infrastructure/machines/core-services-01/acme-dns.nix

{ config, ... }:
let
  my = config.my;
in
{
  services.acme-dns = {
    enable = true;
    domain = "acme.${my.subZone}";
    nsname = "acme.${my.subZone}";
    nsadmin = my.emailWithDot;
    dns.listen = "[${my.ipv6.acme}]"; # :-).
    records = [
      "acme.${my.subZone}. AAAA ${my.ipv6.acme}"
      "acme.${my.subZone}. NS acme.${my.subZone}."
    ];
  };

  services.nginx.enable = true;
  services.nginx.virtualHosts."acme.${my.subZone}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:8090";
    };
  };
}