diff --git a/global/utils.nix b/global/utils.nix
index d89af09..4981e97 100644
--- a/global/utils.nix
+++ b/global/utils.nix
@@ -84,16 +84,4 @@
 
       systemd.services."${backend}-mc-${name}".serviceConfig.TimeoutSec = "300";
     };
-
-  mkFrpPassthrough = name: port: {
-    services.frp.settings.proxies = [
-      {
-        inherit name;
-        type = "tcp";
-        localIp = "localhost";
-        localPort = port;
-        remotePort = port;
-      }
-    ];
-  };
 }
diff --git a/systems/etna/immich.nix b/systems/etna/immich.nix
index ececb10..7063a31 100644
--- a/systems/etna/immich.nix
+++ b/systems/etna/immich.nix
@@ -1,9 +1,6 @@
-{ config, _utils, ... }:
-let
-  frp = _utils.mkFrpPassthrough "immich" config.services.immich.port;
-in
+{ config, ... }:
 {
-  imports = [ frp ];
+  cfTunnels."im.uku.moe" = "http://localhost:${builtins.toString config.services.immich.port}";
 
   services.immich = {
     enable = true;
diff --git a/systems/vesuvio/certificates.nix b/systems/vesuvio/certificates.nix
deleted file mode 100644
index dce62e8..0000000
--- a/systems/vesuvio/certificates.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ config, ... }:
-{
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "acme@uku.moe";
-      webroot = "/var/lib/acme/acme-challenge";
-    };
-  };
-
-  services.nginx.virtualHosts = {
-    "acme.uku3lig.net" = {
-      serverAliases = [
-        "*.uku3lig.net"
-        "*.uku.moe"
-      ];
-
-      locations."/.well-known/acme-challenge".root = config.security.acme.defaults.webroot;
-    };
-  };
-
-  # /var/lib/acme/acme-challenge must be writable by the ACME user and readable by the Nginx user.
-  # The easiest way to achieve this is to add the Nginx user to the ACME group.
-  users.users.nginx.extraGroups = [ "acme" ];
-}
diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix
index 3ebeff1..46a7b3d 100644
--- a/systems/vesuvio/default.nix
+++ b/systems/vesuvio/default.nix
@@ -1,10 +1,8 @@
 { pkgs, ... }:
 {
   imports = [
-    ./certificates.nix
     ./frp.nix
     ./hetzner.nix
-    ./nginx.nix
   ];
 
   environment.systemPackages = with pkgs; [
@@ -12,16 +10,8 @@
     traceroute
   ];
 
-  services = {
-    nginx.enable = true;
-    openssh = {
-      ports = [ 4269 ];
-      openFirewall = true;
-    };
+  services.openssh = {
+    ports = [ 4269 ];
+    openFirewall = true;
   };
-
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
 }
diff --git a/systems/vesuvio/nginx.nix b/systems/vesuvio/nginx.nix
deleted file mode 100644
index 8b0f506..0000000
--- a/systems/vesuvio/nginx.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  services.nginx.virtualHosts = {
-    # immich
-    "im.uku.moe" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:2283";
-        proxyWebsockets = true;
-      };
-
-      extraConfig = ''
-        client_max_body_size 5000M;
-        proxy_read_timeout 600s;
-        proxy_send_timeout 600s;
-        send_timeout 600s;
-      '';
-    };
-  };
-}