about summary refs log tree commit diff stats
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/by-name/server1/configuration.nix46
-rw-r--r--hosts/by-name/server2/configuration.nix41
-rw-r--r--hosts/by-name/server2/secrets/backup/backuppass.age14
-rw-r--r--hosts/by-name/server2/secrets/backup/backupssh.age22
-rw-r--r--hosts/by-name/server2/secrets/etesync/secret_file.age17
-rw-r--r--hosts/by-name/server3/configuration.nix72
-rw-r--r--hosts/by-name/server3/hardware.nix (renamed from hosts/by-name/server1/hardware.nix)3
-rw-r--r--hosts/by-name/server3/networking.nix (renamed from hosts/by-name/server1/networking.nix)24
-rw-r--r--hosts/by-name/server3/secrets/backup/backuppass.age13
-rw-r--r--hosts/by-name/server3/secrets/backup/backupssh.age22
-rw-r--r--hosts/by-name/server3/secrets/mastodon/mail.age14
-rw-r--r--hosts/by-name/server3/secrets/matrix/passwd.age15
-rw-r--r--hosts/by-name/server3/secrets/miniflux/admin.age14
-rw-r--r--hosts/by-name/server3/secrets/peertube/general.age16
-rw-r--r--hosts/by-name/server3/secrets/peertube/smtp.age15
-rw-r--r--hosts/by-name/server3/websites.nix36
-rw-r--r--hosts/host-names.toml2
17 files changed, 322 insertions, 64 deletions
diff --git a/hosts/by-name/server1/configuration.nix b/hosts/by-name/server1/configuration.nix
deleted file mode 100644
index 6bb1067..0000000
--- a/hosts/by-name/server1/configuration.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{config, ...}: {
-  imports = [
-    ./networking.nix # network configuration that just works
-    ./hardware.nix
-
-    ../../../system
-  ];
-
-  vhack = {
-    back = {
-      enable = true;
-      repositories = {
-        "${config.services.gitolite.dataDir}/vhack.eu/nixos-config.git" = {
-          domain = "issues.vhack.eu";
-          port = 9220;
-        };
-      };
-    };
-    etesync.enable = true;
-    git-server.enable = true;
-    nginx.enable = true;
-    nix-sync.enable = true;
-    openssh.enable = true;
-    peertube.enable = true;
-    postgresql.enable = true;
-    redlib.enable = true;
-    users.enable = true;
-    persist = {
-      enable = true;
-      directories = [
-        "/var/log"
-
-        # TODO(@bpeetz): Instead of persisting that, encode each uid/gid directly in the
-        # config. <2024-12-24>
-        "/var/lib/nixos"
-      ];
-    };
-  };
-
-  boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = true;
-  networking.hostName = "server1";
-  networking.domain = "vhack.eu";
-
-  system.stateVersion = "22.11";
-}
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix
index 07b78c3..c373d28 100644
--- a/hosts/by-name/server2/configuration.nix
+++ b/hosts/by-name/server2/configuration.nix
@@ -4,28 +4,58 @@
     ./hardware.nix
