distorted.lisp, hosts.lisp: Proper VPN address for groove.

[zones] / distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index 80200d24c19c152455471fc2c6d82050e81c4bb6..82010f817c39ea9b21bc750a87a2eeb61a9ec283 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -138,6 +138,15 @@ (defzone distorted.org.uk
             (jump :svc jazz.jump :sshfp "jazz"))
   ((git www mail) (colo :svc stratocaster.colo :sshfp "stratocaster")
                  (jump :svc stratocaster.jump :sshfp "stratocaster"))
+  ((www @) :tlsa (:https (:service-certificate-constraint
+                         :certificate :sha-256 #p"http-server-www#1")))
+  (git :tlsa (:https (:trust-anchor-assertion
+                     :certificate :sha-256 #p"distorted-ca")))
+  (www-cache :tlsa (3127 (:trust-anchor-assertion
+                         :certificate :sha-256 #p"distorted-ca")))
+  (mail :tlsa ((:smtp :submission :imap)
+              (:trust-anchor-assertion
+               :certificate :sha-256 #p"distorted-ca")))
   :svc #+view/inside stratocaster.colo
        #-view/inside stratocaster.jump
   (cabal :svc stratocaster.colo :sshfp "stratocaster")
@@ -216,12 +225,15 @@ (defzone distorted.org.uk
   (firebird :cname firebird.dhcp)
   (marauder :cname marauder.dhcp)
   (invader :cname invader.dhcp)
+  (gretsch :cname gretsch.dhcp)
 
   ;; Virtual network.
   (vpn :net vpn)
   (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby"))
   (terror (vpn :addr terror.vpn :sshfp "terror"))
   (orange (vpn :addr orange.vpn :sshfp "orange"))
+  (haze (vpn :addr haze.vpn :sshfp "haze"))
+  (groove (vpn :addr groove.vpn :sshfp "groove"))
   (iodine :net iodine)
 
   ;; ITS.