diff --git a/modules/nixos/deertopia/authelia.nix b/modules/nixos/deertopia/authelia.nix
index 95d7ad4..770f2c5 100644
--- a/modules/nixos/deertopia/authelia.nix
+++ b/modules/nixos/deertopia/authelia.nix
@@ -132,18 +132,21 @@ in {
          };
        };
 
-       sydnix.deertopia.nginx.vhosts."auth".vhost = {
-         forceSSL = true;
-         enableACME = true;
-         extraConfig = ''
-           set $upstream http://127.0.0.1:${builtins.toString cfg.httpPort};
-         '';
-         locations."/".extraConfig = ''
-           include ${./authelia/proxy.conf};
-           proxy_pass $upstream;
-         '';
-         locations."/api/verify".proxyPass = "$upstream";
-         locations."/api/authz".proxyPass = "$upstream";
+       sydnix.deertopia.nginx.vhosts."auth" = {
+         directory = null;
+         vhost = {
+           forceSSL = true;
+           enableACME = true;
+           extraConfig = ''
+             set $upstream http://127.0.0.1:${builtins.toString cfg.httpPort};
+           '';
+           locations."/".extraConfig = ''
+             include ${./authelia/proxy.conf};
+             proxy_pass $upstream;
+           '';
+           locations."/api/verify".proxyPass = "$upstream";
+           locations."/api/authz".proxyPass = "$upstream";
+         };
        };
 
        # TODO: Remove this.  It's only used for a quick demo for myself.  The
diff --git a/modules/nixos/deertopia/nginx.nix b/modules/nixos/deertopia/nginx.nix
index 5de5e6e..808fa12 100644
--- a/modules/nixos/deertopia/nginx.nix
+++ b/modules/nixos/deertopia/nginx.nix
@@ -71,7 +71,7 @@ in
     services.nginx.enable = true;
 
     networking.firewall.allowedTCPPorts = [
-      80  # HTTP
+      80 # HTTP
       443 # HTTPS
     ];
 
@@ -85,6 +85,11 @@ in
       defaults.email = "lomiskiam@gmail.com";
     };
 
+    sydnix.impermanence.directories = [
+      # Don't regenerate certs on reboot.
+      "/var/lib/acme"
+    ];
+
     services.nginx.virtualHosts =
       builtins.listToAttrs
         (builtins.map