acme: frontend with acme itself

applications/acme.nix

@@ -0,0 +1,34 @@
+{
+  # group that will own the certificates
+  users.groups.acme = {};
+
+  age.secrets.acme.file = ../secrets/dns_certs.secret.age;
+
+  security.acme = {
+    preliminarySelfsigned = false;
+    acceptTerms = true;
+
+    defaults = {
+      email = "admin_acme@skynet.ie";
+      dnsProvider = "rfc2136";
+      credentialsFile = "/run/agenix/acme";
+
+      # We don't need to wait for propagation since this is a local DNS server
+      dnsPropagationCheck = false;
+    };
+
+    certs = {
+      "skynet" = {
+        domain = "skynet.ie";
+        extraDomainNames = ["*.skynet.ie" ];
+      };
+
+
+      # temp basis
+      #"ulcompsoc.ie" = {
+      #  domain = "ulcompsoc.ie";
+      #  extraDomainNames = ["*.ulcompsoc.ie" ];
+      #};
+    };
+  };
+}