4 changed files with 8 additions and 15 deletions
--- a/hosts/ami/acme.nix
+++ b/hosts/ami/acme.nix
@ -1,14 +1,14 @@
-{config, ...}: {
-  age.secrets.hetzner-dns.file = ../../secrets/hetzner-dns.age;
-
+_: {
  security.acme = {
    acceptTerms = true;
    defaults.email = "acme@buffet.sh";
    certs."buffet.sh" = {
-      domain = "*.buffet.sh";
-      group = "nginx";
-      dnsProvider = "hetzner";
-      credentialsFile = config.age.secrets.hetzner-dns.path;
+      extraDomainNames = [
+        "404.buffet.sh"
+        "bitwarden.buffet.sh"
+        "rap.buffet.sh"
+        "buffets.kitchen"
+      ];
    };
  };
 }
--- a/hosts/ami/website.nix
+++ b/hosts/ami/website.nix
@ -10,7 +10,7 @@
    recommendedTlsSettings = true;

    virtualHosts."buffet.sh" = {
-      useACMEHost = "buffet.sh";
+      enableACME = true;
      forceSSL = true;
      root = "${website}";
    };
--- a/secrets.nix
+++ b/secrets.nix
@ -3,7 +3,6 @@ let
 in {
  "secrets/bitwarden.age".publicKeys = [buffet];
  "secrets/borgpassword.age".publicKeys = [buffet];
-  "secrets/hetzner-dns.age".publicKeys = [buffet];
  "secrets/kitchen-runner-token.age".publicKeys = [buffet];
  "secrets/msmtppassword.age".publicKeys = [buffet];
 }
--- a/secrets/hetzner-dns.age
+++ b/secrets/hetzner-dns.age
@ -1,6 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 zRvPWg 3ihM8FBFjebzTErFkqn6Byfw2D/W45gkwVczLm0I7Tg
-uV3GJXI9zKT1q4/Z3hF1eE8wN5fnDFMyJOH/3bcq+Vk
--- jcd587gk1OjweyDm7teUUt+6u3A7JXIX0aBEjBJPOBg
-÷Úc;y§_taîŽíiÀ*˜ÕþÁdKù^à÷xÚH+:=1ŒÙo)”
-…¦C„wât&d©uÎ^ŽÔniÅÎzF@