diff --git a/config/hosts/matrix/mas.nix b/config/hosts/matrix/mas.nix
index 0b8c98a..4fd4963 100644
--- a/config/hosts/matrix/mas.nix
+++ b/config/hosts/matrix/mas.nix
@@ -33,17 +33,6 @@ let
           }];
           proxy_protocol = false;
         }
-        {
-          name = "admin";
-          resources = [{
-            name = "adminapi";
-          }];
-          binds = [{
-            host = "localhost";
-            port = 8082;
-          }];
-          proxy_protocol = false;
-        }
       ];
       trusted_proxies = [
         "127.0.0.1/8"
diff --git a/config/hosts/matrix/nginx.nix b/config/hosts/matrix/nginx.nix
index 5a4f716..bb7883b 100644
--- a/config/hosts/matrix/nginx.nix
+++ b/config/hosts/matrix/nginx.nix
@@ -65,24 +65,6 @@
         '';
       };
 
-      locations."~ ^/_synapse/admin" = {
-        # Only proxy to the local host on IPv4, because localhost doesn't seem to work
-        # even if matrix-synapse is listening on ::1 as well.
-        proxyPass = "http://127.0.0.1:8008";
-        extraConfig = ''
-          # Restrict access to admin API.
-          allow 185.161.129.132/32; # z9
-          allow 2a07:c480:0:100::/56; # z9
-          allow 2a07:c481:1::/48; # z9 new ipv6
-          allow 213.240.180.39/32; # stbe home
-          allow 2a01:170:118b::1/64; # stbe home
-          deny all;
-          # Nginx by default only allows file uploads up to 1M in size
-          # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
-          client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
-        '';
-      };
-
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy
@@ -112,19 +94,6 @@
         proxyPass = "http://localhost:8080";
       };
 
-      locations."~ ^/api/admin" = {
-        proxyPass = "http://localhost:8082";
-        extraConfig = ''
-          # Restrict access to admin API.
-          allow 185.161.129.132/32; # z9
-          allow 2a07:c480:0:100::/56; # z9
-          allow 2a07:c481:1::/48; # z9 new ipv6
-          allow 213.240.180.39/32; # stbe home
-          allow 2a01:170:118b::1/64; # stbe home
-          deny all;
-        '';
-      };
-
       extraConfig = ''
         # Make use of the ngx_http_realip_module to set the $remote_addr and
         # $remote_port to the client address and client port, when using proxy
diff --git a/config/hosts/public-web-static/virtualHosts/default.nix b/config/hosts/public-web-static/virtualHosts/default.nix
index 793829a..59e69e6 100644
--- a/config/hosts/public-web-static/virtualHosts/default.nix
+++ b/config/hosts/public-web-static/virtualHosts/default.nix
@@ -5,7 +5,6 @@
     ./branding-resources.hamburg.ccc.de.nix
     ./c3cat.de.nix
     ./cryptoparty-hamburg.de.nix
-    ./element-admin.hamburg.ccc.de.nix
     ./element.hamburg.ccc.de.nix
     ./hacker.tours.nix
     ./hackertours.hamburg.ccc.de.nix
diff --git a/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix
deleted file mode 100644
index 2bf56de..0000000
--- a/config/hosts/public-web-static/virtualHosts/element-admin.hamburg.ccc.de.nix
+++ /dev/null
@@ -1,115 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  elementAdminVersion = "0.1.4";
-  elementAdmin = pkgs.stdenv.mkDerivation (finalAttrs: {
-    pname = "element-admin";
-    version = elementAdminVersion;
-
-    src = pkgs.fetchzip {
-      url = "https://github.com/element-hq/element-admin/archive/refs/tags/v${elementAdminVersion}.zip";
-      sha256 = "sha256-dTHE0rg7W0k4e12s3v8yD/rBOYpIEqNN1VV4P3KtpQs=";
-    };
-
-    nativeBuildInputs = [
-      pkgs.nodejs
-      pkgs.pnpm.configHook
-    ];
-
-    pnpmDeps = pkgs.pnpm.fetchDeps {
-      inherit (finalAttrs) pname version src;
-      fetcherVersion = 2;
-      hash = "sha256-YBSZIHNffS3Um0imYNmX9c1q193rphr+8lQ4tp7AcXw=";
-    };
-
-    buildPhase = ''
-      pnpm build
-    '';
-
-    installPhase = ''
-      cp -a dist $out
-    '';
-  });
-in
-{
-  services.nginx = {
-    enable = true;
-
-    virtualHosts."acme-element-admin.hamburg.ccc.de" = {
-      enableACME = true;
-      serverName = "element-admin.hamburg.ccc.de";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 31820;
-        }
-      ];
-    };
-
-    virtualHosts."element-admin.hamburg.ccc.de" = {
-      forceSSL = true;
-      useACMEHost = "element-admin.hamburg.ccc.de";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
-        }
-      ];
-
-      root = elementAdmin;
-
-      locations."/assets" = {
-        extraConfig = ''
-          expires 1y;
-          add_header Cache-Control "public, max-age=31536000, immutable";
-          # Security headers.
-          add_header X-Frame-Options "DENY" always;
-          add_header X-XSS-Protection "1; mode=block" always;
-          add_header X-Content-Type-Options "nosniff" always;
-          add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-          add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; connect-src *; object-src 'none'; media-src 'self'; child-src 'none'; worker-src 'self'; manifest-src 'self';" always;
-          add_header Permissions-Policy "geolocation=(), camera=(), microphone=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()" always;
-        '';
-      };
-
-      locations."/" = {
-        index = "/index.html";
-        tryFiles = "$uri $uri/ /";
-        extraConfig = ''
-          # Security headers.
-          add_header X-Frame-Options "DENY" always;
-          add_header X-XSS-Protection "1; mode=block" always;
-          add_header X-Content-Type-Options "nosniff" always;
-          add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-          add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; connect-src *; object-src 'none'; media-src 'self'; child-src 'none'; worker-src 'self'; manifest-src 'self';" always;
-          add_header Permissions-Policy "geolocation=(), camera=(), microphone=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()" always;
-        '';
-      };
-
-      extraConfig = ''
-        # Security headers.
-        add_header X-Frame-Options "DENY" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; connect-src *; object-src 'none'; media-src 'self'; child-src 'none'; worker-src 'self'; manifest-src 'self';" always;
-        add_header Permissions-Policy "geolocation=(), camera=(), microphone=(), payment=(), usb=(), magnetometer=(), accelerometer=(), gyroscope=()" always;
-
-        # Make use of the ngx_http_realip_module to set the $remote_addr and
-        # $remote_port to the client address and client port, when using proxy
-        # protocol.
-        # First set our proxy protocol proxy as trusted.
-        set_real_ip_from 172.31.17.140;
-        # Then tell the realip_module to get the addreses from the proxy protocol
-        # header.
-        real_ip_header proxy_protocol;
-      '';
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8443 31820 ];
-}