From 8adda87035be647e921757e216c2588abc6df26c Mon Sep 17 00:00:00 2001
From: 514fpv <koishi@514fpv.one>
Date: Sat, 27 Jan 2024 09:55:36 +0800
Subject: [PATCH] feat(focus): enable libvirt and acme

---
 spec/focus/acme.nix    | 11 +++++++++++
 spec/focus/default.nix |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 spec/focus/acme.nix

diff --git a/spec/focus/acme.nix b/spec/focus/acme.nix
new file mode 100644
index 00000000..47a359d3
--- /dev/null
+++ b/spec/focus/acme.nix
@@ -0,0 +1,11 @@
+{
+  security.acme.certs = let
+    cloudflare = {
+      dnsProvider = "cloudflare";
+      credentialsFile = "/nix/persist/secret/cloudflare";
+    };
+  in {
+    "sf.514fpv.io" = cloudflare;
+    ".sf.514fpv.io" = cloudflare // { domain = "*.sf.514fpv.io"; };
+  };
+}
diff --git a/spec/focus/default.nix b/spec/focus/default.nix
index 5db6cb4d..55521803 100644
--- a/spec/focus/default.nix
+++ b/spec/focus/default.nix
@@ -3,7 +3,6 @@
   global = {
     id = "22e9d4e37bd7436ba0cbe6e767fb0912";
     auth.openssh.enable = true;
-    libvirt.enable = false;
     fs.esp.uuid = "8C36-CBE2";
     fs.type = "zfs";
     fs.zfs.externalStore = true;
@@ -14,6 +13,7 @@
     fs.cryptsetup.allowDiscards = false;
     fs.cryptsetup.uuids.secret = "c2bc361e-6f9a-48fa-b698-ed3603a9664a";
     boot.lanzaboote = true;
+    acme.enable = true;
   };
 
   services.fstrim.enable = true;