2 files changed, 41 insertions, 1 deletions

diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
index b87dc67..d819e81 100644
--- a/hosts/by-name/server3/configuration.nix
+++ b/hosts/by-name/server3/configuration.nix
@@ -1,4 +1,4 @@
-{config, ...}: {
+{...}: {
   imports = [
     ./networking.nix # network configuration that just works
     ./hardware.nix
@@ -12,6 +12,10 @@
       user = "u384702-sub4";
     };
     fail2ban.enable = true;
+    nix-sync = {
+      enable = true;
+      domains = import ./websites.nix {};
+    };
     mastodon = {
       enable = true;
       domain = "mastodon.vhack.eu";
diff --git a/hosts/by-name/server3/websites.nix b/hosts/by-name/server3/websites.nix
new file mode 100644
index 0000000..466f1e9
--- /dev/null
+++ b/hosts/by-name/server3/websites.nix
@@ -0,0 +1,36 @@
+{...}: let
+  mkWkd = domain: {
+    domain = "openpgpkey.${domain}";
+    repositoryUrl = "https://git.foss-syndicate.org/vhack.eu/pgp-wkd.git";
+    extraSettings = {
+      locations."/.well-known/openpgpkey/".extraConfig = ''
+        default_type application/octet-stream;
+
+        # Came from: https://www.uriports.com/blog/setting-up-openpgp-web-key-directory/
+        # No idea if it is actually necessary
+        # add_header Access-Control-Allow-Origin * always;
+      '';
+    };
+  };
+in [
+  {
+    domain = "vhack.eu";
+    repositoryUrl = "https://codeberg.org/vhack.eu/website.git";
+  }
+  {
+    domain = "b-peetz.de";
+    repositoryUrl = "https://git.foss-syndicate.org/bpeetz/b-peetz.de.git";
+  }
+
+  # Trinitrix
+  {
+    domain = "trinitrix.vhack.eu";
+    repositoryUrl = "https://codeberg.org/trinitrix/website.git";
+  }
+
+  # WKD
+  (mkWkd "b-peetz.de")
+  (mkWkd "s-schoeffel.de")
+  (mkWkd "sils.li")
+  (mkWkd "vhack.eu")
+]