hosts: housekeeping

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>

hosts/common/security/default.nix

@@ -0,0 +1,21 @@
+{
+  lib,
+  conf,
+  config,
+  ...
+}:
+let
+  domain = conf.network.addresses.domain.natto;
+  nginx = config.services.nginx;
+in
+{
+  security = {
+    acme = lib.mkIf nginx.enable {
+      acceptTerms = true;
+      certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; }) (
+        lib.filterAttrs (_: v: v.enableACME) nginx.virtualHosts
+      );
+    };
+    pki.certificateFiles = [ ../../cert.pem ];
+  };
+}