diff --git a/lib/options.nix b/lib/options.nix
index 18a0ca1..dd3f22a 100644
--- a/lib/options.nix
+++ b/lib/options.nix
@@ -35,8 +35,6 @@ in {
     dash = [
       [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ]
       [ "Forgejo" "forgejo" "https://git.${domain}" "http://localhost:5080/" ]
-      [ "Copyparty" "files" "https://cdn.${domain}" "http://localhost:3923/" ]
-      [ "CryptPad" "cryptpad" "https://docs.${domain}" "http://localhost:7090/" ]
       [ "CodeServer" "coder" "https://code.proxy.${domain}" "http://localhost:8443/" ]
       [ "AdGuardHome" "adguard" "https://dns.proxy.${domain}" "http://localhost:8088/" ]
       [ "Traefik" "traefikproxy" "https://dynamic.proxy.${domain}/dashboard/" "" ]
@@ -48,15 +46,6 @@ in {
       [ "SearXNG" "searxng" "https://search.proxy.${domain}" "http://localhost:8091/" ]
       [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ]
     ];
-    routes = {
-      "git.${domain}"     = "http://localhost:5080";
-      "cdn.${domain}"     = "http://localhost:3923";
-      "docs.${domain}"    = "http://localhost:7090";
-      "auth.${domain}"    = "http://localhost:1411";
-      "dash.${domain}"    = "http://localhost:5070";
-      "media.${domain}"   = "http://localhost:8096";
-      "gallery.${domain}" = "http://localhost:2284";
-    };
     proxy = {
       base = "proxy.${domain}";
       hosts = {
@@ -76,7 +65,6 @@ in {
         "pass"       = d "http://localhost:8060";
         "auth"       = d "http://localhost:1411";
         "git"        = d "http://localhost:5080";
-        "cdn"        = d "http://localhost:3923";
         "ai"         = d "http://localhost:8080";
         "@"          = d "http://localhost:5070";
       };
diff --git a/modules/system/homelab/cdn.nix b/modules/system/homelab/cdn.nix
deleted file mode 100644
index a481800..0000000
--- a/modules/system/homelab/cdn.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ pkgs, ... }: {
-  environment.systemPackages = with pkgs; [ copyparty-most ];
-
-  # TODO: systemd service
-}
diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix
deleted file mode 100644
index 849e23d..0000000
--- a/modules/system/homelab/docs.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ homelab, ... }: let
-  domain = "docs.${homelab.domain}";
-in {
-  services.cryptpad = {
-    enable = true;
-    settings = {
-      httpPort = 7090;
-      websocketPort = 7080;
-      httpUnsafeOrigin = "https://${domain}";
-      httpSafeOrigin = "https://${domain}";
-      blockDailyCheck = true;
-      disableIntegratedEviction = true;
-    };
-  };
-}
\ No newline at end of file
diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix
index c1a9c8d..8cf0fb6 100644
--- a/modules/system/homelab/tunnels.nix
+++ b/modules/system/homelab/tunnels.nix
@@ -1,11 +1,19 @@
-{ pkgs, lib, homelab, ... }: {
+{ pkgs, lib, homelab, ... }: let
+  routes = {
+    "git.${homelab.domain}"     = "http://localhost:5080";
+    "auth.${homelab.domain}"    = "http://localhost:1411";
+    "dash.${homelab.domain}"    = "http://localhost:5070";
+    "media.${homelab.domain}"   = "http://localhost:8096";
+    "gallery.${homelab.domain}" = "http://localhost:2284";
+  };
+in {
   services.cloudflared = {
     enable = true;
     tunnels.homelab = {
       credentialsFile = "/mnt/data/cloudflared/homelab.json";
       certificateFile = "/mnt/data/cloudflared/cert.pem";
       default = "http_status:404";
-      ingress = homelab.routes;
+      ingress = routes;
     };
   };
   
@@ -24,6 +32,6 @@
     script = lib.concatMapStringsSep "\n" (domain: ''
       echo "Ensuring DNS route for ${domain}..."
       ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/cloudflared/cert.pem route dns ${homelab.cf-tunnel-id} ${domain} || true
-    '') (builtins.attrNames homelab.routes);
+    '') (builtins.attrNames routes);
   };
 }