{ options, config, lib, fn, pkgs, ... }: with builtins; with lib; let cfg = config.machine; in mkIf (elem "acme" cfg.services) { security.acme = { # see https://letsencrypt.org/repository/ acceptTerms = true; email = fn.fileContentsOr (toPath "${cfg.secretPath}/acme.mailAddr") "${(elemAt cfg.mailAccounts 0).name}@${cfg.domain}"; }; }