{ ... }:
# TODO `fysiweb` should import config
#
# `config/default.nix` should automatically be imported by all systems through
# `fysiweb deploy`, if it exists.
{
  users.users.root.openssh.authorizedKeys.keyFiles = [
    ../public/aforemny.id_rsa.pub
    ../public/kirchner.id_rsa.pub
  ];

  security.acme.acceptTerms = true;
  # TODO why do defaults not suffice here?
  #security.acme.certs.defaults.email = "aforemny@posteo.de";
  #security.acme.certs.defaults.webroot = "/var/lib/acme/acme-challenge";
  security.acme.certs."code.nomath.org".email = "aforemny@posteo.de";
  security.acme.certs."code.nomath.org".webroot = "/var/lib/acme/acme-challenge";
  security.acme.certs."nomath.org".email = "aforemny@posteo.de";
  security.acme.certs."nomath.org".webroot = "/var/lib/acme/acme-challenge";
  security.acme.certs."static.nomath.org".email = "aforemny@posteo.de";
  security.acme.certs."static.nomath.org".webroot = "/var/lib/acme/acme-challenge";
  networking.firewall.allowedTCPPorts = [ 80 ];
}