Updated mkNginxVHosts to use per-domain certificates (enableACME) instead
of shared wildcard certificates (useACMEHost). Each service now requests
its own certificate, avoiding conflicts between hosts and following the
principle of least privilege.
Removed wildcard certificate configuration from both alexandria and trantor.
Each host now only obtains certificates for domains it actually serves:
- Alexandria: pass.baduhai.dev, cloud.baduhai.dev, jellyfin.baduhai.dev
- Trantor: git.baduhai.dev
Created centralized service definitions in shared/services.nix to store
service metadata (domains, IPs, ports) that need to be accessible across
multiple hosts. This replaces the per-service split DNS module approach
with a single source of truth.
Services are now exported through utils.nix for easy access in host configs.
