diff --git a/hosts/rpi4/configuration.nix b/hosts/rpi4/configuration.nix
index 7daaeb0..6b0dc46 100644
--- a/hosts/rpi4/configuration.nix
+++ b/hosts/rpi4/configuration.nix
@@ -8,10 +8,9 @@
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ./services.nix
     ];
 
-  age.secrets.cloudflaredns.file = ../../secrets/cloudflare-dns.age;
-
   fileSystems = let
     mounts = [ "/nix" "/" "/.btrfsroot" "/home" ];
     fn = (x: { options = [ "compress=zstd" ];});
diff --git a/hosts/rpi4/services.nix b/hosts/rpi4/services.nix
new file mode 100644
index 0000000..0a20b35
--- /dev/null
+++ b/hosts/rpi4/services.nix
@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+{
+  config = {
+
+    users.groups.secrets = {};
+    users.users.acme.extraGroups = [ "secrets" ];
+
+    age.secrets.cloudflaredns = {
+      file = ../../secrets/cloudflare-dns.age;
+      group = "secrets";
+    };
+
+
+    security.acme = {
+      acceptTerms = true;
+      maxConcurrentRenewals = 1;
+      defaults = {
+      };
+
+      certs = {
+        "protogen.io" = {
+          credentialFiles = {
+            CLOUDFLARE_EMAIL_FILE = pkgs.writeTextFile "cloudflare-email" ''
+              iancoguz@gmail.com
+            '';
+            CLOUDFLARE_API_KEY_FILE = config.age.secrets.cloudflaredns.path;
+          };
+
+          dnsProvider = "cloudflare";
+          domain = "protogen.io";
+          extraDomainNames = [
+            "*.protogen.io"
+            "nullbite.com"
+            "*.nullbite.com"
+            "nullbite.dev"
+            "*.nullbite.dev"
+            "nbt.sh"
+            "*.nbt.sh"
+          ];
+        };
+      };
+    };
+  };
+}