{
  config,
  lib,
  pkgs,
  ...
}:

{
  security.acme = {
    acceptTerms = true;
    defaults.email = "aliceghuston@gmail.com";
    certs."nayeonie.com" = {
      dnsProvider = "bunny";
      environmentFile = config.sops.secrets."acme/bunny".path;
      dnsPropagationCheck = false;
      group = "haproxy";
      extraDomainNames = [
        # "*.nayeonie.com"
        # "alicehuston.xyz"
        # "*.alicehuston.xyz"
      ];
    };
  };
  security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
  # systemd.services."acme-nayeonie.com".serviceConfig = {
  #   Environment = [ ''"PATH=/ZFS/ZFS-primary/backups/lego/dist:$PATH"'' ];
  # };

  sops.secrets = {
    "acme/bunny" = {
      owner = "root";
    };
  };
}