5 files changed, 59 insertions, 3 deletions

diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
index 2afc79f..d819e81 100644
--- a/hosts/by-name/server3/configuration.nix
+++ b/hosts/by-name/server3/configuration.nix
@@ -1,4 +1,4 @@
-{config, ...}: {
+{...}: {
   imports = [
     ./networking.nix # network configuration that just works
     ./hardware.nix
@@ -7,11 +7,15 @@
   vhack = {
     backup = {
       enable = true;
-      privateSshKey = ./secrets/backupssh.age;
-      privatePassword = ./secrets/backuppass.age;
+      privateSshKey = ./secrets/backup/backupssh.age;
+      privatePassword = ./secrets/backup/backuppass.age;
       user = "u384702-sub4";
     };
     fail2ban.enable = true;
+    nix-sync = {
+      enable = true;
+      domains = import ./websites.nix {};
+    };
     mastodon = {
       enable = true;
       domain = "mastodon.vhack.eu";
@@ -23,6 +27,7 @@
       enable = true;
       fqdn = "matrix.vhack.eu";
       url = "vhack.eu";
+      sharedSecretFile = ./secrets/matrix/passwd.age;
     };
     miniflux = {
       enable = true;
diff --git a/hosts/by-name/server3/secrets/backuppass.age b/hosts/by-name/server3/secrets/backup/backuppass.age
index e7eea19..e7eea19 100644
--- a/hosts/by-name/server3/secrets/backuppass.age
+++ b/hosts/by-name/server3/secrets/backup/backuppass.age
diff --git a/hosts/by-name/server3/secrets/backupssh.age b/hosts/by-name/server3/secrets/backup/backupssh.age
index ae8c5ec..ae8c5ec 100644
--- a/hosts/by-name/server3/secrets/backupssh.age
+++ b/hosts/by-name/server3/secrets/backup/backupssh.age
diff --git a/hosts/by-name/server3/secrets/matrix/passwd.age b/hosts/by-name/server3/secrets/matrix/passwd.age
new file mode 100644
index 0000000..6386ed6
--- /dev/null
+++ b/hosts/by-name/server3/secrets/matrix/passwd.age
@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrRFcxajBUb2s4dDVKeVZF
+bFE1NUNwS2p0NjhZd2Y0MWNNbFFDcE1VSTJ3Cmdsdmh1MFJ2bWcxVWZlVm1idGdC
+aXU3bnlmVkpydXpMYnh2djNURjd6L0UKLT4gWDI1NTE5IHRidGtkVGZDV0Npck9q
+Y1pRYjVUVWVYMkZxcCtyTGRkQWRGQXB1dEhVR3cKQzNwQndqZTBHTVBnbUg5bWNk
+ZFpOSG1UZzZXQ2kxQjRXUS80Tmx0ZURiMAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+YmNaeGV2WTJqZFFSTXhDS1hScDZrV1ZWU1FyYWRtSGNoR3NGUjZ0WmpqSQptRnR5
+cDI4VDFXL2t3VzdnSGF5VzBIbzhzU1NuQmNuUXhReHNVNGd4bnFJCi0+ICJ9OUlg
+LWdyZWFzZQpDYks4Y2dUeEowTHh6cnJsNmpXRGpDYWU1RkRwbC9nYjB2RmtMZjhy
+dTBhVEU1ak04U0VYUkh0WUJsK3h5cXBRCmZ4ekRRczFDZWptWkJQbXZ6NDU0dUh3
+RTlkVkxxQ00xeHNmMkZSS0JIZGpmOU5UYSt1bWdRNlZWbC9ZdQotLS0gbG9RR0Iv
+OTBleHBTS1ZVYjZSODEranR5cGxsTkh1elZwQi9Gd21VbUxkRQoJ+dUdl1CVle6A
+sLVikThgDKKpMekZeLhx97gC6Vxfxd9oJiw1SS7xOjMZz6xcOCG1l1NidrNHmhnK
+4xQMcvHU+5Ogw3YUnPcL1sGjYWkvgUcwie+WEKZFXkCaJwz91ria
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/websites.nix b/hosts/by-name/server3/websites.nix
new file mode 100644
index 0000000..466f1e9
--- /dev/null
+++ b/hosts/by-name/server3/websites.nix
@@ -0,0 +1,36 @@
+{...}: let
+  mkWkd = domain: {
+    domain = "openpgpkey.${domain}";
+    repositoryUrl = "https://git.foss-syndicate.org/vhack.eu/pgp-wkd.git";
+    extraSettings = {
+      locations."/.well-known/openpgpkey/".extraConfig = ''
+        default_type application/octet-stream;
+
+        # Came from: https://www.uriports.com/blog/setting-up-openpgp-web-key-directory/
+        # No idea if it is actually necessary
+        # add_header Access-Control-Allow-Origin * always;
+      '';
+    };
+  };
+in [
+  {
+    domain = "vhack.eu";
+    repositoryUrl = "https://codeberg.org/vhack.eu/website.git";
+  }
+  {
+    domain = "b-peetz.de";
+    repositoryUrl = "https://git.foss-syndicate.org/bpeetz/b-peetz.de.git";
+  }
+
+  # Trinitrix
+  {
+    domain = "trinitrix.vhack.eu";
+    repositoryUrl = "https://codeberg.org/trinitrix/website.git";
+  }
+
+  # WKD
+  (mkWkd "b-peetz.de")
+  (mkWkd "s-schoeffel.de")
+  (mkWkd "sils.li")
+  (mkWkd "vhack.eu")
+]