X-Git-Url: https://git.distorted.org.uk/~mdw/zones/blobdiff_plain/2831cef5f578fdfcb29b449b05efcbedfc856b80..c0e64dd8ed531a8f107d32c678d2c6d9697cac60:/distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index 0493f6b..88c9bd2 100644
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -74,8 +74,13 @@
        #+view/inside (vampire.ns :ip vampire)
        #-view/inside (mythic-beasts-1.ns :ip mythic-ns1)
        #-view/inside (mythic-beasts-2.ns :ip mythic-ns2)
+       #-view/inside (mythic-beasts-3.ns :ip mythic-ns3)
        #-view/inside (chiark.ns :ip chiark.greenend.org.uk))
 
+  ;; Certification.
+  :caa ((:issue "letsencrypt.org")
+	(:issue "distorted.org.uk"))
+
   ;; Mail servers.
   ((@ mail blackhole) :mx mail :srv ((:smtp mail)))
   ((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
@@ -163,7 +168,10 @@
   (cabal :svc stratocaster.colo :sshfp "stratocaster")
 
   ;; Local services.
-  ((rawk pifi) (unsafe :svc artist.unsafe) (dmz :svc artist.dmz))
+  (rawk (unsafe :svc artist.unsafe) (dmz :svc artist.dmz))
+  (rawk :tlsa (:https (:service-certificate-constraint
+		       :public-key :sha-256
+		       #p"https-artist")))
   (mirror (dmz :svc roadstar.dmz :sshfp "roadstar")
 	  (unsafe :svc roadstar.unsafe :sshfp "roadstar"))
 
@@ -178,6 +186,7 @@
 
   ;; Fancy connectivity.
   (iodine (jump :svc jazz.jump))
+  (hippotat (jump :svc jazz.jump))
 
   ;; Colocated hosts.
   (colo :net colo)
@@ -204,7 +213,8 @@
   (jazz (colo :addr jazz.colo :sshfp "jazz")
 	(jump :addr jazz.jump :sshfp "jazz")
 	(vpn :addr jazz.vpn :sshfp "jazz")
-	(iodine :addr jazz.iodine :sshfp "jazz"))
+	(iodine :addr jazz.iodine :sshfp "jazz")
+	(hippo :addr jazz.hippo :sshfp "jazz"))
 
   ;; Virtual hosts.
   (national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
@@ -287,13 +297,15 @@
   ;; Virtual network.
   (vpn :net vpn)
   (crybaby :abbrev cb)
-  (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby"))
+  (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby")
+	   (hippo :addr crybaby.hippo :sshfp "crybaby"))
   (terror (vpn :addr terror.vpn :sshfp "terror"))
   (orange :abbrev o)
   (orange (vpn :addr orange.vpn :sshfp "orange"))
   (haze :abbrev h)
   (haze (vpn :addr haze.vpn :sshfp "haze"))
   (iodine :net iodine)
+  (hippo :net hippo)
 
   ;; ITS.
   (its :net its)
@@ -353,6 +365,13 @@
   (invader :addr invader.safe)
   (marauder :addr marauder.safe))
 
+(defzone dyn.distorted.org.uk
+  :ns ((radius.ns :ip radius)
+       (vampire.ns :ip vampire)
+       (precision.ns :ip precision)
+       (telecaster.ns :ip telecaster)
+       (national.ns :ip national)))
+
 (defzone nicko.org
   (richmond :addr richmond.jump))
 
@@ -437,8 +456,20 @@
        telecaster.distorted.org.uk.
        national.distorted.org.uk.
        secondary-dns.co.uk.)
+  (0.7.3.6.8.6.4.6.1.0.0.0 :ns (radius.distorted.org.uk.
+				vampire.distorted.org.uk.
+				precision.distorted.org.uk.
+				telecaster.distorted.org.uk.
+				national.distorted.org.uk.))
   :reverse ((((:ipv6 distorted.org.uk-aaisp)))))
 
+(defrevzone (dhcp :family :ipv6)
+  :ns (radius.distorted.org.uk.
+       vampire.distorted.org.uk.
+       precision.distorted.org.uk.
+       telecaster.distorted.org.uk.
+       national.distorted.org.uk.))
+
 (defrevzone distorted.org.uk-jump
   :ns (radius.distorted.org.uk.
        vampire.distorted.org.uk.