Refine wildcard to only tailnet domains

nixos/machines/driftwood/configuration.nix

@@ -33,9 +33,9 @@
       email = "admin@stranger.systems";
     };
     # Get a wildcard cert
-    certs."wildcard.stranger.systems" = {
+    certs."tailnet.stranger.systems" = {
-      domain = "stranger.systems";
+      domain = "tailnet.stranger.systems";
-      extraDomainNames = ["*.stranger.systems"];
+      extraDomainNames = ["*.tailnet.stranger.systems"];
       dnsProvider = "cloudflare";
       dnsPropagationCheck = true;
       credentialFiles = {

nixos/machines/driftwood/containers/hub.nix

@@ -16,7 +16,7 @@
 
   services.nginx.virtualHosts."hub.tailnet.stranger.systems" = {
     forceSSL = true;
-    useACMEHost = "wildcard.stranger.systems";
+    useACMEHost = "tailnet.stranger.systems";
     locations."/" = {
       proxyPass = "http://127.0.0.1:8081";
     };