   ];
 
+  sils = {
+    gallery = {
+      enable = true;
+      domain = "gallery.s-schoeffel.de";
+    };
+  };
+
   vhack = {
     back = {
       enable = true;
-      repositories = {
-        "${config.services.gitolite.dataDir}/repositories/vhack.eu/nixos-server.git" = {
-          domain = "issues.foss-syndicate.org";
-          port = 9220;
-        };
+      domain = "issues.foss-syndicate.org";
+      settings = {
+        scan_path = "${config.services.gitolite.dataDir}/repositories";
+        project_list = "${config.services.gitolite.dataDir}/projects.list";
       };
     };
+    backup = {
+      enable = true;
+      privateSshKey = ./secrets/backup/backupssh.age;
+      privatePassword = ./secrets/backup/backuppass.age;
+      user = "u384702-sub3";
+    };
+    etesync = {
+      enable = true;
+      secretFile = ./secrets/etesync/secret_file.age;
+    };
     fail2ban.enable = true;
     git-server = {
       enable = true;
       domain = "git.foss-syndicate.org";
       gitolite.adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532";
     };
+    invidious-router = {
+      enable = true;
+      domain = "invidious-router.vhack.eu";
+      extraDomains = [
+        "video.fosswelt.org"
+        "invidious-router.sils.li"
+      ];
+    };
+    mail = {
+      enable = true;
+      fqdn = "mail.foss-syndicate.org";
+    };
     nginx = {
       enable = true;
       redirects = {
         "source.foss-syndicate.org" = "https://git.foss-syndicate.org/vhack.eu/nixos-server";
+        "source.vhack.eu" = "https://source.foss-syndicate.org";
       };
     };
+    nixconfig.enable = true;
     openssh.enable = true;
     persist = {
       enable = true;
@@ -33,6 +63,7 @@
         "/var/log"
       ];
     };
+    redlib.enable = true;
     rust-motd.enable = true;
     users.enable = true;
   };
diff --git a/hosts/by-name/server2/secrets/backup/backuppass.age b/hosts/by-name/server2/secrets/backup/backuppass.age
new file mode 100644
index 0000000..5fd5568
--- /dev/null
+++ b/hosts/by-name/server2/secrets/backup/backuppass.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2R1JQczJDblhnWmZQMkJU
+SVNwS2RNSkMwNHVGdHg4U1dsdXdXUTVOanlVCjNPQWxST2pnYXdIVjl1TExQNzlt
+V0QwTzdWcTNJM0lJNW1OaExHcjlhWU0KLT4gWDI1NTE5IG10Y01KcDJWUUV5SVo2
+RmlMbHNWcS82enAvckZSWUVQbFdyMTdtY2NqR1kKbmVtSzRGYVdiTWdyMTA0SWQy
+M1FYWTZidWI5UGIvVmxYbUphQkhJWUt4SQotPiBzc2gtZWQyNTUxOSBYUG94RFEg
+WTd4ekxiWUR0WVoybU5VVy9TenpldDRMSTduQm5idzJZSWVCMHRlZmVEbwpqamps
+Q2tuUHc0bU1kcHIvZ3FQalVMMWZ6aThsRDRNOHpUOTVGbkZ6TnR3Ci0+IDttZ2VJ
+RzMtZ3JlYXNlIDFXIEpeIicqID1JLSFZaDcgd0ZzOjUKc3dCbDdjNmEzRUtjc0VN
+SHM2MU4zVkFhQWdHd0JxVnpFVDN0UHpQYVE0d2s0QmQwbzRZZHpzanQzYnZRCi0t
