ((bugs lists) :tlsa (:smtp (:trust-anchor-assertion
                              :certificate :sha-256 #p"distorted-ca")))
-  (mail :tlsa ((:smtp :submission :imap)
+  (mail :tlsa ((:smtp :submission :imap :imaps)
               (:trust-anchor-assertion
                :certificate :sha-256 #p"distorted-ca")))
   :svc #+view/inside stratocaster.colo