diff --git a/constants.nix b/constants.nix
index af7c34a..164ef1f 100644
--- a/constants.nix
+++ b/constants.nix
@@ -39,10 +39,6 @@ rec {
       fqdn = "rsshub." + domain;
       port = 1200;
     };
-    vaultwarden = {
-      fqdn = "pw.rx4.tail";
-      port = 8222;
-    };
     webdav = {
       fqdn = "dav.rx4.tail";
       port = 8080;
diff --git a/hosts/rx4/secrets/secrets.yaml b/hosts/rx4/secrets/secrets.yaml
index 51b3768..2cfc73b 100644
--- a/hosts/rx4/secrets/secrets.yaml
+++ b/hosts/rx4/secrets/secrets.yaml
@@ -16,9 +16,6 @@ forgejo-runner:
 webdav:
     user: ENC[AES256_GCM,data:vCLx,iv:Nra/FprNfd02HpvqOb5uYK+IGRFHhNwnFXWrX71c0C0=,tag:TjbKKOKBTq31o/5MxmqIsA==,type:str]
     pass: ENC[AES256_GCM,data:jfIoob6R6OhqKa2EujRzTQbvIlA=,iv:HvB088H2Z2uLCveT4YfNEdkK5VU0lBFD5FrZhx79fg0=,tag:1RnrfeUEURx0C575GTxi9A==,type:str]
-vaultwarden:
-    admin-token: ENC[AES256_GCM,data:HhD0xNZ/Ep7pCOX1j6p/M/ZZ3gs=,iv:7QT71KlYz+HQYBhiRavpiXS9sNS2PoJiM/WkxM3Hk/g=,tag:SYTRWpyA2+WMSMiRM8mvew==,type:str]
-    smtp-password: ENC[AES256_GCM,data:eQo7op5+74EID6689hL0/J1pq2s=,iv:JqrEqxabWGydRuJJ/27e1q+4YnQhTQ1bKRSsOvjQ+bE=,tag:weqnrhqK+LGEfAacBcuPUA==,type:str]
 sops:
     age:
         - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy
@@ -39,7 +36,7 @@ sops:
             NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8
             f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-03T11:36:39Z"
-    mac: ENC[AES256_GCM,data:mIufcQyHd6sWnUCF/G8aRE10uwnntRXGz5R+fK6TbZSBJrRznTBaa4tVLtGo4wSghn4eBRfxecebuxSy0C2CQjBCkMbrjh4I2sYzAb5f8ghG4cQZgccuI7MCfQZ6JAEaa0BY7HJUZzlR9H+6iuDVuWwOO3OKzj0lWUlpDA6aC/M=,iv:qMSu9tYYkoirM2WHx7St/ztWSYxm8/gSosnCZYazNgU=,tag:NuUDG8fpAlBEbvKSq7/5bQ==,type:str]
+    lastmodified: "2026-02-14T18:41:58Z"
+    mac: ENC[AES256_GCM,data:2e546c6VEf7vFGgSM344upn5C7YDGAwi8cLA/RV68ukJMKLvH1gdra4ii77uOaC1sCNan5mV0Kjs5ZVYj81O8PU3WJa9ra8TeAt8F690zTxNWSo1F/4sZxAk8d1WIBoNn4IPkYxi8Ry9+xqK13Q9PvplHc14VArMYC86wU+k5hc=,iv:T3td5G+pdfWzSLDuVkb75uWub6eBPxjqJgOrv3wvaiQ=,tag:vlQJVzFJEDncDzjA3JWM6Q==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.12.1
+    version: 3.11.0
diff --git a/hosts/rx4/services/default.nix b/hosts/rx4/services/default.nix
index 94cc10c..356a390 100644
--- a/hosts/rx4/services/default.nix
+++ b/hosts/rx4/services/default.nix
@@ -19,10 +19,9 @@
     ./print-server.nix
     ./rss-bridge.nix
     ./rsshub-oci.nix
-    ./vaultwarden.nix
+    # ./webdav.nix # FIXME
 
     # ./alditalk-extender.nix # FIXME
-    # ./webdav.nix # FIXME
   ];
 
   # bootstrap
diff --git a/hosts/rx4/services/vaultwarden.nix b/hosts/rx4/services/vaultwarden.nix
deleted file mode 100644
index 4675f1b..0000000
--- a/hosts/rx4/services/vaultwarden.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{
-  constants,
-  config,
-  lib,
-  ...
