From 0cc3c9888d3061d89e675dfb3a4a7041c269488c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Tue, 3 Feb 2026 05:20:22 +0100
Subject: [PATCH] fixup! pki: add new vault root ca to pki

---
 hosts/vaulttest01/configuration.nix | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/hosts/vaulttest01/configuration.nix b/hosts/vaulttest01/configuration.nix
index fae5005..96baf1e 100644
--- a/hosts/vaulttest01/configuration.nix
+++ b/hosts/vaulttest01/configuration.nix
@@ -106,15 +106,8 @@
   };
 
   # Test ACME certificate issuance from OpenBao PKI
-  # Override the global ACME server to use OpenBao instead of step-ca
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      server = "https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory";
-      email = "root@home.2rjus.net";
-      dnsPropagationCheck = false;
-    };
-  };
+  # Override the global ACME server (from system/acme.nix) to use OpenBao instead of step-ca
+  security.acme.defaults.server = lib.mkForce "https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory";
 
   # Request a certificate for this host
   # Using HTTP-01 challenge with standalone listener on port 80