import acme

hosts/nixos/HandlerOne/default.nix

@@ -4,6 +4,7 @@
 #                    #
 ######################
 {
+  config,
   inputs,
   lib,
   pkgs,
@@ -32,6 +33,9 @@
 
       # Optional configs
       "hosts/common/optional/keyd.nix"
+
+      # Hosted services
+      "modules/services/actualbudget"
     ])
   ];
 
@@ -53,4 +57,52 @@
       canTouchEfiVariables = true;
     };
   };
+
+  #FIXME(TODO) Migrate this into another file, probably a module
+  sops = {
+    secrets = {
+      "aws/access_key" = {};
+      "aws/secret_key" = {};
+      "aws/region" = {};
+    };
+    templates = {
+      "aws_shared_credentials".content = ''
+        [default]
+        aws_access_key_id=${config.sops.placeholder."aws/access_key"}
+        aws_secret_access_key=${config.sops.placeholder."aws/secret_key"}
+      '';
+      "aws_env".content = ''
+        AWS_REGION=${config.sops.placeholder."aws/region"}
+      '';
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "infrastructure@wanderingcrow.net";
+      group = config.services.nginx.group;
+      dnsProvider = "route53";
+      credentialFiles = {
+        "AWS_SHARED_CREDENTIALS_FILE" = config.sops.templates."aws_shared_credentials".path;
+      };
+      environmentFile = config.sops.templates."aws_env".path;
+    };
+    certs = {
+      "wanderingcrow.net" = {};
+      "umami.wanderingcrow.net" = {};
+      "garage.wanderingcrow.net" = {};
+      "bar.wanderingcrow.net" = {};
+      "home.wanderingcrow.net" = {};
+      "homebox.wanderingcrow.net" = {};
+      "cache.wanderingcrow.net" = {};
+      "openhab.wanderingcrow.net" = {};
+      "frigate.wanderingcrow.net" = {};
+      "notes.wanderingcrow.net" = {};
+      "grocy.wanderingcrow.net" = {};
+      "barcodebuddy.grocy.wanderingcrow.net" = {};
+      "budget.wanderingcrow.net" = {};
+      "matrix.wanderingcrow.net" = {};
+    };
+  };
 }