-}:
-
-let
-  inherit (constants) domain;
-  inherit (constants.services.vaultwarden) fqdn port;
-  inherit (lib) mkForce;
-in
-{
-  services.vaultwarden = {
-    enable = true;
-
-    dbBackend = "postgresql";
-    configurePostgres = true;
-
-    configureNginx = true;
-    domain = fqdn;
-
-    environmentFile = [ config.sops.templates."vaultwarden/env-file".path ];
-
-    config = {
-      SIGNUPS_ALLOWED = false;
-
-      SMTP_FROM = "vaultwarden@${domain}";
-      SMTP_FROM_NAME = "${domain} Vaultwarden server";
-      SMTP_HOST = "mail@${domain}";
-      SMTP_PORT = 587;
-      SMTP_SECURITY = "starttls";
-      SMTP_USERNAME = "vaultwarden@${domain}";
-
-      ROCKET_ADDRESS = "127.0.0.1";
-      ROCKET_PORT = port;
-      ROCKET_LOG = "critical";
-    };
-  };
-
-  services.nginx.virtualHosts."${fqdn}".forceSSL = mkForce false; # let Tailnet handle SSL
-
-  sops =
-    let
-      owner = config.users.users.vaultwarden.name;
-      group = config.users.groups.vaultwarden.name;
-      mode = "0400";
-    in
-    {
-      secrets = {
-        "vaultwarden/admin-token" = {
-          inherit owner group mode;
-        };
-        "vaultwarden/smtp-password" = {
-          inherit owner group mode;
-        };
-      };
-      templates = {
-        "vaultwarden/env-file" = {
-          inherit owner group mode;
-          content = ''
-            ADMIN_TOKEN=${config.sops.placeholder."vaultwarden/admin-token"}
-            SMTP_PASSWORD=${config.sops.placeholder."vaultwarden/smtp-password"}
-          '';
-        };
-      };
-    };
-}
diff --git a/hosts/sid/secrets/secrets.yaml b/hosts/sid/secrets/secrets.yaml
index 5df246e..9e4f07d 100644
--- a/hosts/sid/secrets/secrets.yaml
+++ b/hosts/sid/secrets/secrets.yaml
@@ -29,7 +29,6 @@ netdata:
 mailserver:
     accounts:
         sid: ENC[AES256_GCM,data:xnU/+8BEewcZcbTWroIgCx5ceSFtDPe0Pq//qt3RWk81QWvbJxdukF4EyBSoQ7AqBhf4nDFZZxd4s8rZ,iv:OFhRxXHWOEC9mKGyK2ePfVGpBCDTfv0L+q3xzbXFefI=,tag:iO52YhFsSvb59RbcgXb+9w==,type:str]
-        vaultwarden: ENC[AES256_GCM,data:nSiiyurI0pNGlJiHpgu5jUQIq688IbPKlJCvx4jrFN9TwIY+kfVOaO4KWKkavBYfMZqMuEBr7EAdRULS,iv:OpgfXl1uYLgjOGDTkXFj/wPFUoE6uK89gtXLsB2x6gE=,tag:knJkNQnRCNcc/2nKBYdVCw==,type:str]
 radicale:
     sid: ENC[AES256_GCM,data:/OgIrXnGttIymGw98feiUjKPOIlrgRIC0TNCdBnuJOiA0RzbF0b9SMVzwEZiTEmS82g2lSvxQkE4kZjeOgOC0RLvCyZAmtWojq+g1pN0qhEkhwH0Qtu9wNnSYHuRqh2E5nWzHNGl/eF6zQ==,iv:5XtlyXjpB+XrVvJ7IoM7Gu63xA8vYrcJjUjLPmOMAIU=,tag:SAuYl/wzxnINyVWn9nI5yA==,type:str]
 sops:
@@ -52,7 +51,7 @@ sops:
             RzhnczA0S1pxcXZncGpWVHNYQW96L28K+ytH3PPyg4+wibpAQhp02RiSfZ83EDRB
             UJ8UV1d+51D0e2A1sI95r2AzDj4jfwUnI+LYDPC/qEpsu5LFLGVyeg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-03T11:37:47Z"
-    mac: ENC[AES256_GCM,data:5f4/mIJzzvKhZjES4WA0Ds2g642FDS03oSmH4dUi0pnF01aQD75eZ0HI3vcdks6kY+b5xyH5BJ283cgrnIiG2oPjYsIt8ULFnXZql31QQJArirYC35qf5lIiN4gC0ObzC5nSTR4rzrqpWtmf2vrvxDXWftK+JdwPyPjk/4IAu50=,iv:tfHDum7KB+nYQnxfukm+w/BotWW+Itmn11yy6O4V6oE=,tag:0/sFkH9Z2ZP2wzVfJEYFqA==,type:str]
+    lastmodified: "2026-02-01T22:55:09Z"
+    mac: ENC[AES256_GCM,data:l+lTLQJ5FRAmvCNIDDFr4gpEvGw0csSKIeI8MnBfM5qsC+wg0d8JSAvBB1m+P/IKLeRoV4AdLuNaflisVoU+dVnk7yX7/lLKt5dfARoFX6zU+u4G4Q6jmpq80CegHFJNWMJE2NAMVrP6m465foWkXlhZIpyT0FBSwtaZkoc74Hg=,iv:H4sxdjPc1C3XxHkHPAooN2cRCHKd4CpzfoH7UM8t/q4=,tag:JHhdlg4g+8kIN0CngGaOaA==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.12.1
+    version: 3.11.0
diff --git a/hosts/sid/services/headscale.nix b/hosts/sid/services/headscale.nix
index 8d9b55a..c4673cb 100644
--- a/hosts/sid/services/headscale.nix
+++ b/hosts/sid/services/headscale.nix
@@ -26,7 +26,6 @@
           100.64.0.6 netdata.sid.tail
           100.64.0.10 rx4.tail
           100.64.0.10 dav.rx4.tail
-          100.64.0.10 pw.rx4.tail
           100.64.0.1 vde.tail
           fallthrough
         }
diff --git a/hosts/sid/services/mailserver.nix b/hosts/sid/services/mailserver.nix
index caa2b9f..c6946d8 100644
--- a/hosts/sid/services/mailserver.nix
+++ b/hosts/sid/services/mailserver.nix
@@ -10,7 +10,6 @@
       sid = {
         aliases = [ "postmaster" ];
       };
-      vaultwarden = { };
     };
   };
 }