test: setting up opencloud and microvms

modules/nixos/services/caddy/caddy0/default.nix

@@ -1,8 +1,11 @@
-{ flake, ... }:
+{ flake, config, ... }:
 let
   inherit (flake.config.services) instances;
   inherit (flake.config.machines.devices) eris;
   opencloud = instances.opencloud0;
+  dns = instances.web.dns.provider0;
+  opencloudHost = opencloud.domains.url0;
+  dnsPath = "dns/${dns}";
   service = instances.caddy;
 in
 {
@@ -22,6 +25,12 @@ in
     };
   };
 
+  security.acme.certs."${opencloudHost}" = {
+    dnsProvider = dns;
+    environmentFile = config.sops.secrets.${dnsPath}.path;
+    group = "caddy";
+  };
+
   networking = {
     firewall = {
       allowedTCPPorts = [