{ config, lib, ... }:
{
  options.domainName = lib.mkOption { type = lib.types.str; };
  config = {
    domainName = "fredinand.xyz";

    security.acme = {
      acceptTerms = true;
      defaults.email = "admin@${config.domainName}";
      certs = {
        "${config.domainName}" = {
          dnsProvider = "porkbun";
          environmentFile = config.sops.secrets."porkbun".path;
          group = config.services.nginx.group;
          extraDomainNames = [
            "mail.${config.domainName}"
            "www.${config.domainName}"
          ];
        };
      };
    };
    sops.secrets."porkbun" = {};
  };
}