diff --git a/README.md b/README.md
index 448c91d..eab1983 100644
--- a/README.md
+++ b/README.md
@@ -51,7 +51,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home
 - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations
 - syncthing folder passwords
 - move fail2ban configs out of fail2ban.nix and into configs for their respective services
-- nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy
 ## New Features
 - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs)
 - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init
diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix
index 9d6a434..3ea37e9 100644
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@@ -77,7 +77,7 @@
     };
     reverse_proxy = {
       enable = true;
-      enableACME = true;
+      enableACME = false;
       hostname = "jan-leila.com";
     };
     postgres = {
diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix
index 63f67d2..ba6d81f 100644
--- a/modules/nixos-modules/server/home-assistant.nix
+++ b/modules/nixos-modules/server/home-assistant.nix
@@ -18,40 +18,17 @@ in {
     {
       services.home-assistant = {
         enable = true;
-        extraComponents = [
-          "esphome"
-          "met"
-          "radio_browser"
-          "isal"
-        ];
         config.http = {
           server_port = 8082;
           use_x_forwarded_for = true;
-          trusted_proxies = ["127.0.0.1" "::1"];
+          trusted_proxies = ["127.0.0.1"];
           ip_ban_enabled = true;
           login_attempts_threshold = 10;
         };
-        extraPackages = python3Packages:
-          with python3Packages; [
-            numpy
-            gtts
-          ];
       };
       host = {
         reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = {
           target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}";
-          websockets = true;
-          extraConfig = ''
-            add_header Upgrade $http_upgrade;
-            add_header Connection \"upgrade\";
-            proxy_set_header Host $host;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-            proxy_set_header X-Forwarded-Host $server_name;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_read_timeout 90;
-          '';
         };
       };
     }
diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix
index 4746ad3..78afbc7 100644
--- a/modules/nixos-modules/server/jellyfin.nix
+++ b/modules/nixos-modules/server/jellyfin.nix
@@ -31,42 +31,12 @@ in {
             {
               ${config.host.jellyfin.subdomain} = {
                 target = "http://localhost:${toString jellyfinPort}";
-                extraConfig = ''
-                  client_max_body_size 20M;
-                  add_header X-Content-Type-Options "nosniff";
-                  add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'";
-                  add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
-
-                  proxy_set_header Host $host;
-                  proxy_set_header X-Real-IP $remote_addr;
-                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                  proxy_set_header X-Forwarded-Proto $scheme;
-                  proxy_set_header X-Forwarded-Protocol $scheme;
-                  proxy_set_header X-Forwarded-Host $http_host;
-
-                  proxy_buffering off;
-                '';
               };
             }
           ]
           ++ (builtins.map (subdomain: {
               ${subdomain} = {
                 target = "http://localhost:${toString jellyfinPort}";
-                extraConfig = ''
-                  client_max_body_size 20M;
-                  add_header X-Content-Type-Options "nosniff";
-                  add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'";
-                  add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
-
-                  proxy_set_header Host $host;
-                  proxy_set_header X-Real-IP $remote_addr;
-                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                  proxy_set_header X-Forwarded-Proto $scheme;
-                  proxy_set_header X-Forwarded-Protocol $scheme;
-                  proxy_set_header X-Forwarded-Host $http_host;
-
-                  proxy_buffering off;
-                '';
               };
             })
             config.host.jellyfin.extraSubdomains));
diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix
index a406b14..a218b3f 100644
--- a/modules/nixos-modules/server/reverse_proxy.nix
+++ b/modules/nixos-modules/server/reverse_proxy.nix
@@ -31,13 +31,6 @@ in {
             description = "where should this host point to";
           };
           websockets = lib.mkEnableOption "should websockets be proxied";
-          extraConfig = lib.mkOption {
-            type = lib.types.lines;
-            default = "";
-            description = ''
-              These lines go to the end of the upstream verbatim.
-            '';
-          };
         };
       }));
       default = {};
@@ -60,7 +53,6 @@ in {
             locations."/" = {
               proxyPass = value.target;
               proxyWebsockets = value.websockets;
-              extraConfig = value.extraConfig;
             };
           })
         config.host.reverse_proxy.subdomains;