diff --git a/README.md b/README.md
index 186f14a..ecf8a0a 100644
--- a/README.md
+++ b/README.md
@@ -63,17 +63,6 @@ This is exactly what we're doing to set the default deployment user to `colmena-
    ```
    This secret would then be available under `/run/secrets/forgejo_git_smtp_password` on the host.
 
-## Build NixOS Proxmox VE Template
-
-Build a new NixOS Proxmox VE Template for the thinkcccore's:
-```shell
-nix build .#proxmox-nixos-template
-```
-Build a new NixOS Proxmox VE Template for the chaosknoten:
-```shell
-nix build .#proxmox-chaosknoten-nixos-template
-```
-
 ## License
 
 This CCCHH nix-infra repository is licensed under the [MIT License](./LICENSE).
diff --git a/config/common/users.nix b/config/common/users.nix
index 026929b..59682c4 100644
--- a/config/common/users.nix
+++ b/config/common/users.nix
@@ -11,8 +11,8 @@
 let
   authorizedKeysRepo = pkgs.fetchgit {
     url = "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys";
-    rev = "686a6af22f6696f0c0595c56f463c078550049fc";
-    hash = "sha256-plTYjM6zPzoBE/dp6EUrk9mCqmab278p8FqBCTX8Grc=";
+    rev = "b6a29dc7af0a45a8c0b4904290c7cb0c5bc51413";
+    hash = "sha256-c0aH0wQeJtfXJG5wAbS6aO8yILLI1NNkFAHAeOm8RXA=";
   };
   authorizedKeys = builtins.filter (item: item != "") (lib.strings.splitString "\n" (builtins.readFile "${authorizedKeysRepo}/authorized_keys"));
 in
diff --git a/config/hosts/git/forgejo.nix b/config/hosts/git/forgejo.nix
index a57a37f..bb7099f 100644
--- a/config/hosts/git/forgejo.nix
+++ b/config/hosts/git/forgejo.nix
@@ -45,9 +45,6 @@
         DEFAULT_USER_VISIBILITY = "limited";
         DEFAULT_KEEP_EMAIL_PRIVATE = true;
         ENABLE_BASIC_AUTHENTICATION = false;
-        ENABLE_NOTIFY_MAIL = true;
-        AUTO_WATCH_NEW_REPOS = false;
-        AUTO_WATCH_ON_CHANGES = false;
       };
       repo = {
         DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
diff --git a/config/hosts/public-web-static/virtualHosts/c3cat.de.nix b/config/hosts/public-web-static/virtualHosts/c3cat.de.nix
index 91d3a40..f1ad527 100644
--- a/config/hosts/public-web-static/virtualHosts/c3cat.de.nix
+++ b/config/hosts/public-web-static/virtualHosts/c3cat.de.nix
@@ -1,19 +1,10 @@
 { pkgs, ... }:
 
-let
-  domain = "c3cat.de";
-  dataDir = "/var/www/${domain}";
-  deployUser = "c3cat-website-deploy";
-in {
-  security.acme.certs."${domain}".extraDomainNames = [ "www.${domain}" ];
-
+{
   services.nginx.virtualHosts = {
-    "acme-${domain}" = {
+    "acme-c3cat.de" = {
       enableACME = true;
-      serverName = "${domain}";
-      serverAliases = [
-        "www.${domain}"
-      ];
+      serverName = "c3cat.de";
 
       listen = [
         {
@@ -23,9 +14,9 @@ in {
       ];
     };
 
-    "$www.${domain}" = {
+    "c3cat.de" = {
       forceSSL = true;
-      useACMEHost = "${domain}";
+      useACMEHost = "c3cat.de";
 
       listen = [
         {
@@ -37,7 +28,7 @@ in {
       ];
 
       locations."/" = {
-        return = "302 https://c3cat.de$request_uri";
+        return = "302 https://wiki.hamburg.ccc.de/club:c3cat:start";
       };
 