+LSBpR0E0V3FiV2pjVWt2OFY5UE1BQlpteXZWekZNK1lHSFV4TzFQVVV0em9RChir
++4/eHcBC2sNJgSssV4Zh/7p2GZrN7fyuxc29lhhGAQsRZ+VE9xSy08q2vIPRlqjf
+nG72bAKGPiviFpH+uCWWllwoERST1QkkcqpyPjXzVpHrElSXHeE=
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server2/secrets/backup/backupssh.age b/hosts/by-name/server2/secrets/backup/backupssh.age
new file mode 100644
index 0000000..c2d3abb
--- /dev/null
+++ b/hosts/by-name/server2/secrets/backup/backupssh.age
@@ -0,0 +1,22 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjclNCOGsxNUNEWEJDSGpQ
+MW8vc2FnakpTczhVbEFFenk5V2tSZm5IdGpvCkVzejlwT2svT2pLRExDbTdXajEy
+elp5QTBTRGErL3NkRmJIU2lVNTI5V00KLT4gWDI1NTE5IFRjamhzdlhDUVl2RkhY
+ZUhwTmg2V2NCeHFUb2hWdFMxL0czUWZteE5tSFkKaWNFa2NhdzQrZUNWMVFKRzNP
+QVJzdEJZRXZlRUFQMTBscGZRNC83Rk55RQotPiBzc2gtZWQyNTUxOSBYUG94RFEg
+R1JVdEU0SGJNak16ZmRaNzdlaTd5ZUdjUjYzZ3ljQ3J2cGkxUDV3TE93bwpQbDlE
+SUFBblNvUmR4N09MUHFuamtiUVh0M244SGluZmFzenc0OS9uakNZCi0+IEwtZ3Jl
+YXNlICp6IDp6OEJTIW43IHNaUih6YApuUmRZeWZwdFRCOTFTSXlMVkZxYW52azd4
+ZisrSmR6SEhJTWlGNWxtVzJBRWdmMnBhWVRuc1J0QUgxZ0lKZ0dLCm1KdklXL2xn
+M3Y0NUVmeDhLWHRHWlhSbzhmNGNUU3R0OFdBCi0tLSB3UHphWkpuU1RENU16Nkln
+V2k5TjRhejdCd2VCMXBaU0JSaEtuTmdvWTBnCpLTtP020Vy7Rldly79rARfETmam
+kbRUCWiyHeKnFUWeraVr1R/l4Rt5QJh9Y6hxEBudymbyOy0VMZiQPZv7jq/pmDiB
+ULnSnfRVZM7gmU09loxf9S4LatDT/Rjf/B8uMef7Ru89DH0fnewmSGcn0KkQMUNg
++ZNtg1Qti3R1baF7ZyXZfi1UY2oIbVe1T4iZQm7n0RdP/+taCm4EfNmX3QQely/R
+CTRWl3An28JTWUePAO5qJWlvisRjNWFlsFGA+UZSRQVfWmiSnMlZ1PNbnNAo9+K4
+lIn2LNLZAOh0Cp+Rl38pusLlVLefyXhomdrp6vfE6mxBTk3scVfipDrChyt8jvbM
+2CxUA2zhZ63kNDsQmrEbH375XKzOy2vIPMTzohQx3uN0fFBIQW9pPJcNCN7jJOQU
+8CCL0R56Q5nQbNI+oz4oBuolhszkYPaiIzBlcHjjJUjxnUa5RX0SXTI7gCkqlIqZ
+niS9z1Vql3QUTdPEyrhfzwOqDcGWr6B/edNHE6D5ILUm5mis/mJgRcEiF0Y/BlZi
+mHPTGVdzkhtIIGEqiSlWMvB6zoL4uTru+yiB
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server2/secrets/etesync/secret_file.age b/hosts/by-name/server2/secrets/etesync/secret_file.age
new file mode 100644
index 0000000..ac578a4
--- /dev/null
+++ b/hosts/by-name/server2/secrets/etesync/secret_file.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheEs5eGhURk1DY2RpczNV
+RUNzREpUdFZpdXBzMlhMbW8zT3BGUzJMT0ZBClBqRUhEdU9VY1FzYkxnN3NpY3Ew
+Wk1tRmVxaDJoL1dySDBKWndmOGNtaGsKLT4gWDI1NTE5IHJXWk5mYjFBczVyWnNN
+S1B5WWVnaGdhVXRXMGxuY3NrL3VyQXJteUkvUncKSENKVkQramxwU2E1S3dvN0du
+cUFzQktMdFVGdjRuaFNaUHBxV3ZaWThvawotPiBzc2gtZWQyNTUxOSBYUG94RFEg
+Z2t3TVN6R1p5UDNHNS9LbklKKyszcUI3bHNTZjBOeGQ3ektNeGt6ekpWZwpoZ1Vo
+Z0laeStlMDFQRlE1T25Td1pGRFhlWVg5L1JxTG8wU3dwZXpQQlFRCi0+IFRWeScp
+KC1ncmVhc2UKbk14RXlNNW5lZXNFNXJoM1ptMHFWTTZmTk5LVnZOcGhRNVIvZjd2
+aTFhRHViWU0KLS0tICt2TnhuME1yUUxqckRacSthQThYOWxkbnl4R2tMc3B4TjRv
+WnJMZUhXWmsKwIbI3Wixb/DAac1pHDpRIf+kznq7RKoO/FrSeR6J3gjntMtS8lwW
