fixup! pki: add new vault root ca to pki

hosts/vaulttest01/configuration.nix

@@ -106,15 +106,8 @@
   };
 
   # Test ACME certificate issuance from OpenBao PKI
-  # Override the global ACME server to use OpenBao instead of step-ca
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      server = "https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory";
-      email = "root@home.2rjus.net";
-      dnsPropagationCheck = false;
-    };
-  };
+  # Override the global ACME server (from system/acme.nix) to use OpenBao instead of step-ca
+  security.acme.defaults.server = lib.mkForce "https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory";
 
   # Request a certificate for this host
   # Using HTTP-01 challenge with standalone listener on port 80