diff --git a/flake.lock b/flake.lock
index 3e769b7..43bf480 100644
--- a/flake.lock
+++ b/flake.lock
@@ -29,6 +29,7 @@
       "locked": {
         "lastModified": 1777364820,
         "narHash": "sha256-XHxV1V62RJlU/Y49WD6fNIyESJCHKMVwuoN+WIa3gLg=",
+        "ref": "refs/heads/main",
         "rev": "1cc9dbf2a47b7b329507cc4ddc970e10b968121c",
         "revCount": 6618,
         "type": "git",
diff --git a/flake.nix b/flake.nix
index 05116dd..bae9a27 100644
--- a/flake.nix
+++ b/flake.nix
@@ -71,7 +71,6 @@
           ./services/forgejo.nix
           ./services/forgejo-runner.nix
           ./services/borgbackup.nix
-          ./services/gotosocial.nix
           # ./services/akkoma.nix
         ];
       };
@@ -97,7 +96,6 @@
           ./hosts/vps/disko-config.nix
           ./services/nginx.nix
           ./services/blog.nix
-          ./services/phanpy.nix
           ./services/coturn.nix
           ./services/livekit.nix
           ./services/lk-jwt.nix
diff --git a/services/forgejo.nix b/services/forgejo.nix
index 0ffb849..0009360 100644
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@@ -21,12 +21,4 @@
       SSH_LISTEN_PORT = 2222;
     };
   };
-
-  # Forgejo binds HTTP to 10.10.0.2 (the wg0 inner address). Without this
-  # ordering, forgejo races wireguard at boot, fails to bind, and stays up
-  # only on its all-interfaces SSH listener — leaving the web UI 502'd.
-  systemd.services.forgejo = {
-    after = [ "wireguard-wg0.service" ];
-    requires = [ "wireguard-wg0.service" ];
-  };
 }
diff --git a/services/gotosocial.nix b/services/gotosocial.nix
deleted file mode 100644
index 4d5f548..0000000
--- a/services/gotosocial.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ ... }:
-
-{
-  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8080 ];
-
-  services.gotosocial = {
-    enable = true;
-
-    settings = {
-      application-name = "gotosocial";
-      host = "fedi.ellie.town";
-      protocol = "https";
-
-      bind-address = "10.10.0.2";
-      port = 8080;
-
-      trusted-proxies = [ "10.10.0.1/32" ];
-
-      db-type = "sqlite";
-      db-address = "/var/lib/gotosocial/database.sqlite";
-
-      storage-backend = "local";
-      storage-local-base-path = "/var/lib/gotosocial/storage";
-
-      letsencrypt-enabled = false;
-
-      accounts-registration-open = false;
-      accounts-approval-required = true;
-      accounts-reason-required = false;
-      accounts-allow-custom-css = false;
-
-      instance-languages = [ "en" ];
-      instance-expose-public-timeline = true;
-      instance-expose-peers = false;
-      instance-deliver-to-shared-inboxes = true;
-      instance-federation-mode = "blocklist";
-
-      media-image-strip-metadata = true;
-      media-local-max-size = "40MiB";
-      media-remote-max-size = "40MiB";
-      media-cleanup-from = "00:00";
-      media-cleanup-every = "24h";
-
-      smtp-host = "";
-    };
-  };
-}
diff --git a/services/phanpy.nix b/services/phanpy.nix
deleted file mode 100644
index c78609f..0000000
--- a/services/phanpy.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ pkgs, ... }:
-
-let
-  phanpy = pkgs.stdenv.mkDerivation rec {
-    pname = "phanpy";
-    version = "2026.02.24.48b2cf7";
-
-    src = pkgs.fetchzip {
-      url = "https://github.com/cheeaun/phanpy/releases/download/${version}/phanpy-dist.zip";
-      hash = "sha256-55DI7tr3wvf/jC9S/J71I2YgIKqyPXODKSkZo5SqJM8=";
-      stripRoot = false;
-    };
-
-    installPhase = ''
-      runHook preInstall
-
-      mkdir -p $out
-      cp -r * $out/
-
-      runHook postInstall
-    '';
-  };
-in
-{
-  services.nginx.virtualHosts."phanpy.ellie.town" = {
-    enableACME = true;
-    forceSSL = true;
-    root = "${phanpy}";
-
-    locations."/" = {
-      tryFiles = "$uri $uri/ /index.html";
-    };
-  };
-}
diff --git a/services/wireguard-outer.nix b/services/wireguard-outer.nix
index a4bd435..b6f148f 100644
--- a/services/wireguard-outer.nix
+++ b/services/wireguard-outer.nix
@@ -88,20 +88,28 @@
       };
     };
 
-    virtualHosts."fedi.ellie.town" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."= /".extraConfig = ''
-        return 302 /@ellie;
-      '';
-      locations."/" = {
-        proxyPass = "http://10.10.0.2:8080";
-        proxyWebsockets = true;
-        extraConfig = ''
-          client_max_body_size 40m;
-        '';
-      };
-    };
+    # virtualHosts."akkoma.ellie.town" = {
+    #   enableACME = true;
+    #   forceSSL = true;
+    #   locations."/" = {
+    #     proxyPass = "http://10.10.0.2:4000";
+    #     proxyWebsockets = true;
+    #     extraConfig = ''
+    #       client_max_body_size 16m;
+    #     '';
+    #   };
+    # };
+
+    # virtualHosts."media.ellie.town" = {
+    #   enableACME = true;
+    #   forceSSL = true;
+    #   locations."/" = {
+    #     proxyPass = "http://10.10.0.2:4000";
+    #     extraConfig = ''
+    #       client_max_body_size 16m;
+    #     '';
+    #   };
+    # };
 
     virtualHosts."forgejo.ellie.town" = {
       enableACME = true;