+c+D2NWYqlURR68o5+kJ5dzCpa+oOHy3fnU9yV18fzhOaqz8bWjYpjl1pAxjEIDMO
+p5hNsry2WGegLe3dAFwj+c0f52qHCZhcqBvaizUssIN0wkugK6Uq+JtgHMOWMLxg
+2qJPc11soq/CfWJvKMzQWMN2ndnjD4s0ZOVLFHuL6/kSFnPlN/1SP3/3Z8cEerm0
+C4GEjDwRei7iHdBuILStgjneJoaxXLZth4ZdsgH/Jd0wmaERg+DytIDqE5ryRG6f
+Jo2VR/wUvq+UGgJuCAo6L6vGtBHuwTo7X5azQQwlRCdg
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
new file mode 100644
index 0000000..d819e81
--- /dev/null
+++ b/hosts/by-name/server3/configuration.nix
@@ -0,0 +1,72 @@
+{...}: {
+  imports = [
+    ./networking.nix # network configuration that just works
+    ./hardware.nix
+  ];
+
+  vhack = {
+    backup = {
+      enable = true;
+      privateSshKey = ./secrets/backup/backupssh.age;
+      privatePassword = ./secrets/backup/backuppass.age;
+      user = "u384702-sub4";
+    };
+    fail2ban.enable = true;
+    nix-sync = {
+      enable = true;
+      domains = import ./websites.nix {};
+    };
+    mastodon = {
+      enable = true;
+      domain = "mastodon.vhack.eu";
+      enableTLD = false;
+      tld = "vhack.eu";
+      mailPwFile = ./secrets/mastodon/mail.age;
+    };
+    matrix = {
+      enable = true;
+      fqdn = "matrix.vhack.eu";
+      url = "vhack.eu";
+      sharedSecretFile = ./secrets/matrix/passwd.age;
+    };
+    miniflux = {
+      enable = true;
+      domain = "miniflux.foss-syndicate.org";
+      extraDomains = [
+        "rss.foss-syndicate.org"
+        "rss.vhack.eu"
+        "miniflux.vhack.eu"
+      ];
+      adminCredentialsFile = ./secrets/miniflux/admin.age;
+    };
+    murmur = {
+      enable = true;
+      host = "mumble.vhack.eu";
+      name = "vhack";
+      url = "vhack.eu";
+    };
+    nixconfig.enable = true;
+    openssh.enable = true;
+    peertube = {
+      enable = true;
+      peertubeGeneral = ./secrets/peertube/general.age;
+      smtpPasswordFile = ./secrets/peertube/smtp.age;
+    };
+    persist = {
+      enable = true;
+      directories = [
+        "/var/log"
+      ];
+    };
+    postgresql.enable = true;
+    rust-motd.enable = true;
+    users.enable = true;
+  };
+
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+  networking.hostName = "server3";
+  networking.domain = "vhack.eu";
+
+  system.stateVersion = "24.11";
+}
diff --git a/hosts/by-name/server1/hardware.nix b/hosts/by-name/server3/hardware.nix
index 9abc64c..a6e4e40 100644
--- a/hosts/by-name/server1/hardware.nix
+++ b/hosts/by-name/server3/hardware.nix
@@ -9,6 +9,7 @@
     # FIXME: Find a better way to specify the disk
     disk = "/dev/vda";
   };
+
   boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
-  boot.initrd.kernelModules = [];
+  nixpkgs.hostPlatform = "x86_64-linux";
 }
diff --git a/hosts/by-name/server1/networking.nix b/hosts/by-name/server3/networking.nix
