diff --git a/fediversity/default.nix b/fediversity/default.nix
index 46ee05d..0fed04f 100644
--- a/fediversity/default.nix
+++ b/fediversity/default.nix
@@ -100,4 +100,14 @@ in {
       };
     };
   };
+
+  config = {
+    ## FIXME: This should clearly go somewhere else; and we should have a
+    ## `staging` vs. `production` setting somewhere.
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = "nicolas.jeannerod+fediversity@moduscreate.com";
+      defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+    };
+  };
 }
diff --git a/fediversity/pixelfed.nix b/fediversity/pixelfed.nix
index da77fea..c9b48a0 100644
--- a/fediversity/pixelfed.nix
+++ b/fediversity/pixelfed.nix
@@ -50,6 +50,8 @@ lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
     ##
     ## TODO: If that indeed makes sense, upstream.
     nginx = {
+      forceSSL = true;
+      enableACME = true;
       # locations."/public/".proxyPass = "${config.fediversity.internal.garage.web.urlFor "pixelfed"}/public/";
     };
   };