chore: setup hosting environment

asset/systemd/step-kosherinata@.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=step cert renew for %i.kosherinata.internal
+Documentation=https://smallstep.com/docs/step-ca/renewal
+
+[Service]
+Type=oneshot
+ExecCondition=/usr/bin/step certificate needs-renewal \
+    /etc/nginx/tls/cert/%i.kosherinata.internal.pem
+ExecStart=/usr/bin/step ca renew \
+    --force \
+    --ca-url https://ca.internal \
+    --root /etc/pki/ca-trust/source/anchors/root-internal.pem \
+    /etc/nginx/tls/cert/%i.kosherinata.internal.pem \
+    /etc/nginx/tls/key/%i.kosherinata.internal.pem
+ExecStartPost=/usr/bin/systemctl reload nginx.service