index dd9b9af..9f4eb27 100644
--- a/hosts/by-name/server1/networking.nix
+++ b/hosts/by-name/server3/networking.nix
@@ -3,12 +3,11 @@
   # details gathered from the active system.
   networking = {
     nameservers = [
-      "8.8.8.8"
+      "46.38.225.230"
+      "46.38.252.230"
+      "2a03:4000:0:1::e1e6"
     ];
-    defaultGateway = {
-      address = "89.58.56.1";
-      interface = "eth0";
-    };
+    defaultGateway = "92.60.36.1";
     defaultGateway6 = {
       address = "fe80::1";
       interface = "eth0";
@@ -19,19 +18,23 @@
       eth0 = {
         ipv4.addresses = [
           {
-            address = "89.58.58.33";
+            address = "92.60.38.179";
             prefixLength = 22;
           }
         ];
         ipv6.addresses = [
           {
-            address = "2a03:4000:6a:3f3::1";
+            address = "2a03:4000:33:25b::4f4e";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::98ed:a0ff:fecb:ea48";
             prefixLength = 64;
           }
         ];
         ipv4.routes = [
           {
-            address = "89.58.56.1";
+            address = "92.60.36.1";
             prefixLength = 32;
           }
         ];
@@ -44,9 +47,8 @@
       };
     };
   };
-
-  # cat /sys/class/net/eth0/address
   services.udev.extraRules = ''
-    ATTR{address}=="66:22:6d:82:93:9b", NAME="eth0"
+    ATTR{address}=="9a:ed:a0:cb:ea:48", NAME="eth0"
+
   '';
 }
diff --git a/hosts/by-name/server3/secrets/backup/backuppass.age b/hosts/by-name/server3/secrets/backup/backuppass.age
new file mode 100644
index 0000000..e7eea19
--- /dev/null
+++ b/hosts/by-name/server3/secrets/backup/backuppass.age
@@ -0,0 +1,13 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cUM5S1FKZis0R0o2czRs
+cnVCQXlqdXNDWjMvSVlwUEF5S1pTKzNNR2w0ClgycUdEc1EyMjhJZ2lBMjhXVk5n
+V3djaVduV3Q4RWw1KzJNQXNYdmhjR1UKLT4gWDI1NTE5IG44TU9lcGc2NkRmczVS
+R1hkd0xyVUZwYWVRM05PZzhCK3BkMGFkUDJobXcKejhGMHpQWG4zdnU3WmFBNkhG
+Wk5kZy9UWThQcUdRLzBNbEE1c3VrTXdURQotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+RkMwdENYRUFSRHoxTDRHK2xsQndTekJSZ3NmWnlMMW11TjkxTWpMQnJTTQpOSVF5
+RzQ0aXpIeUkyeWJPdlFoWHJPSy9lU2tVUFNOQUVPNXRrZUE4SnN3Ci0+IEEjQUVl
+XGxgLWdyZWFzZSA9WVwxaU4hTgpkbTIyMDBuSWhsSEJueGMKLS0tIEh3ZEhoN0FI
+NnlUa2ZHdVFmWkVQY3h2ejM4ZkUzcEc1MEcydlRzdVA5UGcKhFaeVepKkQHcbhHS
+uxZnlCZoJHEFhc4vCK0w588WJIfkilDk7b5uH/Cn8kWFWLsX0FFe/kk350gEVVm7
+UUndM/+sAEoVzQR8HO1XWGZDd1T70myysBsutA==
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/secrets/backup/backupssh.age b/hosts/by-name/server3/secrets/backup/backupssh.age
new file mode 100644
index 0000000..ae8c5ec
--- /dev/null
+++ b/hosts/by-name/server3/secrets/backup/backupssh.age
