feat(library): enable acme

spec/library/acme.nix

@@ -1,18 +1,11 @@
 {
-  security.acme = {
+  security.acme.certs = let
-    acceptTerms = true;
+    cloudflare = {
-    defaults.email = "koishi@514fpv.one";
+      dnsProvider = "cloudflare";
-    defaults.group = "nginx";
+      credentialsFile = "/nix/persist/secret/cloudflare";
-    certs = let
-      cloudflare = {
-        dnsProvider = "cloudflare";
-        credentialsFile = "/nix/persist/secret/cloudflare";
-      };
-    in {
-      "514fpv.io" = cloudflare;
-      ".514fpv.io" = cloudflare // { domain = "*.514fpv.io"; };
     };
+  in {
+    "514fpv.io" = cloudflare;
+    ".514fpv.io" = cloudflare // { domain = "*.514fpv.io"; };
   };
-
-  environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/acme" ];
 }

spec/library/default.nix

@@ -13,6 +13,7 @@
     fs.extPersist.device = "/dev/disk/by-uuid/ba3d0989-9f81-4ac0-b5a7-124c86835cfa";
     fs.extPersist.fsType = "ext4";
     oci.enable = true;
+    acme.enable = true;
   };
 
   networking.proxy = {