diff --git a/modules/docker.nix b/modules/docker.nix
index 86a33d2..655f328 100644
--- a/modules/docker.nix
+++ b/modules/docker.nix
@@ -7,8 +7,13 @@
       extraGroups = [ "docker" ];
       uid = 600;
     };
-    groups.docker-service = {
-      gid = 600;
+    groups = {
+      docker-service = {
+        gid = 600;
+      };
+      haproxy = {
+        gid = 99;
+      };
     };
   };
 
diff --git a/systems/palatine-hill/acme.nix b/systems/palatine-hill/acme.nix
new file mode 100644
index 0000000..ed08c5e
--- /dev/null
+++ b/systems/palatine-hill/acme.nix
@@ -0,0 +1,34 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "aliceghuston@gmail.com";
+    certs."nayeonie.com" = {
+      dnsProvider = "bunny";
+      environmentFile = config.sops.secrets."acme/bunny".path;
+      dnsPropagationCheck = false;
+      group = "haproxy";
+      extraDomainNames = [
+        # "*.nayeonie.com"
+        # "alicehuston.xyz"
+        # "*.alicehuston.xyz"
+      ];
+    };
+  };
+  security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+  systemd.services."acme-nayeonie.com".serviceConfig = {
+    Environment = [ ''"PATH=/ZFS/ZFS-primary/backups/lego/dist:$PATH"'' ];
+  };
+
+  sops.secrets = {
+    "acme/bunny" = {
+      owner = "root";
+    };
+  };
+}
diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index 4c4254a..d3f0d2f 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -6,6 +6,7 @@
 }:
 {
   imports = [
+    ./acme.nix
     ./attic
     ./docker
     ./gitea.nix
diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml
index d91330c..bdfae2d 100644
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@@ -20,6 +20,8 @@ docker:
     nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str]
     redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
     act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
+acme:
+    bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
 server-validation:
     webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str]
 sops:
@@ -37,8 +39,8 @@ sops:
             cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
             LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-30T05:28:04Z"
-    mac: ENC[AES256_GCM,data:0ZT+1mkiV8XKsY3jL7tyaISBy5mZB/cHGH3K860QUi3eEhLgi+GIdAJ5Ia2YMWIdFsrO1z08YUG9ZmeCBgmtNLueNzjk+AjMTq7G4QOwLdA2HZthDPxOmroX4nhXYdRgZEdSUm4ZBpu8X137o9N+dqzVL/kD/Mfqjw7Sixy22U8=,iv:Q6Hosaxoe8dXPJvaFZasT6u0gDEyxAFNNYEUIilp36I=,tag:vSmTHwvFXJltJOuBdutMGA==,type:str]
+    lastmodified: "2024-11-30T05:36:05Z"
+    mac: ENC[AES256_GCM,data:WkcqAulJAH4tUkjz5pao90rsy48cO12ipb9I/BS8/t9PR6/TIvfBORQ7JBA0/R5djfsYl1WqWTPMzBCYzLz5Os2CmJzGyd7oB70BJE9FG9xysb10I63KDRRWcRaq8KZN/0gdSZi3J1kJAKFp/3j1O68UPn8wacwRL1Sl2Za0ZVk=,iv:Kce1zXjr9LFfiffzPAKu4NzCEv4gBgXr2J/6ZNlu4Wc=,tag:p9UItj4J7bRG6Zs0iiOLug==,type:str]
     pgp:
         - created_at: "2024-11-28T18:56:39Z"
           enc: |-
diff --git a/users/alice/home/doom/init.el b/users/alice/home/doom/init.el
index e6ec40a..ef076d3 100644
--- a/users/alice/home/doom/init.el
+++ b/users/alice/home/doom/init.el
@@ -133,7 +133,7 @@
        ;;fsharp            ; ML stands for Microsoft's Language
        ;;fstar             ; (dependent) types and (monadic) effects and Z3
        ;;gdscript          ; the language you waited for
-       ;;(go +lsp +tree-sitter)         ; the hipster dialect
+       (go +lsp +tree-sitter)         ; the hipster dialect
        ;;(graphql +lsp)    ; Give queries a REST
        ;;(haskell +lsp)    ; a language that's lazier than I am
        ;;hy                ; readability of scheme w/ speed of python