applications.server.acme: defaults + persists state

shared/applications/server/acme.nix

@@ -0,0 +1,23 @@
+{ config, lib, ... }:
+
+{
+  # default acme settings
+  security.acme = {
+    acceptTerms = true;
+
+    defaults.email = "fricloudacme.cameo530@simplelogin.com";
+  };
+
+  # give Nginx access to our certs
+  services.nginx.group = config.security.acme.defaults.group;
+
+  # acme user
+  users.groups."${config.security.acme.defaults.group}".members = [];
+
+  # state
+  environment.persistence = lib.optionalAttrs config.mine.state.enable {
+    root.directories = [
+      "/var/lib/acme"
+    ];
+  };
+}