nixcfg/systems/x86_64-linux/sgx/acme.nix

{
  pkgs,
  lib,
  config,
  ...
}:
{
  sops.secrets.internetbs = {
    sopsFile = ../../../.secrets/sgx/internetbs.yaml; # bring your own password file
  };

  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "harald@hoyer.xyz";
      dnsProvider = "cloudflare";
      credentialsFile = config.sops.secrets.internetbs.path;
    };
    certs = {
      "internal.hoyer.world" = {   };
    };
  };
}