Move common ACME configs into separate module

modules/nginx-acme-base/default.nix

@@ -0,0 +1,15 @@
+{ ... }:
+{
+  networking.firewall.allowedTCPPorts = [
+    443
+  ];
+  security.acme = {
+    acceptTerms = true;
+    email = "admin+acme@zweili.ch";
+  };
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+}

modules/nginx-acme/default.nix

@@ -1,16 +1,9 @@
-{ domain, ... }:
+{ domain, inputs, ... }:
 {
-  networking.firewall.allowedTCPPorts = [
-    443
+  imports = [
+    "${inputs.self}/modules/nginx-acme-base"
   ];
-  security.acme = {
-    acceptTerms = true;
-    email = "admin+acme@zweili.ch";
-  };
   services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
     virtualHosts."${domain}" = {
       enableACME = true;
       forceSSL = true;

systems/raspi-test/default.nix

@@ -9,18 +9,12 @@
     (import "${inputs.self}/modules/restic-server-client" {
       time = "11:30"; inherit config custom inputs pkgs;
     })
+    "${inputs.self}/modules/nginx-acme-base"
     "${inputs.self}/modules/docker"
     "${inputs.self}/modules/haproxy"
   ];
 
-  security.acme = {
-    acceptTerms = true;
-    email = "admin+acme@zweili.ch";
-  };
   services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
     virtualHosts = {
       "2li.ch" = {
         serverAliases = [ "www.2li.ch" ];