From a8c7b877919e7435273c90ddfa8dc9a57652bb59 Mon Sep 17 00:00:00 2001
From: s0me1newithhand7s <git+me@hand7s.org>
Date: Sun, 3 May 2026 15:45:42 +0300
Subject: [PATCH] kyra(hardening): per-service acme setup

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
---
 kyra/security/acme.nix | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/kyra/security/acme.nix b/kyra/security/acme.nix
index 00eb68d..0a0a358 100644
--- a/kyra/security/acme.nix
+++ b/kyra/security/acme.nix
@@ -3,14 +3,20 @@
     acme = {
       acceptTerms = true;
       defaults = {
-        email = "litvinovb0@gmail.com";
+        email = "me@hand7s.org";
       };
 
       certs = {
         "hand7s.org" = {
           dnsProvider = "cloudflare";
-          credentialsFile = config.sops.templates."acme.env".path;
-          group = "sing-box";
+          environmentFile = config.sops.templates."acme.env".path;
+          group = "mihomo";
+        };
+
+        "ntp.hand7s.org" = {
+          dnsProvider = "cloudflare";
+          environmentFile = config.sops.templates."acme.env".path;
+          group = "ntpd-rs";
         };
       };
     };