X-Git-Url: https://git.distorted.org.uk/~mdw/zones/blobdiff_plain/38c2de7c54c340cc006d4b9d09379375723a7766..d85367121b47974387178add7ebe776f01ba5167:/distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index 8327c82..b6fea92 100644
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -48,7 +48,7 @@
 
   ;; Wireless gateway.
   (wireless :net wireless)
-  (evolution (untrusted :a evolution.untrusted))
+  (evolution (safe :a evolution.safe))
 
   ;; Local services.
   :svc vampire
@@ -57,7 +57,7 @@
 
   ;; Internal services.
   #+view/inside ((ntp) :svc ibanez.unsafe)
-  #+view/inside ((wpad ntp1 news) :svc vampire.unsafe)
+  #+view/inside ((wpad ntp1 news lpr) :svc vampire.unsafe)
 
   ;; Anonymity services.
   (tor :svc #+view/inside vampire.unsafe
@@ -66,23 +66,26 @@
   ;; Colocated hosts.
   (colo :net colo)
   (jump :net jump)
-  (fender (colo :a fender.colo)
+  (fender ;(colo :a fender.colo)
 	  (jump :a fender.jump))
-  (precision (colo :a precision.colo)
+  (precision ;(colo :a precision.colo)
 	     (jump :a precision.jump))
-  (telecaster (colo :a telecaster.colo)
+  (telecaster ;(colo :a telecaster.colo)
 	      (jump :a telecaster.jump))
   (telecaster :alias tele)
-  (stratocaster (colo :a stratocaster.colo)
+  (stratocaster ;(colo :a stratocaster.colo)
 		(jump :a stratocaster.jump))
   (stratocaster :alias strat)
-  (jazz (colo :a jazz.colo)
+  (jazz ;(colo :a jazz.colo)
 	(jump :a jazz.jump))
 
   ;; Wired ethernet.
-  (wired :net wired)
+  (unsafe :net unsafe)
+  (safe :net safe)
+  (untrusted :net untrusted)
   (vampire (unsafe :a vampire.unsafe)
 	   (dmz :a vampire.dmz)
+	   (safe :a vampire.safe)
 	   (untrusted :a vampire.untrusted)
 	   (iodine :a vampire.iodine))
   (obsidian (safe :a obsidian.safe))
@@ -90,6 +93,7 @@
 	  (dmz :a ibanez.dmz))
   (radius (unsafe :a radius.unsafe)
 	  (dmz :a radius.dmz)
+	  (safe :a radius.safe)
 	  (untrusted :a radius.untrusted))
   (roadstar (unsafe :a roadstar.unsafe)
 	    (dmz :a roadstar.dmz))
@@ -128,8 +132,8 @@
        (vampire.ns :ip vampire))
   :reverse trusted
   (dhcp :ns (radius.ns vampire.ns))
-  (@ :cidr-delegation
-     (dhcp (dhcp 199.29.172.dhcp.199.29.172.in-addr.arpa))))
+  :cidr-delegation
+  (trusted ((dhcp safe) 199.29.172.dhcp.199.29.172.in-addr.arpa)))
 
 (defrevzone dmz
   :ns ((radius.ns :ip radius)