nixos/middleman: Let's Encrypt for main domain

lib.nix

@@ -156,6 +156,7 @@ rec {
     filterOpts = filterAttrsRecursive (_: v: v != null);
   };
 
+  pubDomain = "nul.ie";
   colony = rec {
     domain = "test.int.nul.ie";
     start = {

nixos/boxes/colony/vms/shill/containers/middleman.nix

@@ -39,15 +39,16 @@
                   owner = "acme";
                   group = "acme";
                 };
+                "cloudflare-credentials.conf" = {
+                  owner = "acme";
+                  group = "acme";
+                };
               };
             };
 
             firewall = {
               tcp.allowed = [ "http" "https" ];
             };
-
-            tmproot.persistence.config.directories = [
-            ];
           };
 
           users = {
@@ -101,6 +102,13 @@
                     EXEC_PATH=${script}
                   '';
                 };
+                "${lib.my.pubDomain}" = {
+                  extraDomainNames = [
+                    "*.${lib.my.pubDomain}"
+                  ];
+                  dnsProvider = "cloudflare";
+                  credentialsFile = config.age.secrets."cloudflare-credentials.conf".path;
+                };
               };
             };
           };

secrets/cloudflare-credentials.conf.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 H162lQ a/oJHGIB43DHpX/EUdal2ZyOlf+zYUbNwztGSP1iuGE
+W8bd1I0rgDMEc18zjpP0d4dyp4PGd19/8vJFlVOsGSs
+-> X25519 cjqYOE0e9IHvWvcGyOPDNTcNR6Ynv8TdRCoHiBx4UzI
+/EzNz/SSzvs9DbCGr28B4/jwZMnpUxoBtDOt9Ombv4Y
+-> x]-grease
+fRt2HHsTmZbotWaLfgPZ4PT76A
+--- M2/lLzEUiSmSuoPhtO/QAg+CPPvnBBMQhisX66A/aKE
+<EFBFBD>bD<EFBFBD><EFBFBD>l<EFBFBD><0E><><EFBFBD><EFBFBD>	<09><><EFBFBD>Γ<EFBFBD><CE93>
+<EFBFBD>G<EFBFBD><EFBFBD>g<EFBFBD>-<2D>2<EFBFBD><07><>Jb<4A><62><EFBFBD>t<EFBFBD>I<7F>:B<><42>1<>?<3F>V<>ۗ<EFBFBD>z<03><1F><>}<7D>3<EFBFBD>q<EFBFBD>I<EFBFBD><49><EFBFBD><EFBFBD><EFBFBD>><3E>