{sops,...}:
{
  
  sops.secrets.acme-env-file = {
    sopsFile = ../../secrets/acme.env;
  };

  security.acme = {
    acceptTerms = true;

    defaults = {
      email = "root@crans.org";
      
    };
    certs."crans.org" = {
      domain = "*.crans.org";
      dnsProvider = "rfc2136";
      environmentFile = sops.secrets.acme-env-file.path;    
    };
  };
}