diff --git a/nix/nas/configuration.nix b/nix/nas/configuration.nix
index d36988b..9b17603 100644
--- a/nix/nas/configuration.nix
+++ b/nix/nas/configuration.nix
@@ -388,26 +388,12 @@
     hostName = "vancouver";
     domain = "gmem.ca";
     firewall = {
-      trustedInterfaces = ["tailscale0" "virbr0"];
+      trustedInterfaces = ["tailscale0"];
       checkReversePath = "loose";
       enable = true;
-      allowedTCPPorts = [ 22 53 80 443 2049 4328 5432 9100 22000 5201 ];
-      allowedUDPPorts = [ 53 41641 22000 21027 ];
+      allowedTCPPorts = [ 22 80 443 9798 2049 ];
+      allowedUDPPorts = [ 41641 ];
     };
-    # useDHCP = false;
-    # bridges = {
-    #   "br0" = {
-    #     interfaces = [ "eno1" ];
-    #   };
-    # };
-    # interfaces.br0.ipv4.addresses = [
-    #   {
-    #     address = "192.168.50.229";
-    #     prefixLength = 24;
-    #   }
-    # ];
-    # defaultGateway = "192.168.50.1";
-    nameservers = ["45.90.28.116" "45.90.30.116"];
     nftables.enable = true;
   };
   environment.systemPackages = with pkgs; [
@@ -441,14 +427,7 @@
   };
   environment.shells = with pkgs; [ zsh fish ];
 
-  users.groups = {
-    k3s = { };
-  };
   users.users = {
-    k3s = {
-      isSystemUser = true;
-      group = "k3s";
-    };
     gsimmer = {
       shell = pkgs.fish;
       isNormalUser = true;
@@ -513,21 +492,6 @@
     dnsProvider = "cloudflare";
     credentialsFile = config.age.secrets.cloudflare-dns.path;
   };
-  security.acme.certs."vancouver.gmem.ca" = {
-    domain = "vancouver.gmem.ca";
-    dnsProvider = "cloudflare";
-    credentialsFile = config.age.secrets.cloudflare-dns.path;
-  };
-  security.acme.certs."request-media.gmem.ca" = {
-    domain = "request-media.gmem.ca";
-    dnsProvider = "cloudflare";
-    credentialsFile = config.age.secrets.cloudflare-dns.path;
-  };
-  security.acme.certs."flood.gmem.ca" = {
-    domain = "flood.gmem.ca";
-    dnsProvider = "cloudflare";
-    credentialsFile = config.age.secrets.cloudflare-dns.path;
-  };
 
   system.stateVersion = "23.05";
 }