From ce3a40671c0bce7151a27d95a67cdca867b47bf1 Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Fri, 16 Aug 2024 08:55:49 +0200
Subject: [PATCH] acme: make ToS and contact config common

---
 common/base-server.nix        | 3 +++
 common/raito-vm.nix           | 2 --
 hosts/bagel-box/default.nix   | 3 ---
 hosts/build-coord/default.nix | 1 +
 hosts/wob-vpn-gw/netboot.nix  | 2 --
 5 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/common/base-server.nix b/common/base-server.nix
index 5206fea..0b64935 100644
--- a/common/base-server.nix
+++ b/common/base-server.nix
@@ -57,4 +57,7 @@
   ];
 
   time.timeZone = "UTC";
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "infra@forkos.org";
 }
diff --git a/common/raito-vm.nix b/common/raito-vm.nix
index a758605..d17373d 100644
--- a/common/raito-vm.nix
+++ b/common/raito-vm.nix
@@ -30,8 +30,6 @@ in
   config = mkIf cfg.enable {
     services.qemuGuest.enable = true;
     systemd.network.enable = true;
-    security.acme.defaults.email = "bagel-acme@lahfa.xyz";
-    security.acme.acceptTerms = true;
     networking.useDHCP = lib.mkDefault false;
 
     systemd.network.networks."10-nat-lan" = {
diff --git a/hosts/bagel-box/default.nix b/hosts/bagel-box/default.nix
index c7189f9..f8ca29a 100644
--- a/hosts/bagel-box/default.nix
+++ b/hosts/bagel-box/default.nix
@@ -47,9 +47,6 @@
 
   bagel.sysadmin.enable = true;
 
-  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "infra@forkos.org";
-
   services.openssh.enable = true;
 
   system.stateVersion = "24.11";
diff --git a/hosts/build-coord/default.nix b/hosts/build-coord/default.nix
index b7ca17a..05c6ec1 100644
--- a/hosts/build-coord/default.nix
+++ b/hosts/build-coord/default.nix
@@ -1,3 +1,4 @@
+{ lib, ... }:
 {
   imports = [ ./hardware.nix ];
 
diff --git a/hosts/wob-vpn-gw/netboot.nix b/hosts/wob-vpn-gw/netboot.nix
index 08d39ae..db29666 100644
--- a/hosts/wob-vpn-gw/netboot.nix
+++ b/hosts/wob-vpn-gw/netboot.nix
@@ -42,8 +42,6 @@ in {
   networking.firewall.extraInputRules = ''
     ip6 saddr 2a01:584:11::/64 tcp sport < 1024 tcp dport 443 accept;
   '';
-  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "infra@forkos.org";
   services.nginx = {
     enable = true;
     virtualHosts."vpn-gw.wob01.infra.forkos.org" = {