{ config, ... }:{ # group that will own the certificates users.groups.acme = {}; age.secrets.acme.file = ../secrets/dns_certs.secret.age; security.acme = { preliminarySelfsigned = false; acceptTerms = true; defaults = { email = "admin_acme@skynet.ie"; # we use our own dns authorative server for verifying we own the domain. dnsProvider = "rfc2136"; credentialsFile = config.age.secrets.acme.path; }; certs = { "skynet" = { domain = "skynet.ie"; extraDomainNames = [ "*.skynet.ie" "*.minecraft.games.skynet.ie" "*.pages.skynet.ie" ]; }; }; }; }