diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix
index 939b04d178..f1103df13b 100644
--- a/ops/nixos/default.nix
+++ b/ops/nixos/default.nix
@@ -50,7 +50,8 @@ let
   rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
   systemCfgs = lib.genAttrs systems
     (name: import (./. + "/${name}"));
-  evaledSystems = lib.filterAttrs (n: v: v.config.my.systemType == system) (mapAttrs systemFor systemCfgs);
+  allEvaledSystems = mapAttrs systemFor systemCfgs;
+  evaledSystems = lib.filterAttrs (n: v: v.config.my.systemType == system) allEvaledSystems;
   systemDrvs = mapAttrs (_: sys: sys.config.system.build.toplevel) evaledSystems;
   systemTailscaleIPs = lib.mapAttrs' (n: v: lib.nameValuePair v [n]) (lib.filterAttrs (n: v: v != null) (mapAttrs (_: sys: sys.config.my.ip.tailscale) evaledSystems));
 
@@ -79,7 +80,7 @@ let
   installcdSystem = systemFor "installcd" (import ./installcd);
 in systemDrvs // {
   systems = systemDrvs;
-  systemConfigs = evaledSystems;
+  systemConfigs = allEvaledSystems;
   systemExporters = systemExporters;
   tailscaleIPs = systemTailscaleIPs;
   scrapeJournalHosts = scrapeJournalHosts;
diff --git a/ops/vault/cfg/module-acme-ca.nix b/ops/vault/cfg/module-acme-ca.nix
index 91b193d689..db2a7ac972 100644
--- a/ops/vault/cfg/module-acme-ca.nix
+++ b/ops/vault/cfg/module-acme-ca.nix
@@ -79,6 +79,9 @@ in {
     resource.vault_mount.acme = {
       path = config.my.acme.mountPoint;
       type = "acme";
+
+      max_lease_ttl_seconds = 90 * 86400;
+      default_lease_ttl_seconds = 90 * 86400;
     };
 
     resource.vault_generic_endpoint = mkMergeIf [