fix(ops/nixos/camden): Add required options for ACME updates

The implementation for provisioning ACME certificates has changed in
nixos-unstable[0] and now requires a few extra options to be set.

[0]: https://github.com/NixOS/nixpkgs/pull/77578

ops/nixos/camden/default.nix

@@ -156,19 +156,24 @@ in lib.fix(self: {
 
   # Provision a TLS certificate outside of nginx to avoid
   # nixpkgs#38144
-  security.acme.certs."tazj.in" = {
+  security.acme = {
-    user = "nginx";
+    acceptTerms = true;
-    group = "nginx";
+    email = "mail@tazj.in";
-    webroot = "/var/lib/acme/acme-challenge";
-    extraDomains = {
-      "git.tazj.in" = null;
-      "www.tazj.in" = null;
 
-      # Local domains (for this machine only)
+    certs."tazj.in" = {
-      "camden.tazj.in" = null;
+      user = "nginx";
-      "git.camden.tazj.in" = null;
+      group = "nginx";
+      webroot = "/var/lib/acme/acme-challenge";
+      extraDomains = {
+        "git.tazj.in" = null;
+        "www.tazj.in" = null;
+
+        # Local domains (for this machine only)
+        "camden.tazj.in" = null;
+        "git.camden.tazj.in" = null;
+      };
+      postRun = "systemctl reload nginx";
     };
-    postRun = "systemctl reload nginx";
   };
 
   # Forward logs to Google Cloud Platform