diff --git a/configuration/default.nix b/configuration/default.nix
index f82830f..6d5090f 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -138,6 +138,7 @@
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
     clientMaxBodySize = "10G";
+    domain = "tlater.net";
 
     statusPage = true; # For metrics, should be accessible only from localhost
 
diff --git a/configuration/hardware-specific/hetzner/default.nix b/configuration/hardware-specific/hetzner/default.nix
index f6915ee..899715f 100644
--- a/configuration/hardware-specific/hetzner/default.nix
+++ b/configuration/hardware-specific/hetzner/default.nix
@@ -4,14 +4,6 @@
     ./disko.nix
   ];
 
-  # Intel's special encrypted memory<->CPU feature. Hetzner's BIOS
-  # disables it by default.
-  #
-  # TODO(tlater): See if would be useful for anything?
-  boot.kernelParams = ["nosgx"];
-
-  services.nginx.domain = "116.202.158.55";
-
   systemd.network.networks."eth0" = {
     matchConfig.MACAddress = "90:1b:0e:c1:8c:62";
 
diff --git a/configuration/hardware-specific/linode/default.nix b/configuration/hardware-specific/linode/default.nix
index 8194ec4..b05fade 100644
--- a/configuration/hardware-specific/linode/default.nix
+++ b/configuration/hardware-specific/linode/default.nix
@@ -6,8 +6,6 @@
   # Required for the lish console
   boot.kernelParams = ["console=ttyS0,19200n8"];
 
-  services.nginx.domain = "tlater.net";
-
   boot.loader = {
     # Timeout to allow lish to connect
     timeout = 10;
diff --git a/configuration/hardware-specific/vm.nix b/configuration/hardware-specific/vm.nix
index 8e7720a..32423ab 100644
--- a/configuration/hardware-specific/vm.nix
+++ b/configuration/hardware-specific/vm.nix
@@ -6,7 +6,7 @@
 
   # Sets the base domain for nginx to localhost so that we
   # can easily test locally with the VM.
-  services.nginx.domain = "localhost";
+  services.nginx.domain = lib.mkOverride 99 "localhost";
 
   # Use the staging secrets
   sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml;
diff --git a/modules/default.nix b/modules/default.nix
index de1c7c2..55e356c 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,23 +1,8 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
+{lib, ...}: let
+  inherit (lib) mkOption types;
+in {
   options.services.nginx.domain = lib.mkOption {
     type = lib.types.str;
     description = "The base domain name to append to virtual domain names";
   };
-
-  config = {
-    # Don't attempt to run acme if the domain name is not tlater.net
-    systemd.services = let
-      confirm = ''[[ "tlater.net" = ${config.services.nginx.domain} ]]'';
-    in
-      lib.mapAttrs' (cert: _:
-        lib.nameValuePair "acme-${cert}" {
-          serviceConfig.ExecCondition = ''${pkgs.runtimeShell} -c '${confirm}' '';
-        })
-      config.security.acme.certs;
-  };
 }