diff --git a/deployment/check/common/nixosTest.nix b/deployment/check/common/nixosTest.nix
index 93bd3fef..2f9ff727 100644
--- a/deployment/check/common/nixosTest.nix
+++ b/deployment/check/common/nixosTest.nix
@@ -82,39 +82,39 @@ in
 
     nodes =
       {
-        deployer = {
-          imports = [ ./deployerNode.nix ];
-          _module.args = { inherit inputs sources; };
-          enableAcme = config.enableAcme;
-          acmeNodeIP = config.nodes.acme.networking.primaryIPAddress;
+        deployer = lib.mkMerge [
+          {
+            imports = [ ./deployerNode.nix ];
+            _module.args = { inherit inputs sources; };
+            enableAcme = config.enableAcme;
+            acmeNodeIP = config.nodes.acme.networking.primaryIPAddress;
+          }
+          (lib.mkIf config.enableAcme {
+            security.acme = {
+              acceptTerms = true;
+              defaults.email = "test@test.com";
+              defaults.server = "https://acme.test/dir";
+            };
+            security.pki.certificateFiles = [
+              (import "${inputs.nixpkgs}/nixos/tests/common/acme/server/snakeoil-certs.nix").ca.cert
+            ];
+            networking.extraHosts = "${config.acmeNodeIP} acme.test";
+          })
+        ];
+        acme = lib.mkIf config.enableAcme {
+          ## FIXME: This makes `nodes.acme` into a local resolver. Maybe this will
+          ## break things once we play with DNS?
+          imports = [ "${inputs.nixpkgs}/nixos/tests/common/acme/server" ];
+          ## We aren't testing ACME - we just want certificates.
+          systemd.services.pebble.environment.PEBBLE_VA_ALWAYS_VALID = "1";
         };
       }
-
-      //
-
-        (
-          if config.enableAcme then
-            {
-              acme = {
-                ## FIXME: This makes `nodes.acme` into a local resolver. Maybe this will
-                ## break things once we play with DNS?
-                imports = [ "${inputs.nixpkgs}/nixos/tests/common/acme/server" ];
-                ## We aren't testing ACME - we just want certificates.
-                systemd.services.pebble.environment.PEBBLE_VA_ALWAYS_VALID = "1";
-              };
-            }
-          else
-            { }
-        )
-
-      //
-
-        genAttrs config.targetMachines (_: {
-          imports = [ ./targetNode.nix ];
-          _module.args = { inherit inputs sources; };
-          enableAcme = config.enableAcme;
-          acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
-        });
+      // genAttrs config.targetMachines (_: {
+        imports = [ ./targetNode.nix ];
+        _module.args = { inherit inputs sources; };
+        enableAcme = config.enableAcme;
+        acmeNodeIP = if config.enableAcme then config.nodes.acme.networking.primaryIPAddress else null;
+      });
 
     testScript = ''
       ${forConcat (attrNames config.nodes) (n: ''
diff --git a/deployment/check/panel/nixosTest.nix b/deployment/check/panel/nixosTest.nix
index fddad457..d5d386b8 100644
--- a/deployment/check/panel/nixosTest.nix
+++ b/deployment/check/panel/nixosTest.nix
@@ -1,5 +1,4 @@
 {
-  inputs,
   lib,
   hostPkgs,
   config,
@@ -151,17 +150,6 @@ in
         (import ../../../panel { }).module
       ];
 
-      ## FIXME: This should be in the common stuff.
-      security.acme = {
-        acceptTerms = true;
-        defaults.email = "test@test.com";
-        defaults.server = "https://acme.test/dir";
-      };
-      security.pki.certificateFiles = [
-        (import "${inputs.nixpkgs}/nixos/tests/common/acme/server/snakeoil-certs.nix").ca.cert
-      ];
-      networking.extraHosts = "${config.acmeNodeIP} acme.test";
-
       services.panel = {
         enable = true;
         production = true;