From bda4d30e98bbdd8a499c9d2faa31e7e61de6c00f Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Tue, 6 Feb 2024 14:16:20 +0000 Subject: [PATCH] hosts.lisp, distorted.lisp: Preparation for fender's move home. --- Makefile | 3 +- distorted.lisp | 106 +++++++++++++++++++++++++++++++++++++++++---------------- hosts.lisp | 43 ++++++++++++++++++++++- 3 files changed, 121 insertions(+), 31 deletions(-) diff --git a/Makefile b/Makefile index f6a075f..7afee8a 100644 --- a/Makefile +++ b/Makefile @@ -63,12 +63,13 @@ ZONESETS += distorted distorted_VIEWS = inside outside distorted_outside_NETS = dmz jump -distorted_inside_NETS = any unsafe colo vpn upn +distorted_inside_NETS = any unsafe colo vpn nvpn upn nupn distorted_all_ZONES += distorted.org.uk distorted_all_ZONES += 195.113.2.81.in-addr.arpa distorted_all_ZONES += 128-143.238.187.81.in-addr.arpa +distorted_all_ZONES += 64-79.12.169.217.in-addr.arpa distorted_all_ZONES += 64-79.198.13.212.in-addr.arpa distorted_all_ZONES += 199.29.172.in-addr.arpa diff --git a/distorted.lisp b/distorted.lisp index a35b3db..d77925e 100644 --- a/distorted.lisp +++ b/distorted.lisp @@ -91,43 +91,43 @@ :v "DKIM1" :k "rsa" :h "sha256" :s "email")) ;; Anycast services. - (dns0 :anycast ((any dns0.any) - (jump precision.jump) + (dns0 :anycast ((any dns0.any) (jump precision.jump) + (nany dns0.nany) (colo precision.colo) (dmz radius.dmz) (unsafe radius.unsafe))) - (dns1 :anycast ((any dns1.any) - (jump telecaster.jump) + (dns1 :anycast ((any dns1.any) (jump telecaster.jump) + (nany dns1.nany) (dmz vampire.dmz) (unsafe vampire.unsafe) (colo telecaster.colo))) (dns :cname dns0) - (ntp0 :anycast ((any ntp0.any) - (jump fender.jump) + (ntp0 :anycast ((any ntp0.any) (jump fender.jump) + (nany ntp0.nany) (dmz ibanez.dmz) (unsafe ibanez.unsafe) (colo fender.colo))) - (ntp1 :anycast ((any ntp1.any) - (dmz vampire.dmz) + (ntp1 :anycast ((any ntp1.any) (dmz vampire.dmz) + (nany ntp1.nany) (unsafe vampire.unsafe))) (ntp :cname ntp0) - (www-cache :anycast ((any www-cache.any) - (jump telecaster.jump) + (www-cache :anycast ((any www-cache.any) (jump telecaster.jump) + (nany www-cache.nany) (dmz roadstar.dmz) (unsafe roadstar.unsafe) (colo telecaster.colo))) (wpad :cname www-cache) (_kerberos :txt "DISTORTED.ORG.UK") - (krb0 :anycast ((any krb0.any) - (jump precision.jump) + (krb0 :anycast ((any krb0.any) (jump precision.jump) + (nany krb0.nany) (dmz radius.dmz) (unsafe radius.unsafe) (colo precision.colo))) - (krb1 :anycast ((any krb1.any) - (dmz vampire.dmz) + (krb1 :anycast ((any krb1.any) (dmz vampire.dmz) + (nany krb1.nany) (unsafe vampire.unsafe))) (krb-master (unsafe :svc radius.unsafe) (dmz :svc radius.dmz)) @@ -204,10 +204,13 @@ (fender :abbrev f (colo :abbrev fc) (jump :abbrev fj)) (fender (colo :addr fender.colo :sshfp "fender") (jump :addr fender.jump :sshfp "fender")) - (precision :abbrev p (colo :abbrev pc) (jump :abbrev pj) (vpn :abbrev pv)) + (precision :abbrev p + (colo :abbrev pc) (jump :abbrev pj) + (vpn :abbrev