@@ -0,0 +1,22 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNjNnRUMzK1FWWFNEQUtC
+ZjF0dFVVTllrYW0ySEt3eHNyL1RhbkZDeWowCnBldm9oSHhuUm1EM3JXbnRZc3JB
+WGVNZGdSNm45L3JEenNlcEZqSXdaS0EKLT4gWDI1NTE5IGpZaTA3RUNGbXF4a1Ji
+MWJwRkZkM3dqaldMN2d5Wm9mbmxoQmhKeldNeUEKZ0dQZlU1MVhTLzlGMVNSZEhG
+MEo2cGxZUXhnbEF2OXFiWjk4bmZIaVdSNAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+UEg4a05hMGQxUmZPMExzOXZtTVMySWdibHdudDFSWkFuUXlveFFOQnl3Zwp0QkZY
+QStEeCtKMXZFd3hmVkd3NXZuK0hKdWxSMzBoMjhuV2thd0dxR0IwCi0+IGtfJFgt
+Z3JlYXNlIFJgYHggfTh8QEogJDx+J2tcCjhja3owNWtBVmhSeFIyK0xIcWplMG1m
+RiszK05oZktPTVlpSXFRTFVTaWVBeEFCdTZuRWMvdHJFYU10NlNpVGYKYnhkOEor
+c1c2ZwotLS0gMmR1djFRTGJ2Qy9hODdGa1RFSVRxQk4rTFB6WW1YZnN2bFhrRDF3
+ZENqNAoTSBXv8NPsyt2RH+qJcbsMMhJ0qqCmyeUWF3Uicv6fiN99TB7xjD6lRXdB
+utfLiuBr0gt73QEb44AQFAGzG3Jig9Ql/UFubeKaMRVBscQ4FJXYnHlEK8aB7sVs
+k6VgI/Uvs6YH3YDlATfCaD8d/ASG30whH1TcgH6KF3GPX112uUqkIscGifFz4wxu
+Fa8Av9XmkBdIQAPS3ze10O866m5Fv4vWeJZ1KEhzV+0nSrBZKPS9a2JqI1c63kz8
+2txZHm26gS4duDqncwnL41jmZ5GX7+TWTj3adIBQrXVSlUPb9h4t5NX2IMS1Fuj8
+UuvKDZplTGEmIJZGoF79VOqOhoCUg9+lqEd53BaAKlLSuHrUeZ1v0IhhquMiOMSt
+TrtuhEvdhiH92eWOBNkDNeoEzxU1wCLc1YOk7QCAQEOy0HM5oMntlbMDc+4QmZXz
+1QYQKEEMVAi4B53Mm4OFwHTi6GMqDT2r6PsP86uzCB1F8V7q2LDmPnD1rGTQ46al
+N8XFq/3uEqd/yNaZU6kffpdK25ibytmvLhjWQ+0LNrUtfftqeTZzaxApQc6bGW5K
+KbBnN1A=
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/secrets/mastodon/mail.age b/hosts/by-name/server3/secrets/mastodon/mail.age
new file mode 100644
index 0000000..882ade9
--- /dev/null
+++ b/hosts/by-name/server3/secrets/mastodon/mail.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeTFoTjB6RTZHbDVzUzg2
+SzNnSE9aSi9yZUNSWWVKNlQxWUo1Y2M1R1h3CjR0RW8xdEtUTlBTcU9DWWE2OVVX
+WEJVVkF2bmtQaUxrK0Vpb21qSCtUcncKLT4gWDI1NTE5IG1JY25Jdmo3UWt4aXJK
+VTRFZVNja2R6MzlJcVMvdHhqZTY0WS91Vnp3Vk0KUG4xbVR2V3k0OFJCVFplODcw
+R0ZDSExRTzVpRWVyM0E4VVRvMXE5cHpWUQotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+RFFHaXFrS0IyWnVYdDE5aFhHNnZFSFY3S1ZVZHovRTRrV3VKV3JBQnJVTQordzJ5
+V0hpZ3dsdDVHODluNnRzWlBHRFBBcnVya0dMNTU3T2Z3NkpVZHBvCi0+IFB7LX5l
+Vm5wLWdyZWFzZSA8NVIgV08zU3lBIGBZJSAnRQpwbDZTUTNqdVd4MHFNNVRVZ1pQ
+MG1qcUtjVGRreU9zMwotLS0gMVJ4eldEQlRTTmdraDJDM2pzbkZOY0t6Wnl6TDd1
+cFRXZXJmS1FTMEtyNApWNUWWIXokgwgI+2GT+sBkTzFbXM4CPpIq2QOGRWMrRMmw
+dHoK5NJEI7uw9mP9t6PI04THBqVL5YotJtZkAk1Sx00SWvyLPpZRsSBdH11YiRAb
+jIx0T573hbbFoMNlZHoJ
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/secrets/matrix/passwd.age b/hosts/by-name/server3/secrets/matrix/passwd.age
new file mode 100644
index 0000000..6386ed6
--- /dev/null
+++ b/hosts/by-name/server3/secrets/matrix/passwd.age
@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrRFcxajBUb2s4dDVKeVZF
+bFE1NUNwS2p0NjhZd2Y0MWNNbFFDcE1VSTJ3Cmdsdmh1MFJ2bWcxVWZlVm1idGdC
+aXU3bnlmVkpydXpMYnh2djNURjd6L0UKLT4gWDI1NTE5IHRidGtkVGZDV0Npck9q
