diff --git a/flake.nix b/flake.nix
index 1c23e61..1cbc4c3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -88,7 +88,6 @@
               pkgs.home-manager
               pkgs.sops
               pkgs.git
-              pkgs.git-crypt
               pkgs.just
               pkgs.nh
             ];
diff --git a/home/hosts/y2q.nix b/home/hosts/y2q.nix
index 43bcf83..56c8d04 100644
--- a/home/hosts/y2q.nix
+++ b/home/hosts/y2q.nix
@@ -4,7 +4,6 @@
   imports = [
     inputs.nixvim.homeModules.nixvim
 
-    ../modules/runit
     ../modules/cli/git.nix
     ../modules/cli/ripgrep.nix
     ../modules/cli/btop.nix
diff --git a/home/modules/runit/default.nix b/home/modules/runit/default.nix
deleted file mode 100644
index 478700f..0000000
--- a/home/modules/runit/default.nix
+++ /dev/null
@@ -1,87 +0,0 @@
-{ config, lib, ... }:
-
-{
-  imports = (
-    let
-      servicesPath = ./services;
-      serviceModules = builtins.attrNames (builtins.readDir (servicesPath));
-    in
-      map (module: servicesPath + "/${module}") serviceModules
-  );
-
-  options.runit = {
-    services = lib.mkOption {
-      type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
-        options = {
-          script = lib.mkOption {
-            type = lib.types.str;
-            description = "Shell commands executed as the service's main process";
-          };
-          log.enable = lib.mkEnableOption "Enable logging";
-          environment = lib.mkOption {
-            type = lib.types.attrsOf lib.types.str;
-            default = {};
-            description = "Environment variables passed to the service's processes";
-          };
-          environmentFile = lib.mkOption {
-            type = lib.types.nullOr lib.types.path;
-            default = null;
-            description = "Environment file passed to the service";
-          };
-        };
-      }));
-    };
-    default = {};
-    description = "User-level runit services under ~/runit/services/";
-  };
-
-  config = {
-    home.file = lib.mkMerge (
-      lib.mapAttrsToList (serviceName: sCfg:
-        let
-          envExports = lib.concatStringsSep "\n" (
-            lib.mapAttrsToList (k: v: "export ${k}='${v}'") sCfg.environment
-          );
-          envFile = lib.mkIf (sCfg.environmentFile != null) {
-            "runit/services/${serviceName}/.env" = {
-              source = sCfg.environmentFile;
-            };
-          };
-          envFileSetup = if sCfg.environmentFile != null then ''
-            set -a
-            source .env
-            set +a
-          '' else "";
-          stderrToStdout = if sCfg.log.enable then "exec 2>&1" else "";
-        in
-        lib.mkMerge [
-          {
-            # run script
-            "runit/services/${serviceName}/run" = {
-              text = ''
-                #!/usr/bin/env bash
-                ${stderrToStdout}
-                ${envExports}
-                ${envFileSetup}
-                ${sCfg.script}
-              '';
-              executable = true;
-            };
-
-            # logging
-            "runit/services/${serviceName}/log/run" = lib.mkIf sCfg.log.enable {
-              text = ''
-                #!/bin/sh
-                mkdir -p main
-                exec svlogd -tt ./main
-              '';
-              executable = true;
-            };
-          }
-          envFile
-        ]
-      ) config.runit.services
-    );
-  };
-}
-
diff --git a/home/modules/runit/services/caddy.nix b/home/modules/runit/services/caddy.nix
deleted file mode 100644
index 34b827c..0000000
--- a/home/modules/runit/services/caddy.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ pkgs, config, ... }:
-
-{
-  home.file.".config/caddy/Caddyfile".text = ''
-    {
-      http_port 8080
-      https_port 8443
-      auto_https off
-    }
-
-    # Cloudflare Tunnel
-    http://gist.toast.name {
-      # Opengist
-      reverse_proxy http://localhost:${config.runit.services.opengist.environment.OG_HTTP_PORT}
-    }
-    
-    # Tailscale
-    http://y2q.ts.toast.name {
-      # Glances
-      reverse_proxy http://localhost:61208
-    }
-
-    http://grafana.ts.toast.name {
-      # Grafana
-      reverse_proxy http://localhost:${config.runit.services.grafana.environment.GF_SERVER_HTTP_PORT}
-    }
-  '';
-
-  runit.services.caddy = {
-    script = ''
-      exec ${pkgs.caddy}/bin/caddy run \
-        --config "$HOME/.config/caddy/Caddyfile" \
-        --adapter caddyfile
-    '';
-    log.enable = true;
-  };
-}
diff --git a/home/modules/runit/services/cloudflared.nix b/home/modules/runit/services/cloudflared.nix
deleted file mode 100644
index 6e601bf..0000000
--- a/home/modules/runit/services/cloudflared.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ pkgs, config, rootPath, lib, ... }:
-
-let
-  tunnel = "cb0d9c2c-48f9-4bca-9e81-ef92423c5afa";
-  subdomains = [
-    "gist.toast.name"
-  ];
-in
-{
