feat: update credentialsFile to credentialFiles in acme

hosts/sentinel/acme.nix

@@ -1,8 +1,14 @@
 {config, ...}: let
   inherit (config.repo.secrets.local) acme;
 in {
-  age.secrets.acme-credentials = {
+  age.secrets.acme-cloudflare-dns-token = {
-    rekeyFile = ./secrets/acme-credentials.age;
+    rekeyFile = ./secrets/acme-cloudflare-dns-token.age;
+    mode = "440";
+    group = "acme";
+  };
+
+  age.secrets.acme-cloudflare-zone-token = {
+    rekeyFile = ./secrets/acme-cloudflare-zone-token.age;
     mode = "440";
     group = "acme";
   };
@@ -11,7 +17,10 @@ in {
     acceptTerms = true;
     defaults = {
       inherit (acme) email;
-      credentialsFile = config.age.secrets.acme-credentials.path;
+      credentialFiles = {
+        CF_DNS_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-dns-token.path;
+        CF_ZONE_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-zone-token.path;
+      };
       dnsProvider = "cloudflare";
       dnsPropagationCheck = true;
       reloadServices = ["nginx"];

hosts/sentinel/secrets/acme-cloudflare-zone-token.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 Y7J0KmGssDwytzJSMTKnb2qVfCBEl4nMiKeg4PDhbhM
+R+FV22jr0XcybGJk8Z2o40O5ptRK3NPgQOxJ7HlORho
+-> piv-p256 xqSe8Q AyC1XlhbGhbfUBn4gV56t48AazKi5Lt9H5BCOZqbTtOp
+s3mrvVrMZ/kTdUSjKyBWa5hUFL2fwL2xRo7UFF0AwP0
+-> Ao-grease vp@ m_b
+oV7D7L5dZtF75bJ6Ms0yZr92rENJmE4xKpdlBp4h40onYWv1Z17R2/bmygv5MD9+
+S7J25g3rxfk00fUOK8cwDcWyRtp4jQqcooJyrQ
+--- J/aXuudcbUAfU06R065fsvPTX2qZr0w0eZ9gI6I+McY
+vÂâ-##·¬=|Ú•˝-IÝR†·żÝn<§z´fÄ.\śő‘cU/OÓ	6÷¶ëĽ±�Üož’Ţ$ő¶8\Ň6E•ËeËí†n