{ lib, pkgs, config, mylibs, ... }:
{
  options.services.myCertificates = {
    certConfig = lib.mkOption {
      default = {
        webroot = "/var/lib/acme/acme-challenge";
        email = "ismael@bouya.org";
        postRun = ''
          systemctl reload httpd.service
        '';
        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
      };
      description = "Default configuration for certificates";
    };
  };

  config = {
    # FIXME: doesn't work with httpd?
    security.acme.preliminarySelfsigned = true;

    security.acme.certs = {
      # FIXME: /!\ To create a new certificate, create it before using
      # it in httpd
      "eldiron" = config.services.myCertificates.certConfig // {
        domain = "eldiron.immae.eu";
        allowKeysForGroup = true;
      };
    };
  };
}