distorted.lisp: Prepare for LetsEncrypt certificate on outward IMAP/SMTP.

Some SMTP TLS checking tools complain about the use of private
certificate authorities by public SMTP servers.  And I must admit that,
while an SMTP server which uses an unverifiable certificate is much
better than one which doesn't try to use TLS at all, it's not as good as
it could be.  So I want to use a LetsEncrypt certificate here.  Prepare
for this by publishing the service public key hash in the TLSA records.

diff --git a/distorted.lisp b/distorted.lisp
index 88c9bd271111eb27a9fd457326b368df4c721e80..bbf06572b6a25a991bebfdff5327cc7ead541b7f 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -150,19 +150,19 @@ (defzone distorted.org.uk
                                      :public-key :sha-256 #p"https-jazz")))
   ((bugs lists db ftp) (colo :svc telecaster.colo :sshfp "telecaster")
                       (jump :svc telecaster.jump :sshfp "telecaster"))
-  ((bugs lists ftp) :tlsa (:https (:service-certificate-constraint
-                                  :public-key :sha-256
-                                  #p"https-telecaster")))
+  ((bugs lists ftp) :tlsa (:https #3=(:service-certificate-constraint
+                                     :public-key :sha-256
+                                     #p"https-telecaster")))
   (dyndns :svc telecaster.jump :sshfp "telecaster")
   ((git www mail) (colo :svc stratocaster.colo :sshfp "stratocaster")
                  (jump :svc stratocaster.jump :sshfp "stratocaster"))
-  ((www git mail @) :tlsa (:https (:service-certificate-constraint
-                                  :public-key :sha-256
-                                  #p"https-stratocaster")))
+  ((www git mail @) :tlsa (:https #2=(:service-certificate-constraint
+                                     :public-key :sha-256
+                                     #p"https-stratocaster")))
   (www-cache :tlsa (3127 #1=(:trust-anchor-assertion
                             :certificate :sha-256 #p"distorted-ca")))
-  ((bugs lists) :tlsa (:smtp #1#))
-  (mail :tlsa ((:smtp :submission :imap :imaps) #1#))
+  ((bugs lists) :tlsa (:smtp #1# #3#))
+  (mail :tlsa ((:smtp :submission :imap :imaps) #1# #2#))
   :svc #+view/inside stratocaster.colo
        #-view/inside stratocaster.jump
   (cabal :svc stratocaster.colo :sshfp "stratocaster")