{
  config,
  lib,
  pkgs,
  self,
  ...
}: let
  exDomain = (import ./ex-domain.nix) lib;
  pubsolarDomain = import ./pubsolar-domain.nix;

  hostingdeProviderConf = {
    dnsProvider = "hostingde";
    credentialsFile = "${pkgs.writeText "hostingde-creds" ''
      HOSTINGDE_API_KEY_FILE=${config.age.secrets."hosting.de-api.key".path}
    ''}";
  };
in {
  age.secrets."hosting.de-api.key" = {
    file = "${self}/secrets/hosting.de-api.key";
    mode = "440";
    owner = "acme";
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "acme@benjaminbaedorf.eu";

    certs."b12f.io" = hostingdeProviderConf;
    certs."mail.b12f.io" = hostingdeProviderConf;
    certs."transmission.b12f.io" = hostingdeProviderConf;

    certs."${exDomain}" = hostingdeProviderConf;
    certs."mail.${exDomain}" = hostingdeProviderConf;

    certs."${pubsolarDomain}" = hostingdeProviderConf;
    certs."www.${pubsolarDomain}" = hostingdeProviderConf;
    certs."auth.${pubsolarDomain}" = hostingdeProviderConf;
    certs."git.${pubsolarDomain}" = hostingdeProviderConf;
    certs."ci.${pubsolarDomain}" = hostingdeProviderConf;
    certs."list.${pubsolarDomain}" = hostingdeProviderConf;
    certs."obs-portal.${pubsolarDomain}" = hostingdeProviderConf;
  };
}