sys/atuin: update for new ACME module

The new module defaults to using an "acme" group, which can replace
the "tls" group I had set up before.  But it will instead use the
"nginx" group if using enableACME, so I have to stay away from that
and only use useACMEHost, setting up the certificates manually.

But that's a very good thing, because it turns out that even though I
was trying to generate only two certificates (one for qyliss.net and
one for spectrum-os.org), the ACME module was actually generating one
per subdomain because of enableACME.

Finally, now that atuin.nix is starting to be split up, and because
there's less shared configuration, don't mapAttrs over Nginx virtual
hosts or ACME certificates, which was confusing and forced everything
to be defined at once in the same file.

1 files changed, 7 insertions, 0 deletions

diff --git a/modules/server/spectrum/acme/default.nix b/modules/server/spectrum/acme/default.nix
new file mode 100644
index 000000000000..6a60f52d2456
--- /dev/null
+++ b/modules/server/spectrum/acme/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  security.acme.certs."spectrum-os.org" = {
+    webroot = "/var/lib/acme/acme-challenge";
+  };
+}