diff --git a/homelab/endpoints.yml b/homelab/endpoints.yml
index e88ae71..9f42ef0 100644
--- a/homelab/endpoints.yml
+++ b/homelab/endpoints.yml
@@ -1,25 +1,25 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: ombi
+  name: flood
 spec:
   ports:
-  - name: ombi
-    port: 3579
-    targetPort: 3579
+  - name: http
+    port: 3000
+    targetPort: 3000
   clusterIP: None
   type: ClusterIP
 ---
 apiVersion: v1
 kind: Endpoints
 metadata:
-  name: ombi
+  name: flood
 subsets:
 - addresses:
-  - ip: 192.168.50.172
+  - ip: 192.168.50.205
   ports:
-  - name: ombi
-    port: 3579
+  - name: flood
+    port: 3000
     protocol: TCP
 ---
 apiVersion: networking.k8s.io/v1
@@ -32,16 +32,16 @@ metadata:
 spec:
   tls:
   - hosts:
-    - request-media.gmem.ca
+    - flood.gmem.ca
     secretName: gmem-ca-wildcard
   rules:
-    - host: request-media.gmem.ca
+    - host: flood.gmem.ca
       http:
         paths:
           - path: /
             pathType: Prefix
             backend:
               service:
-                name:  ombi
+                name:  flood
                 port:
-                  number: 3579
+                  number: 3000
diff --git a/nix/nas/configuration.nix b/nix/nas/configuration.nix
index c71f8c6..ee92c1b 100644
--- a/nix/nas/configuration.nix
+++ b/nix/nas/configuration.nix
@@ -269,19 +269,6 @@
       recommendedZstdSettings = true;
       recommendedOptimisation = true;
       recommendedTlsSettings = true;
-      # We can only proxy one port with Tailscale Funnel so we abuse locations instead.
-      virtualHosts."vancouver.gmem.ca" =  {
-        default = true;
-        enableACME = true;
-        addSSL = true;
-        acmeRoot = null;
-        locations."/" = {
-          root = "/var/www/";
-          extraConfig = ''
-            error_page 404 /404.html;
-          '';
-        };
-      };
       virtualHosts."git.gmem.ca" =  {
         enableACME = true;
         addSSL = true;
@@ -299,23 +286,6 @@
           proxyPass = "http://127.0.0.1:8973/";
         };
       };
-      virtualHosts."flood.gmem.ca" =  {
-        enableACME = true;
-        addSSL = true;
-        acmeRoot = null;
-        locations."/" = {
-          extraConfig =
-            ''
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-
-            client_max_body_size 100M;
-            '';
-          proxyPass = "http://192.168.50.205:3000/";
-        };
-      };
     };
     gitea = {
       enable = true;
@@ -327,6 +297,7 @@
         };
         server = {
           ROOT_URL = "https://git.gmem.ca/";
+          HTTP_ADDR = "127.0.0.1";
           HTTP_PORT = 8973;
         };
         service = {
@@ -470,7 +441,14 @@
   };
   environment.shells = with pkgs; [ zsh fish ];
 
+  users.groups = {
+    k3s = { };
+  };
   users.users = {
+    k3s = {
+      isSystemUser = true;
+      group = "k3s";
+    };
     gsimmer = {
       shell = pkgs.fish;
       isNormalUser = true;