X-Git-Url: https://git.distorted.org.uk/~mdw/zones/blobdiff_plain/b0eb5b79a4e308827aee1534384607265429af61..c0e64dd8ed531a8f107d32c678d2c6d9697cac60:/distorted.lisp diff --git a/distorted.lisp b/distorted.lisp index d71124a..88c9bd2 100644 --- a/distorted.lisp +++ b/distorted.lisp @@ -77,6 +77,10 @@ #-view/inside (mythic-beasts-3.ns :ip mythic-ns3) #-view/inside (chiark.ns :ip chiark.greenend.org.uk)) + ;; Certification. + :caa ((:issue "letsencrypt.org") + (:issue "distorted.org.uk")) + ;; Mail servers. ((@ mail blackhole) :mx mail :srv ((:smtp mail))) ((bugs) :ttl 300 :mx lists :srv ((:smtp bugs))) @@ -164,7 +168,10 @@ (cabal :svc stratocaster.colo :sshfp "stratocaster") ;; Local services. - ((rawk pifi) (unsafe :svc artist.unsafe) (dmz :svc artist.dmz)) + (rawk (unsafe :svc artist.unsafe) (dmz :svc artist.dmz)) + (rawk :tlsa (:https (:service-certificate-constraint + :public-key :sha-256 + #p"https-artist"))) (mirror (dmz :svc roadstar.dmz :sshfp "roadstar") (unsafe :svc roadstar.unsafe :sshfp "roadstar")) @@ -179,6 +186,7 @@ ;; Fancy connectivity. (iodine (jump :svc jazz.jump)) + (hippotat (jump :svc jazz.jump)) ;; Colocated hosts. (colo :net colo) @@ -205,7 +213,8 @@ (jazz (colo :addr jazz.colo :sshfp "jazz") (jump :addr jazz.jump :sshfp "jazz") (vpn :addr jazz.vpn :sshfp "jazz") - (iodine :addr jazz.iodine :sshfp "jazz")) + (iodine :addr jazz.iodine :sshfp "jazz") + (hippo :addr jazz.hippo :sshfp "jazz")) ;; Virtual hosts. (national :abbrev n (linode :abbrev nl) (upn :abbrev ny)) @@ -288,13 +297,15 @@ ;; Virtual network. (vpn :net vpn) (crybaby :abbrev cb) - (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby")) + (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby") + (hippo :addr crybaby.hippo :sshfp "crybaby")) (terror (vpn :addr terror.vpn :sshfp "terror")) (orange :abbrev o) (orange (vpn :addr orange.vpn :sshfp "orange")) (haze :abbrev h) (haze (vpn :addr haze.vpn :sshfp "haze")) (iodine :net iodine) + (hippo :net hippo) ;; ITS. (its :net its)