+Y1pRYjVUVWVYMkZxcCtyTGRkQWRGQXB1dEhVR3cKQzNwQndqZTBHTVBnbUg5bWNk
+ZFpOSG1UZzZXQ2kxQjRXUS80Tmx0ZURiMAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+YmNaeGV2WTJqZFFSTXhDS1hScDZrV1ZWU1FyYWRtSGNoR3NGUjZ0WmpqSQptRnR5
+cDI4VDFXL2t3VzdnSGF5VzBIbzhzU1NuQmNuUXhReHNVNGd4bnFJCi0+ICJ9OUlg
+LWdyZWFzZQpDYks4Y2dUeEowTHh6cnJsNmpXRGpDYWU1RkRwbC9nYjB2RmtMZjhy
+dTBhVEU1ak04U0VYUkh0WUJsK3h5cXBRCmZ4ekRRczFDZWptWkJQbXZ6NDU0dUh3
+RTlkVkxxQ00xeHNmMkZSS0JIZGpmOU5UYSt1bWdRNlZWbC9ZdQotLS0gbG9RR0Iv
+OTBleHBTS1ZVYjZSODEranR5cGxsTkh1elZwQi9Gd21VbUxkRQoJ+dUdl1CVle6A
+sLVikThgDKKpMekZeLhx97gC6Vxfxd9oJiw1SS7xOjMZz6xcOCG1l1NidrNHmhnK
+4xQMcvHU+5Ogw3YUnPcL1sGjYWkvgUcwie+WEKZFXkCaJwz91ria
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/secrets/miniflux/admin.age b/hosts/by-name/server3/secrets/miniflux/admin.age
new file mode 100644
index 0000000..12944a5
--- /dev/null
+++ b/hosts/by-name/server3/secrets/miniflux/admin.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NlhidUNjVkM2UjRxUTFU
+K0gzT1BoR0lTUWRpelo2cEU4UnI2YnZmOGhFCmJwTmh5bmVZVVoxSThucnNWY2dX
+NnBBTmFUcXR2TE1VT1ROaUFjeFpjRUkKLT4gWDI1NTE5IDZGUnRNYjFRSERwZlM5
+YnRETzY5MkVFaHpVdnFwTlpQQWxFVlc1dnVVV1kKMlFmVUZkYWhFNGpkMGp0NHQv
+Mnd3YTlhaFRGVGp3OXVSNDZCNys1cTZuawotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+ZTBYTGFncjZuRzVSZDFjL2IweCtQeExMOEEvcFhrREFTbTlnZm5kMnZpOApmcnRX
+MXVOMHpya1hlaHNMOUI0bmlTVXRwTVFhbGJid3FuUTJkK2NsdkZjCi0+IGx5QDor
+OCstZ3JlYXNlCkJ0TkJneDdrMTBxWXVYdk9zRFJCCi0tLSA0TEQvQWpTZldXQjZx
+NmlaZnJGL3hCbjM4UzVHTTlrTWJPTm5xRE9aMFMwClDs64cTlulCxY4R+9YtpxSA
+0WGrPCpKyS0JVhuO+WgXLm34k+xjSWSER0Uiqu+fotyiX3KSMyjZDAyWMsiDiAlq
+CaOHTlpbDZuIIqfmrHsqH5dM4MPHvwigL2zBrXcbarYxVagJk89k31ah+5YJhMsa
+kOmNpZlQK/CmrhqIKNFzVYZp+q5Sr6ZTJVo=
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/secrets/peertube/general.age b/hosts/by-name/server3/secrets/peertube/general.age
new file mode 100644
index 0000000..f3cba8b
--- /dev/null
+++ b/hosts/by-name/server3/secrets/peertube/general.age
@@ -0,0 +1,16 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYkJyN1JhNnZQRlNDK3hy
+aHFwSnVBSWFLK0lhU0hUSE4wLysrcmxlTkhJClpHa2hzSTZobmh5eHNuR0FST2pv
+eGJtVmZSSjBGTUVCZ05PdStZRGZjTU0KLT4gWDI1NTE5IGg3ZmZXMTdlTEFBVmt2
+OVExVld0Qkc2bFMyV1NZZTd4bUtkOWdNY0N1M1EKU1UxR2V1emtyeDdkQ0RwUGVv
+cVJLcWllK2x4K3JNOExGSktIOW5SbldCbwotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+MGZMUHNCWUFESVVERzN3Q0krUGZ3Z1QwTUdUc0NCRkg4UFdKa2l1ZGJSRQo5YXlB
+aENyTW1idUxvVW5vRHp3L2dPVUtZS0dRa0JpaWo5RjdTcEsrK2VRCi0+ICN2bC1n
+cmVhc2UgPF0qV3N2IEZ0XTEnRSBxMDc7SWBCCnNJMGNWQkxZOFU0SzJSUUtoK3FI
+Ulp0T3FGeDdOUVZVRXRXRWRzSEdkWmFGeEF3RStWU1RMS3BLTlpxU0N1UmkKV3lJ
+a05yWm1GMC90VTFFcWpPTlliOUZoUGtMVlJsbTRSbGRyVi9kZDhxM0x4Qk82RUM4
