X-Git-Url: https://git.distorted.org.uk/~mdw/zones/blobdiff_plain/76bca42f9c68eeb4ffe787d727f99fe2010925fe..6fc6709b784fd8c14390eb6124782af3ea43b018:/distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index 73fd09d..57a7225 100644
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -138,6 +138,15 @@
 	     (jump :svc jazz.jump :sshfp "jazz"))
   ((git www mail) (colo :svc stratocaster.colo :sshfp "stratocaster")
 		  (jump :svc stratocaster.jump :sshfp "stratocaster"))
+  ((www @) :tlsa (:https (:service-certificate-constraint
+			  :certificate :sha-256 #p"http-server-www#1")))
+  (git :tlsa (:https (:trust-anchor-assertion
+		      :certificate :sha-256 #p"distorted-ca")))
+  (www-cache :tlsa (3127 (:trust-anchor-assertion
+			  :certificate :sha-256 #p"distorted-ca")))
+  (mail :tlsa ((:smtp :submission :imap)
+	       (:trust-anchor-assertion
+		:certificate :sha-256 #p"distorted-ca")))
   :svc #+view/inside stratocaster.colo
        #-view/inside stratocaster.jump
   (cabal :svc stratocaster.colo :sshfp "stratocaster")
@@ -216,6 +225,7 @@
   (firebird :cname firebird.dhcp)
   (marauder :cname marauder.dhcp)
   (invader :cname invader.dhcp)
+  (gretsch :cname gretsch.dhcp)
 
   ;; Virtual network.
   (vpn :net vpn)