diff --git a/nixos/machines/zazu/apu2c4.nix b/nixos/machines/zazu/apu2c4.nix
deleted file mode 100644
index 957051e..0000000
--- a/nixos/machines/zazu/apu2c4.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-# Do not modify this file!  It was generated by â€˜nixos-generate-configâ€™
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/1396f814-6cc2-4988-992a-3558fa1ac5a2";
-    fsType = "ext4";
-  };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/5f8f358d-f63c-48ad-a322-d1aeb403e4ff"; }];
-
-  nix.settings.max-jobs = lib.mkDefault 4;
-}
diff --git a/nixos/machines/zazu/default.nix b/nixos/machines/zazu/default.nix
deleted file mode 100644
index 71df825..0000000
--- a/nixos/machines/zazu/default.nix
+++ /dev/null
@@ -1,237 +0,0 @@
-# Edit this configuration file to define what should be installed on your system.  Help is available in the configuration.nix(5) man page and in the NixOS manual (accessible by running â€˜nixos-helpâ€™).
-{ config, lib, pkgs, inputs, modulesPath, ... }:
-
-{
-  imports = [ # Include the results of the hardware scan.
-    ./apu2c4.nix
-    #<yori-nix/roles/homeserver.nix>
-    ../../roles
-    inputs.nixos-hardware.nixosModules.pcengines-apu
-    "${modulesPath}/profiles/minimal.nix"
-  ];
-
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
-  boot.kernel.sysctl = {
-    "net.ipv6.conf.all.forwarding" = true;
-    "net.ipv6.conf.enp1s0.accept_ra" = 2;
-  };
-  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-  # Per-interface useDHCP will be mandatory in the future, so this generated config
-  # replicates the default behaviour.
-  networking.useDHCP = false;
-  networking.interfaces.enp1s0 = {
-    useDHCP = true;
-    tempAddress = "disabled";
-  };
-  #networking.interfaces.enp2s0.useDHCP = false;
-  networking.interfaces.enp3s0.useDHCP = false;
-  networking.interfaces.enp2s0 = {
-    tempAddress = "disabled";
-    ipv4.addresses = [{
-      address = "192.168.178.1";
-      prefixLength = 24;
-    }];
-    useDHCP = true;
-  };
-  # systemd.services.network-link-br0.unitConfig.After = lib.mkForce [ "network-pre.target" "br0-netdev.service" ];
-  # systemd.services.network-link-br0.unitConfig.BindsTo = lib.mkForce [ "br0-netdev.service" ];
-  networking.nat = {
-    enable = true;
-    externalInterface = "dslite1";
-    internalIPs = [ "192.168.178.1/24" ];
-  };
-  networking.defaultGateway = {
-    address = "192.0.0.1";
-    interface = "dslite1";
-  };
-  systemd.services.dslite1-netdev = {
-    wantedBy =
-      [ "network-setup.service" "sys-subsystem-net-devices-dslite1.device" ];
-    bindsTo = [ ];
-    partOf = [ "network-setup.service" ];
-    after = [
-      "network-pre.target"
-      "network-addresses-enp1s0.service"
-      "network-link-enp1s0.service"
-    ];
-    before = [ "network-setup.service" ];
-    path = [ pkgs.iproute2 ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-    };
-    script = ''
-      ip tunnel add dslite1 mode ip4ip6 local 2a02:a212:2200:4c00:20d:b9ff:fe56:ba04 remote 2001:730:2000:2::31 encaplimit none
-      ip link set dslite1 up
-    '';
-    postStop = ''
-      ip link del dslite1 || true
-    '';
-  };
-  networking.interfaces.dslite1 = {
-    mtu = 1452; # todo: ipv6 fragmenting?
-    ipv4.addresses = [{
-      address = "192.0.0.2";
-      prefixLength = 24;
-    }];
-  };
-  # networking.bridges = {
-  #   br0.interfaces = [ "enp2s0" "enp3s0" ];
-  # };
-  networking.dhcpcd.persistent = true;
-  # request prefix delegation
-  networking.dhcpcd.extraConfig = ''
-    noipv6rs
-    ipv6only
-    interface enp1s0
-    ipv6rs
-    iaid 1
-    ia_pd 1/::/60 enp2s0/0/64
-  '';
-  services.dnsmasq = {
-    enable = true;
-    servers = [ "8.8.8.8" "1.1.1.1" ];
-  };
-  services.dhcpd4 = {
-    interfaces = [ "enp2s0" ];
-    enable = true;
-    machines = [
-      {
-        hostName = "amateria";
-        ethernetAddress = "a8:a1:59:15:8b:63";
-        ipAddress = "192.168.178.42";
-      }
-      {
-        hostName = "blackadder";
-        ethernetAddress = "a8:a1:59:03:8a:75";
-        ipAddress = "192.168.178.33";
-      }
-      {
-        hostName = "frumar";
-        ethernetAddress = "bc:5f:f4:e8:42:9f";
-        ipAddress = "192.168.178.37";
-      }
-      {
-        hostName = "jarvis";
-        ethernetAddress = "18:1d:ea:35:13:58";
-        ipAddress = "192.168.178.34";
-      }
-      {
-        hostName = "jarvis-dock";
-        ethernetAddress = "64:4b:f0:10:05:f2";
-        ipAddress = "192.168.178.13";
-      }
-      {
-        hostName = "printer";
-        ethernetAddress = "30:05:5c:44:20:a7";
-        ipAddress = "192.168.178.26";
-      }
-      {
-        hostName = "raspberrypi";
-        ethernetAddress = "b8:27:eb:b9:ec:3a";
-        ipAddress = "192.168.178.21";
-      }
-      {
-        hostName = "smartMeter";
-        ethernetAddress = "5c:cf:7f:26:ca:91";
-        ipAddress = "192.168.178.30";
-      }
-      {
-        hostName = "gang-ap";
-        ethernetAddress = "b4:fb:e4:2d:fc:f3";
-        ipAddress = "192.168.178.32";
-      }
-    ];
-    extraConfig = ''
-      subnet 192.168.178.0 netmask 255.255.255.0 {
-        option subnet-mask 255.255.255.0;
-        option broadcast-address 192.168.178.255;
-        option routers 192.168.178.1;
-        option domain-name-servers 192.168.178.1;
-        range 192.168.178.3 192.168.178.200;
-      }
-    '';
-  };
-  services.radvd = {
-    enable = true;
-    config = ''
-      interface enp2s0 {
-        AdvSendAdvert on;
-        prefix 2a02:a212:2200:4c70::/64 {
-          AdvOnLink on;
-          AdvAutonomous on;
-        };
-      };
-    '';
-  };
-  networking.firewall.allowedUDPPorts = [ 53 ];
-  networking.firewall.allowedTCPPorts = [ 53 ];
-
-  services.fstrim.enable = true;
-
-  # Select internationalisation properties.