+enZVT1RLNmd5SkEKLS0tIGRucFFNTFNSWnNtamlZTE9hM0k4QzRhZ21FZ2t5Ynpo
+Rno5UjVzRUFhcmMKWa8uscZL8FWMZ5zPstM7LraYV4PyuVhOHq3f3BBRr5rkptmK
+DHAye+FmVX7+Fqqk0ynyK92v2ti86i/iuWiNzImLWI6xkBruFEo3lpnnc8rAdslR
+c+8e2ntLGIRHbTVMwg==
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/secrets/peertube/smtp.age b/hosts/by-name/server3/secrets/peertube/smtp.age
new file mode 100644
index 0000000..e0af2d1
--- /dev/null
+++ b/hosts/by-name/server3/secrets/peertube/smtp.age
@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncFdORy9uSXJabkJFVVc5
+QXJnS3FZQzJmTXdsckNxNjU3SGRTUEdnZ3hRCm5DNDVJbEw5VVlTS2k2Y2p6aEhX
+QzdKbXVTV3dzSHBYN0RkN1NnL0RTR0kKLT4gWDI1NTE5IEdudmllbmRud1ZVTzI3
+TWQ0cWhKSTkrbkJyelZUUThwNkdoVFhRZW12MFEKUXczc0w3ZjRUTE83UGY5d2gx
+YmpHUlJacXAyY2hXSy9aWkxOZmJwaHRqOAotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+Z3ZNSUY2NFA1L0lad3FJWDlvLzVJZDlrdS9Nc3RxZGZHWEk1SlBIeGhRMAo2WnVL
+WXcxYWd1aGN0ZVAxb3ZEOXFKMTRFNjcwVFhmRVN0TXJrYXFsV0VzCi0+ID90SSE+
+LWdyZWFzZSA5XjlPCjlENzA2TmkreUZpYllXZ290RHMKLS0tIE0zMHAvWDVWYWdG
+S1pGVFdMVWp1R0QzSzVpczhrSGJUNVdKTlpHT0JZRGcKlqZQsbkUV/cp+xQvzQKA
+AtBpJl9Fho5Szb+GOL2xEKH6KV6LTI8xaOE2KWRyhNSwH682InD5ilCaCYbHz5aW
+u7SfKWTBGj6gjwUlIJEvBzJWIXgXPcoMqgIZNe1HH52IQWJfZN5H01dHjic7mYrm
+nW5S5EEczDR6nHTKf7dsZLmbTctb90lM80rlDS5Q16QrR4VPElTJGySu/hLtl1ep
+r0w=
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/websites.nix b/hosts/by-name/server3/websites.nix
new file mode 100644
index 0000000..466f1e9
--- /dev/null
+++ b/hosts/by-name/server3/websites.nix
@@ -0,0 +1,36 @@
+{...}: let
+  mkWkd = domain: {
+    domain = "openpgpkey.${domain}";
+    repositoryUrl = "https://git.foss-syndicate.org/vhack.eu/pgp-wkd.git";
+    extraSettings = {
+      locations."/.well-known/openpgpkey/".extraConfig = ''
+        default_type application/octet-stream;
+
+        # Came from: https://www.uriports.com/blog/setting-up-openpgp-web-key-directory/
+        # No idea if it is actually necessary
+        # add_header Access-Control-Allow-Origin * always;
+      '';
+    };
+  };
+in [
+  {
+    domain = "vhack.eu";
+    repositoryUrl = "https://codeberg.org/vhack.eu/website.git";
+  }
+  {
+    domain = "b-peetz.de";
+    repositoryUrl = "https://git.foss-syndicate.org/bpeetz/b-peetz.de.git";
+  }
+
+  # Trinitrix
+  {
+    domain = "trinitrix.vhack.eu";
+    repositoryUrl = "https://codeberg.org/trinitrix/website.git";
+  }
+
+  # WKD
+  (mkWkd "b-peetz.de")
+  (mkWkd "s-schoeffel.de")
+  (mkWkd "sils.li")
+  (mkWkd "vhack.eu")
+]
diff --git a/hosts/host-names.toml b/hosts/host-names.toml
index fd5b960..2cf2833 100644
--- a/hosts/host-names.toml
+++ b/hosts/host-names.toml
@@ -1,2 +1,2 @@
-server1 = "server1.vhack.eu"
 server2 = "server2.vhack.eu"
+server3 = "server3.vhack.eu"