feat: change from namecheap to cloudflare, setup tls with acme, setup vaultwarden

hosts/APPA/services/acme.nix

@@ -0,0 +1,19 @@
+{ config, ... }:
+{
+  age.secrets.environments-acme = {
+    file = ../../../secrets/environments/acme.age;
+  };
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "gendulf@posteo.de";
+
+  security.acme.certs."dryb.org" = {
+    domain = "dryb.org";
+    extraDomainNames = [ "*.dryb.org" ];
+    dnsProvider = "cloudflare";
+    dnsPropagationCheck = true;
+    credentialsFile = config.age.secrets.environments-acme.path;
+  };
+
+  users.users.nginx.extraGroups = [ "acme" ];
+}