diff --git a/hosts/plover/default.nix b/hosts/plover/default.nix
index 2ebfc7e7..78ee4c2c 100644
--- a/hosts/plover/default.nix
+++ b/hosts/plover/default.nix
@@ -62,6 +62,13 @@ in
     cleanup.enable = true;
   };
 
+  # DNS-related settings. This is nice for automating them putting DNS records
+  # and other types of stuff.
+  security.acme.defaults = {
+    dnsProvider = "porkbun";
+    credentialsFile = config.sops.secrets."plover/lego/env".path;
+  };
+
   services.openssh.hostKeys = [{
     path = config.sops.secrets."plover/ssh-key".path;
     type = "ed25519";
diff --git a/hosts/plover/secrets/secrets.yaml b/hosts/plover/secrets/secrets.yaml
index 30c590a7..65a28316 100644
--- a/hosts/plover/secrets/secrets.yaml
+++ b/hosts/plover/secrets/secrets.yaml
@@ -1,4 +1,6 @@
 ssh-key: ENC[AES256_GCM,data:xkKDGZtID/MVa4RlNPOjiqkVYCsVqZp/Mn6IrT3gKa9tLZ7/+jA3Lnr0IochxfTrrdmoymJk6UqUT+9zjeBzQ6Wt0yrwTJwmAesR6E1sTTW7LDru+72Yur5D0Ov34p9wL6ALefLP/iEmYpoz6+tONcRaY8sXri8EDMCqB1p5idMHWjdzMztFBBp3suRfS/CgHdmJCBVcElNtnIAACWe4ppWr7P8iixVC+PP4sTPGnYh3bvtOK22sZqiWcwmtN0Btqgw0hPkwyqpnV42CXgVIOm85alZEiIVMVAjIXDnhCIyb+pTnfzKvVBs6YXABxphR9pC/uSlctl18bqrOnGnFJL4CRylC0wyqErEP56G/ypj7UZbC7O2ews45cGspvx5A2vJdzL5/mxs0QMH/llVgDUYYTVEb0BWS+31Q8zViSDGUNVn+MTIir7DXCveck/5PAPwbYQmck7ghtT5yk5TpMMD9+Yc4jBSVtrLuo6b35QQzepT/X4j7zVf4vwxO3xsJbJ5Tu/gc9zbMn6nZKF+S,iv:ffYR1jqrwm94SA9OlRwjALcaGvw4tcrJDdT3YhpM2Qk=,tag:bzb4kHxek0T51GbGmG4fEw==,type:str]
+lego:
+    env: ENC[AES256_GCM,data:QUAhhPoHOW2Vzi3UKBPpYOLJYpJveOTqll84gebXH6E4VPa6XQ7CJxUN02cKTmMcq/eavtAzYD/NMxMVHPGu14co2b7vKWY80MHcKVgSOX1r3jeF6H6UCGoUigOobTyhUQe20i4Aab4btvhO3KRZ8Z/niT2uWnihhVBE0bUrCzDDK/awyZSfvrSknc0KojrgUr86z1b6tf3fxSPM8tR+cnzH/SgzOmL4LoqN0t4/pyOt,iv:JaQ/Yz6nGUN4AAqnZWjnOZqfS59WwzOvpqyLWiY6grU=,tag:V4garlpvnO5W681yX4gcyw==,type:str]
 sourcehut:
     network-key: ENC[AES256_GCM,data:8W1cHjGGsvA8p/z07fS9QcPi5WI4Ho1lq5clQ5rFJMDyoWGBnxQ3TJ8eB/I=,iv:44VlT5ID8KXDquDOZMIEPBWl7r+JwbamRdqhBsFO4Rw=,tag:vEV8BEZHlrpZWXP1kRZ4nw==,type:str]
     service-key: ENC[AES256_GCM,data:s/oq5ud8XZAAQwhJDPkPZg77MQAnbZVvposvR1RFMiVclOQtucK2CPxP1Lw65TCCLxMXIeRAOLfhKehIk6Jk5w==,iv:S4BzMYPZtVFhXV0g5qBxjItqCyEQ25Ct6swBut7FefQ=,tag:NNytSDn73zM2Z3uWYjknMw==,type:str]
@@ -35,8 +37,8 @@ sops:
             YTZnVWJBdkVKTDIyN0JjNUVkNU84bmsKVEvYry/jpwScC0wtDqbvE4WtYVm+bBss
             /uTld6ObaI92LLVwdkcApVSzt8AD/vCRD/Kf084oi+fRDFn2JiYChQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-12-02T23:39:58Z"
-    mac: ENC[AES256_GCM,data:9g4mwaqH6+P1gxYlAOT1VVzbGAW7pC2A6MuAzEM5n3ooNemIMnj9GG5WMR9g4d3BYx6Ne8FLWuT2Xi1T1JTtY6vaFuUOMoCt5Lucl4twLeS1zP4wjx5vwGqSgwC2ZB1Gjd3gN1TCoKxhbAy74AClPJZeFuVLvFiDbxmD8AyA3xg=,iv:rssJX9hQL0FX2hlrNQRLDikU2YNwJAL3AjnJASqS/Rc=,tag:yx95SM15geHUMd51uZYTSg==,type:str]
+    lastmodified: "2022-12-03T00:05:00Z"
+    mac: ENC[AES256_GCM,data:H9Vp7CCtWbTLf5MAaaL4QpoFT771vorFsYP8zJxK+KgEVCTL2EsfBpmWMWuau+giX7C/+R5CuPE0FuZBEJtmeE13mFMIhpsv7VkrDKIcQOFKVf8cUZlL6WyhAlPGmqzXzbN3YESsDipYkJkr6e/jVNI7QPeSYm47gy2w2Vcdncg=,iv:jGzIJRTSQq5tEt8V2Etl0lNYl28+qm5AfI+WMtu0DWg=,tag:TfkaOwAwYgDA3S9MHDvr3A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3