nixcfg/systems/x86_64-linux/sgx/acme.nix

{
  config,
  ...
}:
{
  sops.secrets.internetbs = {
    sopsFile = ../../../.secrets/sgx/internetbs.yaml; # bring your own password file
  };

  metacfg.services.acmeBase.credentialsFile = config.sops.secrets.internetbs.path;

  security.acme.certs = {
    "internal.hoyer.world" = {
      extraDomainNames = [
        "openwebui.hoyer.world"
        "syncthing.hoyer.world"
        "home.hoyer.world"
        "status.hoyer.world"
      ];
    };
  };
}