diff --git a/configuration.nix b/configuration.nix
index 20073cc..2daf606 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,11 +1,10 @@
 # vim: tabstop=2 shiftwidth=2 expandtab
 let
-  base-domain = "005540.xyz";
+  base-domain = "paperless-testing.hummingbird-stork.ts.net";
 in
 { lib, ... }: {
   imports = [
     ./hardware-configuration.nix
-    ./networking.nix
     ./audit.nix
 
     ./openssh.nix
@@ -25,9 +24,8 @@ in
     ./postgresql.nix
 
     (import ./sourcehut.nix { inherit base-domain; })
+
     (import ./paperless.nix { inherit base-domain lib; })
-    (import ./mailserver.nix { inherit base-domain; })
-    (import ./syncthing.nix { inherit base-domain; })
 
     ./userprogs.nix
   ];
@@ -38,8 +36,10 @@ in
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
+  networking.hostName = "paperless-testing";
   users.users.root.initialPassword = "asunarovow";
+  networking.domain = "";
   nix.allowedUsers = [ "@wheel" "root" ];
-  console.keyMap = "us";
+  console.keyMap = "fr";
   system.stateVersion = "23.11";
 }
diff --git a/firewall.nix b/firewall.nix
index 9ad7ab3..8074529 100644
--- a/firewall.nix
+++ b/firewall.nix
@@ -1,8 +1,8 @@
 {
   networking.firewall = {
     enable = true;
-    allowedTCPPorts = [ 22 80 443 21 25 465 587 143 993 995 110 22000 ];
-    allowedUDPPorts = [ 22 80 443 25 465 587 143 993 995 110 22000 ];
+    allowedTCPPorts = [ 22 80 443 21 ];
+    allowedUDPPorts = [ 22 80 443 ];
     allowedTCPPortRanges = [
       # vsftpd passive
       {
diff --git a/flake.lock b/flake.lock
index 7fd3990..3305ce1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,44 +1,12 @@
 {
   "nodes": {
-    "blobs": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1604995301,
-        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
-        "owner": "simple-nixos-mailserver",
-        "repo": "blobs",
-        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
-        "type": "gitlab"
-      },
-      "original": {
-        "owner": "simple-nixos-mailserver",
-        "repo": "blobs",
-        "type": "gitlab"
-      }
-    },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1735563628,
-        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
+        "lastModified": 1724316499,
+        "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
+        "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
         "type": "github"
       },
       "original": {
@@ -48,96 +16,9 @@
         "type": "github"
       }
     },
-    "nixpkgs-24_05": {
-      "locked": {
-        "lastModified": 1717144377,
-        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-24.05",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1717602782,
-        "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-unstable",
-        "type": "indirect"
-      }
-    },
     "root": {
       "inputs": {
-        "nixpkgs": "nixpkgs",
-        "simple-nixos-mailserver": "simple-nixos-mailserver"
-      }
-    },
-    "simple-nixos-mailserver": {
-      "inputs": {
-        "blobs": "blobs",
-        "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-24_05": "nixpkgs-24_05",
-        "utils": "utils"
-      },
-      "locked": {
-        "lastModified": 1734885828,
-        "narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=",
-        "owner": "simple-nixos-mailserver",
-        "repo": "nixos-mailserver",
-        "rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55",
-        "type": "gitlab"
-      },
-      "original": {
-        "owner": "simple-nixos-mailserver",
-        "ref": "nixos-24.05",
-        "repo": "nixos-mailserver",
-        "type": "gitlab"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1709126324,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
+        "nixpkgs": "nixpkgs"
       }
     }
   },
diff --git a/flake.nix b/flake.nix
index 6069e04..7bbadba 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,15 +3,13 @@
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
-    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
   };
 
-  outputs = { nixpkgs, simple-nixos-mailserver, ... }: {
+  outputs = { self, nixpkgs, ... }: {
     nixosConfigurations.quasar = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       modules = [
         ./configuration.nix
-        simple-nixos-mailserver.nixosModule
       ];
     };
   };
diff --git a/mailserver.nix b/mailserver.nix
deleted file mode 100644
index a185570..0000000
--- a/mailserver.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ base-domain, ... }:
-let
-  fqdn = "mail.${base-domain}";
-in
-{
-  mailserver = {
-    enable = false;
-    debug = true;
-    inherit fqdn;
-    domains = [ base-domain ];
-
-    loginAccounts = {
-      "khais.colin@${base-domain}" = {
-        # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
-        hashedPasswordFile = "/etc/nixos/secrets/mailserver/khais.colin.hashpassword";
-      };
-    };
-
-    certificateScheme = "acme-nginx";
-  };
-}
diff --git a/networking.nix b/networking.nix
deleted file mode 100644
index a719cda..0000000
--- a/networking.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  networking.hostName = "quasar";
-  networking.domain = "";
-  networking.interfaces.ens18 = {
-    ipv6.addresses = [{
-      address = "2a02:c206:2209:5178:0000:0000:0000:0001";
-      prefixLength = 64;
-    }];
-  };
-  networking.defaultGateway6 = {
-    address = "fe80::1";
-    interface = "ens18";
-  };
-}
diff --git a/nginx.nix b/nginx.nix
index a30b407..f06429d 100644
--- a/nginx.nix
+++ b/nginx.nix
@@ -6,9 +6,14 @@
     recommendedOptimisation = true;
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
+    serverNamesHashBucketSize = 128;
     virtualHosts = {
       "${base-domain}" = {
         enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://localhost:28981";
+        };
       };
       "sourcehut.${base-domain}" = {
         enableACME = true;
@@ -26,13 +31,6 @@
           proxyPass = "http://localhost:28981";
         };
       };
-      "syncthing.${base-domain}" = { 
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://syncthing.${base-domain}:8384";
-        };
-      };
     };
   };
 }
diff --git a/paperless.nix b/paperless.nix
index 4ca3cb4..7a81332 100644
--- a/paperless.nix
+++ b/paperless.nix
@@ -19,9 +19,6 @@ in
       PAPERLESS_OCR_USER_ARGS = {
         optimize = 1;
         pdfa_image_compression = "lossless";
-        # do not fail to import documents that have a digital signature
-        # https://github.com/paperless-ngx/paperless-ngx/discussions/4047#discussioncomment-7019544
-        invalidate_digital_signatures = true;
       };
       PAPERLESS_TIME_ZONE = "Europe/Paris";
       PAPERLESS_CONSUMER_ENABLE_BARCODES = "true";
@@ -29,7 +26,6 @@ in
       PAPERLESS_CONSUMER_BARCODE_SCANNER = "ZXING";
       PAPERLESS_TASK_WORKERS = "4";
       PAPERLESS_THREADS_PER_WORKER = "1";
-      PAPERLESS_WORKER_TIMEOUT = "18000";
     };
   };
   users.groups.paperless-upload = {};
diff --git a/sourcehut.nix b/sourcehut.nix
index 957473c..9d8e4c1 100644
--- a/sourcehut.nix
+++ b/sourcehut.nix
@@ -4,8 +4,6 @@ let
   fqdn = "sourcehut.${base-domain}";
 in
 {
-  # workaround: https://github.com/NixOS/nixpkgs/issues/317865
-  programs.git.config.safe.directory = "*";
   services.sourcehut = {
     enable = true;
     meta = {
diff --git a/syncthing.nix b/syncthing.nix
deleted file mode 100644
index 5d099ad..0000000
--- a/syncthing.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ base-domain, ... }:
-let
-  fqdn = "syncthing.${base-domain}:8384";
-in
-{
-  services.syncthing = {
-    enable = true;
-    guiAddress = fqdn;
-  };
-}