distorted.lisp: Avoid repeating the tedious details for our internal CA.

[zones] / distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index ae1c623ec31eb4aea28219dcaeaf7ce342b6e2e3..0277696709823166ab9d8c68d5e0e2adb01ffa18 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -149,15 +149,11 @@ (defzone distorted.org.uk
                  (jump :svc stratocaster.jump :sshfp "stratocaster"))
   ((www @) :tlsa (:https (:service-certificate-constraint
                          :certificate :sha-256 #p"http-server-www#1")))
-  (git :tlsa (:https (:trust-anchor-assertion
-                     :certificate :sha-256 #p"distorted-ca")))
-  (www-cache :tlsa (3127 (:trust-anchor-assertion
-                         :certificate :sha-256 #p"distorted-ca")))
-  ((bugs lists) :tlsa (:smtp (:trust-anchor-assertion
-                             :certificate :sha-256 #p"distorted-ca")))
-  (mail :tlsa ((:smtp :submission :imap)
-              (:trust-anchor-assertion
-               :certificate :sha-256 #p"distorted-ca")))
+  ((git mail) :tlsa (:https #1=(:trust-anchor-assertion
+                               :certificate :sha-256 #p"distorted-ca")))
+  (www-cache :tlsa (3127 #1#))
+  ((bugs lists) :tlsa (:smtp #1#))
+  (mail :tlsa ((:smtp :submission :imap :imaps) #1#))
   :svc #+view/inside stratocaster.colo
        #-view/inside stratocaster.jump
   (cabal :svc stratocaster.colo :sshfp "stratocaster")
@@ -210,6 +206,11 @@ (defzone distorted.org.uk
        (vpn :addr jazz.vpn :sshfp "jazz")
        (iodine :addr jazz.iodine :sshfp "jazz"))
 
+  ;; Virtual hosts.
+  (national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
+  (national (linode :addr national.linode)
+           (upn :addr national.upn))
+
   ;; Media server (on loan to Good Technology HSTG).
   (jaguar :abbrev jag)
   (jaguar (jump :addr jaguar.jump :sshfp "jaguar"))