diff --git a/common/nginx.nix b/common/nginx.nix
index 4bd8816..19b315b 100644
--- a/common/nginx.nix
+++ b/common/nginx.nix
@@ -9,11 +9,11 @@
 
     appendHttpConfig = ''
       add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
-      add_header Content-Security-Policy "default-src https: data: blob: 'unsafe-inline' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'none';" always;
+      add_header Content-Security-Policy "default-src https: data: 'unsafe-inline'; object-src 'none'; base-uri 'none';" always;
       add_header Referrer-Policy strict-origin-when-cross-origin;
       add_header X-Frame-Options SAMEORIGIN;
       add_header X-Content-Type-Options nosniff;
-      add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
+      add_header X-Clacks-Overhead "GNU Terry Pratchett";
       proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
     '';
   };
diff --git a/flake.lock b/flake.lock
index 859793f..e65e4f4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,24 +1,5 @@
 {
   "nodes": {
-    "actual": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1725392458,
-        "narHash": "sha256-sp1Ps5XBrIwDE0e2QOm2dJRRJ12aEWtJBhzohFwn+K4=",
-        "ref": "main",
-        "rev": "4cc6a8289f809ec4470eb01429aa6ed548349a56",
-        "revCount": 14,
-        "type": "git",
-        "url": "https://git.xeno.science/xenofem/actual-nix"
-      },
-      "original": {
-        "ref": "main",
-        "type": "git",
-        "url": "https://git.xeno.science/xenofem/actual-nix"
-      }
-    },
     "agenix": {
       "inputs": {
         "darwin": [],
@@ -156,16 +137,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1725103162,
-        "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
+        "lastModified": 1726969270,
+        "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
+        "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -186,22 +167,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1726969270,
-        "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nur": {
       "locked": {
         "lastModified": 1727141325,
@@ -258,12 +223,11 @@
     },
     "root": {
       "inputs": {
-        "actual": "actual",
         "agenix": "agenix",
         "birdsong": "birdsong",
         "colmena": "colmena",
         "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
         "nixpkgsSmall": "nixpkgsSmall",
         "nur": "nur",
         "plasma-manager": "plasma-manager",
diff --git a/flake.nix b/flake.nix
index fa2a9d7..61126be 100644
--- a/flake.nix
+++ b/flake.nix
@@ -33,11 +33,10 @@
       flake = false;
     };
 
-    actual.url = "git+https://git.xeno.science/xenofem/actual-nix?ref=main";
     birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main";
   };
 
-  outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: {
+  outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, birdsong, ... }: {
     nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes;
 
     # The name of this output type is not standardised. I have picked
@@ -83,7 +82,6 @@
           { nixpkgs.overlays = [ nur.overlay ]; }
           agenix.nixosModules.default
           birdsong.nixosModules.default
-          actual.nixosModules.default
           ./common
           ./services
           (builtins.toPath "${randomcat}/services/default.nix")
diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix
index e70bf1c..c76bd6b 100644
--- a/hosts/orm/default.nix
+++ b/hosts/orm/default.nix
@@ -21,15 +21,5 @@
     privateKeyFile = config.age.secrets.wireguard-peer-orm.path;
   };
 
-  randomcat.services.zfs.datasets = {
-    "rpool_orm/state" = { mountpoint = "none"; };
-    "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; };
-  };
-
-  qenya.services.actual = {
-    enable = true;
-    domain = "actual.qenya.tel";
-  };
-
   system.stateVersion = "23.11";
 }
diff --git a/services/actual.nix b/services/actual.nix
deleted file mode 100644
index c78e2ff..0000000
--- a/services/actual.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-  cfg = config.qenya.services.actual;
-in
-{
-  options.qenya.services.actual = {
-    enable = mkEnableOption "Actual";
-    domain = mkOption {
-      type = types.str;
-    };
-  };
-
-  config = mkIf cfg.enable {
-    services.nginx = {
-      enable = true;
-      virtualHosts = {
-        ${cfg.domain} = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/".proxyPass = "http://127.0.0.1:5006/";
-        };
-      };
-    };
-
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-    services.actual.enable = true;
-  };
-}
diff --git a/services/default.nix b/services/default.nix
index e31416b..fddd93c 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -1,6 +1,5 @@
 {
   imports = [
-    ./actual.nix
     ./forgejo.nix
     ./pipewire-low-latency.nix
   ];