diff --git a/data/backup/keys/ns-primary.key.vault b/data/backup/keys/ns-primary.key.vault
new file mode 100644
index 0000000..52bb656
--- /dev/null
+++ b/data/backup/keys/ns-primary.key.vault
@@ -0,0 +1 @@
+encrypt$gAAAAABj1jTasX0XOFRWh7F0pxNgMoJIjrblvqOM8ohGVCsvVyMEQDiOmGaJCs9lW-lbeghlzRpiC8P7CNot6OOeNXBYWmxN_HgN3J2p6Q5-XoSJ62NUJWQNRNNENuiN1Yy0g0MREk4gVsNh8-VeoXuKgyLEXJQJI-SYLzl8faZoBnQGTK4FbTAiN6KSB4EbTPwxx-8dYp8kNIj4ipBjkQKNu-mXuVvdnf5fTUwTCQx6rz7yjlp7DOPuSJDASg5bE33dd8gt89grW5vBKeEnQsi7hpJCJF5vNfRay89IKfjf6UqxJHKCmS2tIWQ9Kz4Tv41MnNR0-jvnULq7TWcnqwo_SKb8JRLUA3dH2wLiOUu7aApYSkeSNiul2ILCtBPsjY_eWzqdd3tkpJBErOcFVe2mdjVRSIUOXTM_T3nNWCJgn5TxD4qbHklZoCaM6Ey9P_yQj-sSRGizgcDhGiqY8xJNmwbWz9IH5a_Fs6iRVhAh6VzSa1ZAKxcum87dj-KVA_SjG9hy7Dy28xK0D4NoSpYFOkEz4VHpa1tP0t8QJ2WtQiw-qjHFzokkIINEUKUPIBg6t_5oedJ24YMnyyzBZ2_uQ1HFVFjBx-7Iw73bTPNluVwXkobzEnrYFwDsEXGE6tR0HjbteNxj
\ No newline at end of file
diff --git a/data/backup/keys/ns-primary.pub b/data/backup/keys/ns-primary.pub
new file mode 100644
index 0000000..442d8b9
--- /dev/null
+++ b/data/backup/keys/ns-primary.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+FCn1sWP74+lVAyaXDpXxCCauh6LC2KEJmIMhDEYvJ kunsi@kunsi-p14s.kunbox.net
diff --git a/nodes/gce/bind01.py b/nodes/gce/bind01.py
index 1575237..7239082 100644
--- a/nodes/gce/bind01.py
+++ b/nodes/gce/bind01.py
@@ -3,19 +3,12 @@
 
 nodes['gce.bind01'] = {
     'hostname': '34.89.208.78',
-    'bundles': {
-        'nodejs',
-        'powerdnsadmin',
-    },
     'groups': {
         'debian-bullseye',
         'dns',
-        'webserver',
     },
     'metadata': {
         'backups': {
-            # This is the primary DNS server. However, we only use
-            # replication for DynDNS, currently. No need for backups here.
             'exclude_from_backups': True,
         },
         'interfaces': {
@@ -30,33 +23,12 @@ nodes['gce.bind01'] = {
         'icinga_options': {
             'pretty_name': 'ns-1.kunbox.net',
         },
-        'nginx': {
-            'vhosts': {
-                'ns-1.kunbox.net': {
-                    'locations': {
-                        '/': {
-                            'target': 'http://127.0.0.1:8000/',
-                        },
-                    },
-                    'website_check_path': '/login',
-                    'website_check_string': 'PowerDNS',
-                },
-            },
-        },
         'postgresql': {
             'version': '15',
         },
         'powerdns': {
-            'features': {
-                'bind': True,
-            },
-            'is_secondary': False,
-            'secondary_nameservers': 'dns',
             'my_hostname': 'ns-1.kunbox.net',
         },
-        'powerdnsadmin': {
-            'version': 'v0.3.0',
-        },
         'vm': {
             'cpu': 1,
             'ram': 1,
diff --git a/nodes/ns-primary.toml b/nodes/ns-primary.toml
new file mode 100644
index 0000000..885b1f2
--- /dev/null
+++ b/nodes/ns-primary.toml
@@ -0,0 +1,43 @@
+hostname = "82.165.52.168"
+bundles = [
+    "nodejs",
+    "powerdnsadmin",
+]
+groups = [
+    "debian-bullseye",
+    "dns",
+    "webserver",
+]
+
+[metadata.interfaces.ens192]
+ips = [
+    "82.165.52.168",
+    "2001:8d8:1801:7d4::1/64",
+]
+gateway4 = "10.255.255.1"
+gateway6 = "fe80::250:56ff:fea8:628f"
+
+[metadata.icinga_options]
+pretty_name = "ns-primary.kunbox.net"
+
+[metadata.nginx.vhosts."ns-primary.kunbox.net"]
+website_check_path = "/login"
+website_check_string = "PowerDNS"
+
+[metadata.nginx.vhosts."ns-primary.kunbox.net".locations."/"]
+target = "http://127.0.0.1:8000/"
+
+[metadata.postgresql]
+version = "15"
+
+[metadata.powerdns]
+is_secondary = false
+secondary_nameservers = "dns"
+features.bind = true
+
+[metadata.powerdnsadmin]
+version = "v0.3.0"
+
+[metadata.vm]
+cpu = 2
+ram = 2