diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix
index 10028cd..0415b9f 100644
--- a/modules/nixos/common/default.nix
+++ b/modules/nixos/common/default.nix
@@ -2,10 +2,11 @@
 
 {
   imports = [
-    ./journald.nix
     ./nix.nix
     ./overlays.nix
 
+    ../pki
+
     inputs.synix.nixosModules.device.server
   ];
 
diff --git a/modules/nixos/common/journald.nix b/modules/nixos/common/journald.nix
deleted file mode 100644
index d31ada4..0000000
--- a/modules/nixos/common/journald.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  services.journald.upload = {
-    enable = true;
-    settings.Upload.URL = "http://100.64.0.5:19532";
-  };
-}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index f831ea8..540f4ee 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -6,6 +6,7 @@
   forgejo-runner = import ./forgejo-runner;
   gnome = import ./gnome;
   monero = import ./monero;
+  pki = import ./pki;
   rsshub-oci = import ./rsshub-oci;
   tailscale = import ./tailscale;
   xfce = import ./xfce;
diff --git a/modules/nixos/pki/default.nix b/modules/nixos/pki/default.nix
new file mode 100644
index 0000000..9b849f6
--- /dev/null
+++ b/modules/nixos/pki/default.nix
@@ -0,0 +1,3 @@
+{
+  security.pki.certificateFiles = [ ./root_ca.crt ];
+}
diff --git a/modules/nixos/pki/root_ca.crt b/modules/nixos/pki/root_ca.crt
new file mode 100644
index 0000000..44abf61
--- /dev/null
+++ b/modules/nixos/pki/root_ca.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBrzCCAVWgAwIBAgIQDV0M0pLkCXvARpa+ipSx8jAKBggqhkjOPQQDAjA2MRUw
+EwYDVQQKEwxzaWQtaW50ZXJuYWwxHTAbBgNVBAMTFHNpZC1pbnRlcm5hbCBSb290
+IENBMB4XDTI2MDQxODIwMzkwMloXDTM2MDQxNTIwMzkwMlowNjEVMBMGA1UEChMM
+c2lkLWludGVybmFsMR0wGwYDVQQDExRzaWQtaW50ZXJuYWwgUm9vdCBDQTBZMBMG
+ByqGSM49AgEGCCqGSM49AwEHA0IABCH2VmIwKEjdma4UymD7RWuGcaT2algrL5nm
+TE0NzP8giezdU9bEP487AvUPPibSYDWxdp4ycbl6qNVTiy29xkmjRTBDMA4GA1Ud
+DwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRaiBACRDZk
+HZMU9y8YsUF4WPB+5TAKBggqhkjOPQQDAgNIADBFAiAh+b49V2VTnT6nRCRM0Qwq
+ruzayrrnmF7pIxi9PVFwBQIhANQsL3ok4gCTRAnT0mUXSyWexzSESZ1lkpLYiyoj
+RgLi
+-----END CERTIFICATE-----