pv) (nvpn :abbrev pnv)) (precision (colo :addr precision.colo :sshfp "precision") (jump :addr precision.jump :sshfp "precision") - (vpn :addr precision.vpn :sshfp "precision")) + (vpn :addr precision.vpn :sshfp "precision") + (nvpn :addr precision.nvpn :sshfp "precision")) (telecaster :alias tele :abbrev t (colo :alias tele.colo :abbrev tc) (jump :alias tele.jump :abbrev tj)) @@ -218,18 +221,44 @@ (jump :alias strat.jump :abbrev sj)) (stratocaster (colo :addr stratocaster.colo :sshfp "stratocaster") (jump :addr stratocaster.jump :sshfp "stratocaster")) - (jazz :abbrev z (colo :abbrev zc) (jump :abbrev zj) (vpn :abbrev :zv)) + (jazz :abbrev z + (colo :abbrev zc) (jump :abbrev zj) + (vpn :abbrev :zv) (nvpn :abbrev :znv)) (jazz (colo :addr jazz.colo :sshfp "jazz") (jump :addr jazz.jump :sshfp "jazz") (vpn :addr jazz.vpn :sshfp "jazz") + (nvpn :addr jazz.nvpn :sshfp "jazz") (iodine :addr jazz.iodine :sshfp "jazz") (hippo :addr jazz.hippo :sshfp "jazz")) + ;; Formerly colocated hosts. + (nfender :abbrev nf (unsafe :abbrev fu) (dmz :abbrev fd)) + (nfender (unsafe :addr fender.unsafe :sshfp "fender") + (dmz :addr fender.dmz :sshfp "fender")) + (nprecision :abbrev np (unsafe :abbrev pu) (dmz :abbrev pd)) + (nprecision (unsafe :addr precision.unsafe :sshfp "precision") + (dmz :addr precision.dmz :sshfp "precision")) + (ntelecaster :alias ntele :abbrev nt + (unsafe :alias tele.unsafe :abbrev tu) + (dmz :alias tele.dmz :abbrev td)) + (ntelecaster (unsafe :addr telecaster.unsafe :sshfp "telecaster") + (dmz :addr telecaster.dmz :sshfp "telecaster")) + (nstratocaster :alias nstrat :abbrev ns + (unsafe :alias strat.unsafe :abbrev su) + (dmz :alias strat.dmz :abbrev sd)) + (nstratocaster (unsafe :addr stratocaster.unsafe :sshfp "stratocaster") + (dmz :addr stratocaster.dmz :sshfp "stratocaster")) + (njazz :abbrev nz (unsafe :abbrev zu) (dmz :abbrev zd)) + (njazz (unsafe :addr jazz.unsafe :sshfp "jazz") + (dmz :addr jazz.dmz :sshfp "jazz")) + ;; Virtual hosts. - (national :abbrev n (linode :abbrev nl) (upn :abbrev ny)) + (national :abbrev n (linode :abbrev nl) (upn :abbrev ny) (nupn :abbrev nny)) (national (linode :addr national.linode) - (upn :addr national.upn)) - (mdwdev (upn :addr mdwdev.upn)) + (upn :addr national.upn) + (nupn :addr national.nupn)) + (mdwdev (upn :addr mdwdev.upn) + (nupn :addr mdwdev.nupn)) ;; Nicko's servers. (richmond (jump :svc richmond.jump)) @@ -266,22 +295,26 @@ (safe :net safe) (untrusted :net untrusted) (vampire :abbrev v - (unsafe :abbrev vu) (dmz :abbrev vd) (vpn :abbrev vv) + (unsafe :abbrev vu) (dmz :abbrev vd) + (vpn :abbrev vv) (nvpn :abbrev vnv) (safe :abbrev vs) (untrusted :abbrev vx)) (vampire (unsafe :addr vampire.unsafe :sshfp "vampire") (dmz :addr vampire.dmz :sshfp "vampire") (vpn :addr vampire.vpn :sshfp "vampire") + (nvpn :addr vampire.nvpn :sshfp "vampire") (safe :addr vampire.safe :sshfp "vampire") (untrusted :addr vampire.untrusted :sshfp "vampire")) (ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id)) (ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez") (dmz :addr ibanez.dmz :sshfp "ibanez")) (radius :abbrev r - (unsafe :abbrev ru) (dmz :abbrev rd) (vpn :abbrev rv) + (unsafe :abbrev ru) (dmz :abbrev rd) + (vpn :abbrev rv) (nvpn :abbrev rnv) (safe :abbrev rs) (untrusted :abbrev rx)) (radius (unsafe :addr radius.unsafe :sshfp "radius") (dmz :addr radius.dmz :sshfp "radius") (vpn :addr radius.vpn :sshfp "radius") + (nvpn :addr radius.nvpn :sshfp "radius") (safe :addr radius.safe :sshfp "radius") (untrusted :addr radius.untrusted :sshfp "radius")) (roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd)) @@ -299,9 +332,10 @@ (dmz :addr artist.dmz :sshfp "artist") (untrusted :addr artist.untrusted :sshfp "artist")) (groove :abbrev gr - (unsafe :abbrev gru) (vpn :abbrev grv)) - (groove (unsafe :addr groove.unsafe :sshfp "groove") - (vpn :addr groove.vpn :sshfp "groove")) + (vpn :abbrev grv) (nvpn :abbrev ngrv) (unsafe :abbrev gru)) + (groove (vpn :addr groove.vpn :sshfp "groove") + (nvpn :addr groove.nvpn :sshfp "groove") + (unsafe :addr groove.unsafe :sshfp "groove")) ;; DHCP hosts. (gibson :cname gibson.dhcp :abbrev g) @@ -312,17 +346,21 @@ (gretsch :cname gretsch.dhcp) ;; Virtual network. - (vpn :net vpn) + (vpn :net vpn) (nvpn :net nvpn) (crybaby :abbrev cb) (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby") + (nvpn :addr crybaby.nvpn :sshfp "crybaby") (hippo :addr crybaby.hippo :sshfp "crybaby")) (spirit (vpn :addr spirit.vpn :sshfp "spirit") + (nvpn :addr spirit.nvpn :sshfp "spirit") (hippo :addr spirit.hippo :sshfp "spirit")) (terror (vpn :addr terror.vpn :sshfp "terror")) (orange :abbrev o) - (orange (vpn :addr orange.vpn :sshfp "orange")) + (orange (vpn :addr orange.vpn :sshfp "orange") + (nvpn :addr orange.nvpn :sshfp "orange")) (haze :abbrev h) - (haze (vpn :addr haze.vpn :sshfp "haze")) + (haze (vpn :addr haze.vpn :sshfp "haze") + (nvpn :addr haze.nvpn :sshfp "haze")) (iodine :net iodine) (hippo :net hippo) @@ -332,7 +370,8 @@ (mz (its :addr mz.its)) ;; Strange things. - (blackhole (jump :addr blackhole.jump)) + (blackhole (dmz :addr blackhole.dmz) + (jump :addr blackhole.jump)) ;; Delegations. (dhcp :ns ((radius.ns.dhcp :ip radius) @@ -436,6 +475,15 @@ secondary-dns.co.uk.) :reverse ((((:ipv4 dmz))))) +(defzone 64-79.12.169.217.in-addr.arpa + :ns (radius.distorted.org.uk. + vampire.distorted.org.uk. + precision.distorted.org.uk. + telecaster.distorted.org.uk. + national.distorted.org.uk. + secondary-dns.co.uk.) + :reverse ((((:ipv4 dmz1))))) + (defzone 195.113.2.81.in-addr.arpa :ns (radius.distorted.org.uk. vampire.distorted.org.uk. diff --git a/hosts.lisp b/hosts.lisp index 6731813..79c07e5 100644 --- a/hosts.lisp +++ b/hosts.lisp @@ -40,12 +40,16 @@ ;; Externally routable DMZ from Andrews and Arnold. (defnet gw "81.2.113.195") (defnet dmz "81.187.238.128/28") +(defnet dmz1 "217.169.12.64/28") (defnet distorted.org.uk-aaisp "2001:8b0:c92/48" (unsafe "1/64" (dhcp "6468:6370/96")) + (nany "0/64") (dmz "fff/64") (safe "4001/64") - (untrusted "8001/64")) + (nvpn "6000/64") + (untrusted "8001/64") + (nupn "a000/64")) ;; Externally routed colo range. (defnet jump "212.13.198.66/28") @@ -83,6 +87,16 @@ (defhost anon.jump (jump 13)) (defhost blackhole.jump ((:ipv4 jump 14) (:ipv6 jump "::ffff"))) +;; Formerly colocated addresses. +(defhost precision.dmz ((:ipv4 dmz1 1) (:ipv6 dmz 33))) +(defhost telecaster.dmz ((:ipv4 dmz1 2) (:ipv6 dmz 34))) +(defhost stratocaster.dmz ((:ipv4 dmz1 3) (:ipv6 dmz 35))) +(defhost jazz.dmz ((:ipv4 dmz1 4) (:ipv6 dmz 36))) +(defhost fender.dmz ((:ipv4 dmz1 9) (:ipv6 dmz 41))) +(defhost marshall.dmz ((:ipv4 dmz1 11) (:ipv6 dmz "::2:1"))) +(defhost richmond.dmz ((:ipv4 dmz1 12) (:ipv6 dmz "::1:1"))) +(defhost blackhole.dmz ((:ipv4 dmz1 14) (:ipv6 dmz "::ffff"))) + ;; Linode virtual hosts. (defhost national.linode ((:ipv4 "45.33.118.239") (:ipv6 "2600:3c00::f03c:91ff:fe3b:d7c1"))) @@ -94,7 +108,12 @@ (defhost artist.unsafe (unsafe 4)) (defhost vampire.unsafe (unsafe 5)) (defhost universe.unsafe (unsafe 6)) +(defhost precision.unsafe (unsafe 7)) +(defhost telecaster.unsafe (unsafe 8)) +(defhost stratocaster.unsafe (unsafe 9)) +(defhost jazz.unsafe (unsafe 10)) (defhost ibanez.unsafe (unsafe 14)) +(defhost fender.unsafe (unsafe 15)) (defhost groove.unsafe (unsafe 17)) ;; Client hosts, with IPv6 addresses. @@ -122,6 +141,7 @@ (defhost radius.untrusted (untrusted 1)) (defhost artist.untrusted (untrusted 2)) (defhost vampire.untrusted (untrusted 3)) +(defhost jazz.untrusted (untrusted 4)) ;; Virtual private network. (defhost crybaby.vpn ((:ipv4 vpn 1) (:ipv6 vpn "::1:1"))) @@ -135,10 +155,23 @@ (defhost spirit.vpn ((:ipv4 vpn 9) (:ipv6 vpn "::9:1"))) (defhost groove.vpn ((:ipv4 vpn 10) (:ipv6 vpn "::10:1"))) +(defhost crybaby.nvpn ((:ipv6 nvpn "::1:1"))) +(defhost orange.nvpn ((:ipv6 nvpn "::3:1"))) +(defhost haze.nvpn ((:ipv6 nvpn "::4:1"))) +(defhost radius.nvpn ((:ipv6 nvpn "::5:1"))) +(defhost precision.nvpn ((:ipv6 nvpn "::6:1"))) +(defhost jazz.nvpn ((:ipv6 nvpn "::7:1"))) +(defhost vampire.nvpn ((:ipv6 nvpn "::8:1"))) +(defhost spirit.nvpn ((:ipv6 nvpn "::9:1"))) +(defhost groove.nvpn ((:ipv6 nvpn "::10:1"))) + ;; Untrusted private network. (defhost national.upn ((:ipv4 upn 1) (:ipv6 upn "::1:1"))) (defhost mdwdev.upn ((:ipv4 upn 2) (:ipv6 upn "::2:1"))) +(defhost national.nupn ((:ipv6 nupn "::1:1"))) +(defhost mdwdev.nupn ((:ipv6 nupn "::2:1"))) + ;; Iodine network. (defhost jazz.iodine (iodine 1)) @@ -168,6 +201,14 @@ (defhost krb0.any ((:ipv4 any 5) (:ipv6 any "::5:1"))) (defhost krb1.any ((:ipv4 any 6) (:ipv6 any "::6:1"))) +(defhost dns0.nany ((:ipv6 nany "::0:1"))) +(defhost dns1.nany ((:ipv6 nany "::1:1"))) +(defhost ntp0.nany ((:ipv6 nany "::2:1"))) +(defhost ntp1.nany ((:ipv6 nany "::3:1"))) +(defhost www-cache.nany ((:ipv6 nany "::4:1"))) +(defhost krb0.nany ((:ipv6 nany "::5:1"))) +(defhost krb1.nany ((:ipv6 nany "::6:1"))) + ;;;-------------------------------------------------------------------------- ;;; Host switch. -- 2.11.0