diff --git a/constants.nix b/constants.nix
index 44b9422..af7c34a 100644
--- a/constants.nix
+++ b/constants.nix
@@ -3,15 +3,12 @@ rec {
   hosts = {
     sid = {
       ip = "100.64.0.6";
-      domain = "sid.tail";
     };
     rx4 = {
       ip = "100.64.0.10";
-      domain = "rx4.tail";
     };
     vde = {
       ip = "100.64.0.1";
-      domain = "vde.tail";
     };
   };
   services = {
diff --git a/hosts/sid/services/headscale.nix b/hosts/sid/services/headscale.nix
index adb3296..8d9b55a 100644
--- a/hosts/sid/services/headscale.nix
+++ b/hosts/sid/services/headscale.nix
@@ -1,9 +1,10 @@
 {
   inputs,
-  constants,
   ...
 }:
 
+# TODO: use constants.nix
+
 {
   imports = [
     inputs.synix.nixosModules.headplane
@@ -13,20 +14,20 @@
   services.resolved.enable = false;
   networking.resolvconf.enable = false;
 
-  networking.nameservers = [ constants.hosts.sid.ip ];
+  networking.nameservers = [ "100.64.0.6" ];
 
   services.coredns = {
     enable = true;
-    config = with constants; ''
+    config = ''
       .:53 {
-        bind ${hosts.sid.ip}
+        bind 100.64.0.6
         hosts {
-          ${hosts.sid.ip} sid.tail
-          ${hosts.sid.ip} netdata.sid.tail
-          ${hosts.rx4.ip} rx4.tail
-          ${hosts.rx4.ip} dav.rx4.tail
-          ${hosts.rx4.ip} pw.rx4.tail
-          ${hosts.vde.ip} vde.tail
+          100.64.0.6 sid.tail
+          100.64.0.6 netdata.sid.tail
+          100.64.0.10 rx4.tail
+          100.64.0.10 dav.rx4.tail
+          100.64.0.10 pw.rx4.tail
+          100.64.0.1 vde.tail
           fallthrough
         }
         forward . 1.1.1.1
@@ -61,7 +62,7 @@
         nameservers = {
           global = [ "1.1.1.1" ];
           split = {
-            "tail" = [ constants.hosts.sid.ip ];
+            "tail" = [ "100.64.0.6" ];
           };
         };
       };
diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix
index 74c1c64..d3aaba8 100644
--- a/hosts/sid/services/nginx.nix
+++ b/hosts/sid/services/nginx.nix
@@ -1,6 +1,5 @@
 {
   inputs,
-  config,
   constants,
   lib,
   ...
@@ -16,33 +15,10 @@ in
     inputs.synix.nixosModules.nginx
   ];
 
-  users.users.nginx.extraGroups = [ "tailscale" ];
-  systemd.services.nginx.serviceConfig = {
-    SupplementaryGroups = [ "tailscale" ];
-    Requires = [ "tailscaled.service" ];
-    After = [ "tailscaled.service" ];
-  };
-
-  systemd.services."generate-tailscale-certs-${constants.hosts.sid.domain}" = {
-    wantedBy = [ "multi-user.target" ];
-    before = [ "nginx.service" ];
-    after = [ "tailscaled.service" ];
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = "${config.services.tailscale.package}/bin/tailscale cert ${constants.hosts.sid.domain}";
-      User = "root";
-    };
-  };
-
   services.nginx = {
     enable = true;
     openFirewall = true;
     forceSSL = ssl;
-    virtualHosts."${constants.hosts.sid.domain}" = {
-      sslCertificate = "/var/lib/tailscale/certs/${constants.hosts.sid.domain}.crt";
-      sslCertificateKey = "/var/lib/tailscale/certs/${constants.hosts.sid.domain}.key";
-      forceSSL = true;
-    };
     virtualHosts."${constants.services.docs.fqdn}" = mkVirtualHost {
       inherit ssl;
       address = constants.hosts.rx4.ip;