       extraConfig = ''
@@ -51,45 +42,5 @@ in {
         real_ip_header proxy_protocol;
       '';
     };
-
-    "${domain}" = {
-      forceSSL = true;
-      useACMEHost = "${domain}";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
-        }
-      ];
-
-      root = "${dataDir}";
-
-      extraConfig = ''
-        # Make use of the ngx_http_realip_module to set the $remote_addr and
-        # $remote_port to the client address and client port, when using proxy
-        # protocol.
-        # First set our proxy protocol proxy as trusted.
-        set_real_ip_from 172.31.17.140;
-        # Then tell the realip_module to get the addreses from the proxy protocol
-        # header.
-        real_ip_header proxy_protocol;
-      '';
-    };
   };
-
-  systemd.tmpfiles.rules = [
-    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
-  ];
-
-  users.users."${deployUser}" = {
-    isNormalUser = true;
-    group = "${deployUser}";
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcZJzQO4RYinJm6YDUgCELe8OJA/DYOss+8xp7TtxM0 deploy key for c3cat.de"
-    ];
-  };
-  users.groups."${deployUser}" = { };
 }
diff --git a/config/hosts/public-web-static/virtualHosts/default.nix b/config/hosts/public-web-static/virtualHosts/default.nix
index c9d77ef..dac4fa4 100644
--- a/config/hosts/public-web-static/virtualHosts/default.nix
+++ b/config/hosts/public-web-static/virtualHosts/default.nix
@@ -9,7 +9,6 @@
     ./hackertours.hamburg.ccc.de.nix
     ./hamburg.ccc.de.nix
     ./spaceapi.hamburg.ccc.de.nix
-    ./staging.c3cat.de.nix
     ./staging.hacker.tours.nix
     ./staging.hackertours.hamburg.ccc.de.nix
     ./staging.hamburg.ccc.de.nix
diff --git a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix
index 1836f25..5f0792f 100644
--- a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix
+++ b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix
@@ -1,10 +1,10 @@
 { pkgs, ... }:
 
 let
-  elementWebVersion = "1.11.84";
+  elementWebVersion = "1.11.80";
   element-web = pkgs.fetchzip {
     url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
-    sha256 = "sha256-z2qaKKyUq2S/r3xUUU3ym0FgFbiQr6bcltuKvUMPbH4=";
+    sha256 = "sha256-sudWmNehxGsbZTNirTkoWQ/Bln1DC1CI30wocw9VoH8=";
   };
   elementSecurityHeaders = ''
     # Configuration best practices
diff --git a/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix b/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix
deleted file mode 100644
index c91d283..0000000
--- a/config/hosts/public-web-static/virtualHosts/staging.c3cat.de.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ pkgs, ... }:
-
-let
-  domain = "staging.c3cat.de";
-  dataDir = "/var/www/${domain}";
-  deployUser = "c3cat-website-deploy";
-in {
-  services.nginx.virtualHosts = {
-    "acme-${domain}" = {
-      enableACME = true;
-      serverName = "${domain}";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 31820;
-        }
-      ];
-    };
-
-    "${domain}" = {
-      forceSSL = true;
-      useACMEHost = "${domain}";
-
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
-        }
-      ];
-
-      root = "${dataDir}";
-
-      # Disallow *, since this is staging and doesn't need to be in any search
-      # results.
-      locations."/robots.txt" = {
-        return = "200 \"User-agent: *\\nDisallow: *\\n\"";
-      };
-
-      extraConfig = ''
-        # Make use of the ngx_http_realip_module to set the $remote_addr and
-        # $remote_port to the client address and client port, when using proxy
-        # protocol.
-        # First set our proxy protocol proxy as trusted.
-        set_real_ip_from 172.31.17.140;
-        # Then tell the realip_module to get the addreses from the proxy protocol
-        # header.
-        real_ip_header proxy_protocol;
-      '';
-    };
-  };
-
-  systemd.tmpfiles.rules = [
-    "d ${dataDir} 0755 ${deployUser} ${deployUser}"
-  ];
-
-  # c3cat deploy user already defined in c3cat.de.nix.
-}
diff --git a/flake.lock b/flake.lock
index 58d521b..24f50dd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -38,11 +38,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1731133565,
-        "narHash": "sha256-tCErjTdCUWK06LzkcvwUM+3pyrrmdf8e0VDBBTgqznE=",
+        "lastModified": 1730428893,
+        "narHash": "sha256-fLLUd2dO/Vnf96UDr8YPzerYi+n99l3S5yIUDnmcPBE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "11f65b4b0405cff5b54c813626bddcf5435d7ad2",
+        "rev": "38edd08881ce4dc24056eec173b43587a93c990f",
         "type": "github"
       },
       "original": {
@@ -54,11 +54,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1730602179,
-        "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
+        "lastModified": 1729973466,
+        "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
+        "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
         "type": "github"
       },
       "original": {
@@ -70,11 +70,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1731265036,
-        "narHash": "sha256-e5I+glVZwQvLT6WIeMFi0Mk+N/jkYauZ31ir2NRZcf8=",
+        "lastModified": 1730449684,
+        "narHash": "sha256-Hlv3rTPxnO+DpKRXw9yjzERLdk05h7+fEbZxWM2taCw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "8aed22ecd71e5b67e5299efae8b9dc580dec711c",
+        "rev": "ab464abbeb3a2833288c6e907488c49c2e599f88",
         "type": "github"
       },
       "original": {
@@ -100,11 +100,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1731213149,
-        "narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=",
+        "lastModified": 1729999681,
+        "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7",
+        "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
         "type": "github"
       },
       "original": {