nixcfg/systems/x86_64-linux/sgx/acme.nix

{ config
, ...
}:
{
  sops.secrets.internetbs = {
    sopsFile = ../../../.secrets/sgx/internetbs.yaml; # bring your own password file
  };

  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "harald@hoyer.xyz";
      dnsProvider = "cloudflare";
      credentialsFile = config.sops.secrets.internetbs.path;
    };
    certs = {
      "internal.hoyer.world" = {
        extraDomainNames = [
          "openwebui.hoyer.world"
          "syncthing.hoyer.world"
        ];
      };
    };
  };
}