diff --git a/resources/chaosknoten/router/nftables/nftables.conf b/resources/chaosknoten/router/nftables/nftables.conf
index 3375bfb..6d04a4c 100644
--- a/resources/chaosknoten/router/nftables/nftables.conf
+++ b/resources/chaosknoten/router/nftables/nftables.conf
@@ -45,7 +45,7 @@ table inet host {
         tcp dport 22 accept comment "allow ssh access"
 
         # Allow DHCP server access.
-		iifname { $if_net0_2_v4_nat, $if_net0_3_ci_runner } udp dport 67 accept comment "allow dhcp server access"
+		iifname $if_net0_3_ci_runner udp dport 67 accept comment "allow dhcp server access"
     }
 }
 
diff --git a/resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network b/resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network
index b15259d..c7fd9a7 100644
--- a/resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network
+++ b/resources/chaosknoten/router/systemd_networkd/21-net0.2-v4_nat.network
@@ -11,12 +11,6 @@ Description=v4-NAT
 # Masquerading done in nftables (nftables.conf).
 IPv6SendRA=yes
 
-DHCPServer=true
-
-[DHCPServer]
-PoolOffset=100
-PoolSize=150
-
 [Address]
 Address=10.32.2.1/24
 
diff --git a/roles/base_config/tasks/main.yaml b/roles/base_config/tasks/main.yaml
deleted file mode 100644
index cd8affd..0000000
--- a/roles/base_config/tasks/main.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-# Ensure the ssh module is disabled, so a cloud-init config change doesn't regenerate the host keys for no reason.
-- name: check if cloud-init config file exists
-  ansible.builtin.stat:
-    path: /etc/cloud/cloud.cfg
-  register: base_config__stat_cloud_cfg
-
-- name: ensure the cloud-init ssh module is disabled
-  ansible.builtin.replace:
-    path: /etc/cloud/cloud.cfg
-    regexp: " - ssh$"
-    replace: " #- ssh"
-  become: true
-  when: base_config__stat_cloud_cfg.stat.exists