{ config, pkgs, ... }:

{
  security.acme.certs = {
    "gebner.org" = {
      webroot = "/var/lib/acme/acme-challenge";
      email = "gebner@gebner.org";
      extraDomains = {
        "git.gebner.org" = null;
        "mail.gebner.org" = null;
        "gebner.org" = null;
        "www.gebner.org" = null;
        "gabrielebner.at" = null;
        "www.gabrielebner.at" = null;
        "2b7e.org" = null;
        "www.2b7e.org" = null;
      };

      postRun = ''
        systemctl reload nginx
        systemctl reload postfix

        (${config.systemd.services.dovecotSslKey.script})
        systemctl reload dovecot2
      '';
    };
  };

  security.acme.acceptTerms = true;

}