diff --git a/hosts/hub/apps/open-webui.nix b/hosts/hub/apps/open-webui.nix
deleted file mode 100644
index 38b5fdc..0000000
--- a/hosts/hub/apps/open-webui.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, ... }:
-
-{
-  systemd.tmpfiles.rules = [
-    "d /var/lib/open-webui 0755 root root"
-  ];
-
-  virtualisation.oci-containers.containers.open-webui = {
-    image = "ghcr.io/open-webui/open-webui:main";
-    ports = [
-      "8090:8080"
-    ];
-    volumes = [ "/var/lib/open-webui:/app/backend/data" ];
-  };
-
-  services.caddy.virtualHosts."https://open-webui.tailc50184.ts.net".extraConfig = ''
-    bind tailscale/open-webui
-    reverse_proxy http://localhost:8090
-  '';
-
-  networking.firewall.trustedInterfaces = [ "podman0" ];
-}
diff --git a/hosts/hub/apps/paperless.nix b/hosts/hub/apps/paperless.nix
deleted file mode 100644
index 2e3bd6e..0000000
--- a/hosts/hub/apps/paperless.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  services = {
-    paperless = {
-      enable = true;
-      settings = {
-        PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
-        PAPERLESS_ENABLE_HTTP_REMOTE_USER_API = true;
-        PAPERLESS_LOGOUT_REDIRECT_URL = "https://auth.tailc50184.ts.net/logout";
-        PAPERLESS_OCR_USER_ARGS = {
-          "invalidate_digital_signatures" = true;
-        };
-      };
-    };
-
-    caddy.virtualHosts."paperless.tailc50184.ts.net".extraConfig = ''
-      bind tailscale/paperless
-      forward_auth localhost:9091 {
-        uri /api/authz/forward-auth
-        copy_headers Remote-User
-      }
-      reverse_proxy localhost:28981
-    '';
-  };
-}
diff --git a/hosts/hub/default.nix b/hosts/hub/default.nix
index 777a409..5feec1a 100644
--- a/hosts/hub/default.nix
+++ b/hosts/hub/default.nix
@@ -22,13 +22,11 @@
     ../../roles/syncthing.nix
     ./apps/dev.nix
     ./apps/nextcloud.nix
-    ./apps/paperless.nix
     ./apps/searxng.nix
     ./apps/actual.nix
     ./apps/adguard.nix
     ./apps/audiobookshelf.nix
     ./apps/ollama.nix
-    ./apps/open-webui.nix
   ];
 
   boot.loader.grub = {
@@ -141,11 +139,6 @@
     reverse_proxy localhost:9091
   '';
 
-  services.caddy.virtualHosts."auth.tailc50184.ts.net".extraConfig = ''
-    bind tailscale/auth
-    reverse_proxy localhost:9091
-  '';
-
   services.authelia.instances.main.settings.access_control.rules = [
     {
       domain = "syncthing.thewordnerd.info";
diff --git a/roles/authelia.nix b/roles/authelia.nix
index 3a5fce3..abacde7 100644
--- a/roles/authelia.nix
+++ b/roles/authelia.nix
@@ -82,10 +82,6 @@
               domain = "*.thewordnerd.info";
               policy = "one_factor";
             }
-            {
-              domain = "*.tailc50184.ts.net";
-              policy = "one_factor";
-            }
           ];
         };
         session = {
@@ -94,10 +90,6 @@
               domain = "thewordnerd.info";
               authelia_url = "https://auth.thewordnerd.info";
             }
-            {
-              domain = "tailc50184.ts.net";
-              authelia_url = "https://auth.tailc50184.ts.net";
-            }
           ];
         };
         notifier = {
diff --git a/roles/podman.nix b/roles/podman.nix
index e675832..d7453a9 100644
--- a/roles/podman.nix
+++ b/roles/podman.nix
@@ -1,11 +1,7 @@
 {
   virtualisation.podman = {
     enable = true;
-    autoPrune.enable = true;
     dockerCompat = true;
     dockerSocket.enable = true;
-    defaultNetwork.settings = {
-      dns_enabled = true;
-    };
   };
 }