Add wildcard tempest and irc certs

flake.nix

@@ -31,6 +31,7 @@
           gotosocial.nixosModule
           drowning.nixosModule
 
+          ./hosts/nyx/include/acme.nix
           ./hosts/nyx/include/nginx.nix
           ./hosts/nyx/include/services.nix
           ./hosts/nyx/include/proxy.nix

hosts/nyx/include/acme.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, ...}: {
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "acme@tempest.dev";
+
+  security.acme.certs."wildcard-tempest.dev" = {
+    domain = "*.tempest.dev";
+    dnsProvider = "namecheap";
+    credentialsFile = "/var/lib/secrets/namecheap.env";
+    dnsPropagationCheck = false;
+  };
+
+  security.acme.certs."wildcard-irc.tempest.dev" = {
+    domain = "*.irc.tempest.dev";
+    dnsProvider = "namecheap";
+    credentialsFile = "/var/lib/secrets/namecheap.env";
+    dnsPropagationCheck = false;
+  };
+}

hosts/nyx/include/nginx.nix

@@ -1,7 +1,4 @@
 { config, pkgs, ...}: {
-  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "acme@tempest.dev";
-
   services.nginx.enable = true;
   services.nginx.recommendedProxySettings = true;
   services.nginx.appendHttpConfig = ''