-  # i18n = {
-  #   consoleFont = "Lat2-Terminus16";
-  #   consoleKeyMap = "us";
-  #   defaultLocale = "en_US.UTF-8";
-  # };
-
-  # Set your time zone.
-  time.timeZone = "Europe/Amsterdam";
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  # environment.systemPackages = with pkgs; [
-  #   wget vim
-  # ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  #   pinentryFlavor = "gnome3";
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Enable CUPS to print documents.
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. Itâ€˜s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
-  services.udisks2.enable = false;
-  boot.supportedFilesystems = lib.mkForce [ "ext4" ];
-  boot.initrd.supportedFilesystems = lib.mkForce [ "ext4" ];
-  security.polkit.enable = false;
-  nixpkgs.overlays = [
-    (self: super: {
-      dhcpcd = super.dhcpcd.overrideAttrs (o: rec {
-        pname = "dhcpcd";
-        version = "8.1.9";
-        src = self.fetchurl {
-          url = "mirror://roy/${pname}/${pname}-${version}.tar.xz";
-          sha256 = "1kzv61bgrd0zwiy6r218zkccx36j9p5mz1gxqvbhg05xn9g50alf";
-        };
-        patches = [ ];
-      });
-    })
-  ];
-}
diff --git a/nixos/overlay.nix b/nixos/overlay.nix
index b4aeeb0..02a66b6 100644
--- a/nixos/overlay.nix
+++ b/nixos/overlay.nix
@@ -1,4 +1,4 @@
-let names = [ "pennyworth" "jarvis" "blackadder" "frumar" "zazu" "smithers" ];
+let names = [ "pennyworth" "jarvis" "blackadder" "frumar" "smithers" ];
 in pkgs: super: {
   yorick = (super.yorick or { }) // rec {
     nixos = configuration: extraArgs:
diff --git a/nixos/vpn.nix b/nixos/vpn.nix
index 197b3be..d1d976a 100644
--- a/nixos/vpn.nix
+++ b/nixos/vpn.nix
@@ -4,7 +4,6 @@
     jarvis = "10.209.0.2";
     frumar = "10.209.0.3";
     blackadder = "10.209.0.6";
-    zazu = "10.209.0.7";
     smithers = "10.209.0.8";
   };
   keys = {
@@ -13,7 +12,6 @@
     frumar = "UpFw4KmrvmOWdMOJ+LHvMzgN7cQMnasqlkzF8/apoGI=";
     jarvis = "2/Qaq5uiy8uGGnZLIfjeomL47XjZCsJ1dDFDD9Nlq3E=";
     pennyworth = "XoeUMsiSOWBFEFuAu+S4iQd3MzkyGhIj9dtxzZ0I500=";
-    zazu = "6X5EdNMO1MtFi18LCRGZ2cBD0d50Wq+pwkwVubjY1Ew=";
     smithers = "CXsx26Xi+mBeuB6U8hdeuOBC3o4gTnBc6biez/BCqzM=";
   };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5272299..b81407f 100644
Binary files a/secrets/secrets.nix and b/secrets/secrets.nix differ
diff --git a/secrets/wg.zazu.age b/secrets/wg.zazu.age
deleted file mode 100644
index 97a9b1d..0000000
--- a/secrets/wg.zazu.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> X25519 eORjizW1ee6FYqEQqTa5uuN/+2pTczTSjdmfUNn/tDc
-CKLNuNxkorS/hgGNGgdagJFUMWrrV33MxAFEEDwxM5c
--> ssh-ed25519 5WyvFg eRI44sQ73aOgg7ifbPwHN55Rr9tfY73jm2SpRzngX10
-ioYtOQzjWSGFZa/uJg2PPfyjXKJuUCUTrLFbWROENH8
--> n>fQw<k[-grease H01`o(l(
-4fmi7YLYpd+EoRjQNCPMgAo
---- 8maSKzEcu0uFAZKPJjlGh5LwgzfQptd5HKGpABUpgEA
-Z·QÒéW¾þÚ,6+‡@¶`Uëjë·oÂpF|	ƒí?uµPuíŸ(­ŽÑˆÖ¤ô¡ xßöm}Ô—ŸI1ùi³¬UõÔÒ¤ÁEnëG
\ No newline at end of file