-  home.file.".cloudflared/${tunnel}.json".source = rootPath + /secrets/gitcrypt/cloudflared/${tunnel}.json;
-  home.file.".cloudflared/cert.pem".source = rootPath + /secrets/gitcrypt/cloudflared/cert.pem;
-  home.file.".cloudflared/config.yml".text = ''
-    tunnel: ${tunnel}
-    credentials-file: ${config.home.homeDirectory}/.cloudflared/${tunnel}.json
-
-    ingress:
-    ${lib.concatMapStringsSep "\n" (host: ''
-      ${"  "}- hostname: ${host}
-      ${"  "}  service: http://localhost:80
-    '') subdomains}
-    ${"  "}- service: http_status:404
-  '';
-
-  runit.services.cloudflared = {
-    script = ''
-      exec ${pkgs.cloudflared}/bin/cloudflared tunnel run
-    '';
-    log.enable = true;
-  };
-}
diff --git a/home/modules/runit/services/glances.nix b/home/modules/runit/services/glances.nix
deleted file mode 100644
index 94db540..0000000
--- a/home/modules/runit/services/glances.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-
-{
-  runit.services.glances = {
-    script = ''
-      exec ${pkgs.glances}/bin/glances -w
-    '';
-  };
-}
diff --git a/home/modules/runit/services/grafana.nix b/home/modules/runit/services/grafana.nix
deleted file mode 100644
index c8d2d73..0000000
--- a/home/modules/runit/services/grafana.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ pkgs, config, ... }:
-
-{
-  runit.services.grafana = {
-    script = ''
-      HOME_PATH=$HOME/services/grafana
-      mkdir -p "$HOME_PATH"
-
-      exec ${pkgs.grafana}/bin/grafana server \
-        --homepath ${pkgs.grafana}/share/grafana
-    '';
-
-    environment = {
-      GF_SERVER_HTTP_ADDR = "127.0.0.1";
-      GF_SERVER_HTTP_PORT = "3000";
-      GF_PATHS_DATA = "${config.home.homeDirectory}/services/grafana";
-    };
-
-    log.enable = true;
-  };
-}
diff --git a/home/modules/runit/services/opengist.nix b/home/modules/runit/services/opengist.nix
deleted file mode 100644
index d7929c7..0000000
--- a/home/modules/runit/services/opengist.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ pkgs, rootPath, ... }:
-
-{
-  runit.services.opengist = {
-    script = ''
-      exec ${pkgs.opengist}/bin/opengist start
-    '';
-    
-    environment = {
-      OG_HTTP_HOST = "127.0.0.1";
-      OG_HTTP_PORT = "6157";
-      OG_SSH_HOST = "127.0.0.1";
-      OG_SSH_PORT = "6522";
-    };
-
-    environmentFile = rootPath + /secrets/gitcrypt/opengist.env;
-
-    log.enable = true;
-  };
-}
diff --git a/home/modules/runit/services/prometheus.nix b/home/modules/runit/services/prometheus.nix
deleted file mode 100644
index fbb5d2c..0000000
--- a/home/modules/runit/services/prometheus.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ pkgs, config, ... }:
-
-{
-  home.file.".config/prometheus/prometheus.yml".text = ''
-    global:
-      scrape_interval: 1m
-    
-    scrape_configs:
-      - job_name: 'restic_rest_server'
-        static_configs:
-          - targets: ['${config.runit.services.restic-rest-server.environment.LISTEN_ADDR}']
-  '';
-
-  runit.services.prometheus = {
-    script = ''
-      TSDB_PATH=$HOME/services/prometheus
-      mkdir -p TSDB_PATH
-
-      exec ${pkgs.prometheus}/bin/prometheus \
-        --config.file=$HOME/.config/prometheus/prometheus.yml \
-        --storage.tsdb.path=$TSDB_PATH \
-        --web.listen-address="127.0.0.1:9090"
-    '';
-  };
-}
diff --git a/home/modules/runit/services/restic-rest-server.nix b/home/modules/runit/services/restic-rest-server.nix
deleted file mode 100644
index 0369adf..0000000
--- a/home/modules/runit/services/restic-rest-server.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ pkgs, ... }:
-
-{
-  runit.services.restic-rest-server = {
-    script = ''
-      DATA_DIR=$HOME/services/restic-rest-server
-      mkdir -p "$DATA_DIR"
-
-      exec ${pkgs.restic-rest-server}/bin/rest-server \
-        --listen "$LISTEN_ADDR" \
-        --log - \
-        --no-auth \
-        --path $DATA_DIR \
-        --prometheus --prometheus-no-auth
-    '';
-
-    environment = {
-      LISTEN_ADDR = "127.0.0.1:9000";
-    };
-  };
-}
diff --git a/secrets/gitcrypt/cloudflared/cb0d9c2c-48f9-4bca-9e81-ef92423c5afa.json b/secrets/gitcrypt/cloudflared/cb0d9c2c-48f9-4bca-9e81-ef92423c5afa.json
deleted file mode 100644
index 46cd7b1..0000000
Binary files a/secrets/gitcrypt/cloudflared/cb0d9c2c-48f9-4bca-9e81-ef92423c5afa.json and /dev/null differ
diff --git a/secrets/gitcrypt/cloudflared/cert.pem b/secrets/gitcrypt/cloudflared/cert.pem
deleted file mode 100644
index 230ea54..0000000
Binary files a/secrets/gitcrypt/cloudflared/cert.pem and /dev/null differ
diff --git a/secrets/gitcrypt/opengist.env b/secrets/gitcrypt/opengist.env
deleted file mode 100644
index 275e5fc..0000000
Binary files a/secrets/gitcrypt/opengist.env and /dev/null differ
diff --git a/shell.nix b/shell.nix
index 9df72f3..11a67f0 100644
--- a/shell.nix
+++ b/shell.nix
@@ -6,7 +6,6 @@ pkgs.mkShell {
     home-manager
     git
     sops
-    git-crypt
     just
     nh
   ];