diff --git a/hosts/sakoserver/configuration.nix b/hosts/sakoserver/configuration.nix
index 4f8ad95d..afeeb6e0 100644
--- a/hosts/sakoserver/configuration.nix
+++ b/hosts/sakoserver/configuration.nix
@@ -66,7 +66,7 @@
       postgresql.enable = true;
       services = {
         forgejo.enable = true;
-        # headscale.enable = true;
+        headscale.enable = true;
       };
     };
   };
diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix
index 19c60564..054bde62 100644
--- a/modules/server/nginx.nix
+++ b/modules/server/nginx.nix
@@ -9,6 +9,9 @@ in {
     security.acme = {
       acceptTerms = true;
       defaults.email = "Sayeko@proton.me";
+      defaults.server =
+        "https://acme-staging-v02.api.letsencrypt.org/directory";
+      defaults.group = config.services.nginx.group;
     };
     services.nginx = {
       enable = true;
diff --git a/modules/server/services/headscale.nix b/modules/server/services/headscale.nix
index 9013d683..2f64de0e 100644
--- a/modules/server/services/headscale.nix
+++ b/modules/server/services/headscale.nix
@@ -26,7 +26,6 @@ in {
           v4 = "100.64.0.0/10";
           v6 = "fd7a:115c:a1e0::/48";
         };
-        # TODOOOOO POSTGRES NOW NOWNOW
         database = {
           type = "sqlite3";
           debug = false;
@@ -81,6 +80,8 @@ in {
           '';
         };
 
+        security.acme.certs."headscale.sako.lol" = { };
+
         systemd.services = { tailscaled.after = [ "headscale.service" ]; };
 
       };