diff --git a/flake.lock b/flake.lock
index a1cd1d3..ced1ca7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -27,27 +27,6 @@
         "type": "github"
       }
     },
-    "crowdsec": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1752497357,
-        "narHash": "sha256-9epXn1+T6U4Kfyw8B9zMzbERxDB3VfaPXhVebtai6CE=",
-        "ref": "refs/heads/main",
-        "rev": "84db7dcea77f7f477d79e69e35fb0bb560232667",
-        "revCount": 42,
-        "type": "git",
-        "url": "https://codeberg.org/kampka/nix-flake-crowdsec.git"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://codeberg.org/kampka/nix-flake-crowdsec.git"
-      }
-    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -69,23 +48,6 @@
         "type": "github"
       }
     },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "id": "flake-utils",
-        "type": "indirect"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -238,7 +200,6 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
-        "crowdsec": "crowdsec",
         "home-manager": "home-manager",
         "nix-darwin": "nix-darwin",
         "nixpkgs": "nixpkgs",
@@ -286,21 +247,6 @@
         "repo": "default",
         "type": "github"
       }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index a5b90d9..c792d2b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -30,10 +30,6 @@
     };
 
     # Linux-specific inputs
-    crowdsec = {
-      url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
     plasma-manager = {
       url = "github:nix-community/plasma-manager";
       inputs = {
@@ -51,8 +47,8 @@
   };
 
   outputs = { self, nix-darwin, nixpkgs, nixpkgs-darwin, nixpkgs-unstable
-    , home-manager, agenix, rycee-nurpkgs, nur, crowdsec, plasma-manager
-    , quadlet-nix, ... }:
+    , home-manager, agenix, rycee-nurpkgs, nur, plasma-manager, quadlet-nix, ...
+    }:
     let
       mkHomeConfiguration = { hostname, arch ? "x86_64", os ? "linux"
         , desktop ? false, extraModules ? [ ] }:
@@ -146,9 +142,6 @@
             ./systems/linux/mcentire.nix
             agenix.nixosModules.default
             quadlet-nix.nixosModules.quadlet
-            crowdsec.nixosModules.crowdsec
-            crowdsec.nixosModules.crowdsec-firewall-bouncer
-            { nixpkgs.overlays = [ crowdsec.overlays.default ]; }
           ];
         };
       };
diff --git a/secrets.nix b/secrets.nix
index 3b3ede4..cb1d980 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -4,6 +4,8 @@ let
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8G6okW/vpl3DTBwL64aPb+oxJsr2Wl6KzHYsLPecBc millironx@millironx.com";
   bosephus-host =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIxTfeg+GZsfmG8TuEV1xW1gXknAIKzZ3UjZ3guRY+EW root@nixos";
+  bosephus-root =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFFl4zOdlKkpoccPZTX8195068gJVhylvV9pUYxy2kM+ root@bosephus";
   bosephus-millironx =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKaDPqRJHoqgY2pseh/mnhjaGWXprHk2s5I52LhHpHcF millironx@bosephus";
   odyssey-millironx =
@@ -15,6 +17,7 @@ let
 
   system-administrators = [
     anderson-millironx
+    bosephus-root
     bosephus-millironx
     odyssey-millironx
     corianne-millironx
diff --git a/secrets/ansible-vault-password.age b/secrets/ansible-vault-password.age
index 99a96bc..d0be48c 100644
--- a/secrets/ansible-vault-password.age
+++ b/secrets/ansible-vault-password.age
@@ -1,13 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 il3lzQ Ni2CHjeijXHfF62cUqVTm8MAOn6rRg8UrhqN6xvdkyk
-DsT0Ysx88FlCLeRzoOGctX7KqatX9/UCr5WdtdLJAf4
--> ssh-ed25519 1g/xww jRn91F29sISMyi41anAlzVCzt1t1DnUqxtryqkTQPlM
-cysgZLQR0YhiJYXBl59DjKbm+N8FnjA46wkQtnAzBFA
--> ssh-ed25519 +kBihw t6wlSnDKGgSzGhNJnryXVbDR40DATaV3fHovtI/u7zo
-zOyCZtzfLKeer9K6SMpfTxn6El4HB7gQFQqLOxIYB5U
--> ssh-ed25519 dbKeHw cn+8WTwis58bYm2pfEra6LeLvzEZ8GhZrOEeN+kkhCM
-fnlUAj8JtG8+r7Cj8xYUgF+JM6Pwqawn4sGI1LOeN78
--> ssh-ed25519 Svnssw zmDBR8TdRZ9NzNhwPYRN6c8naTxAkULyUZpKgk7Gshk
-0XCwpegEIlGXhnzLLUtmciKQiYiZRgnSOSvCcYeXXk8
---- D/lZ36n5sVste2NWfdOx8/klPh0CTmMjVQN74KIqDRY
-]%“¾ÇC}ˆNí›êOÈÓ"vÎÈ#òË±ªç×¢t­¤Ü_Q;^*!»+<+±àîŽŒÈdB×/KÒýÉ`
\ No newline at end of file
+-> ssh-ed25519 il3lzQ oDA/rl4XZJY+vIIdnMBaAuSMD+DnMX2n6+B3geHw/1Q
+Jpv2pN6KwJAHgwWBbAAgmGVrZeO+wLmuwFRpJLsUDcU
+-> ssh-ed25519 bN6E9A jKvJPR87Eojde1aq2FFxRj+cxy+0S7Eix5JwRPRpX34
+48eC+KdOBcIGU0y2ui4iq+g8K9SG7qc3U60ApLU+w+Q
+-> ssh-ed25519 1g/xww UiK5nDMJg+tTc7zdE5zlEXmoBPE5dV2EpHxvhWBENmU
+ljQEJ+tiZPdFrpiZER5EOIsdnhpj05EKryhzm0vM3LU
+-> ssh-ed25519 +kBihw ZIcwOBbRMJ8jiu9Vcq8BvGyOT1xuqG+Mf/DXUHMeCAA
+wlXcO4kQpHmka49CARH0xvm/Lh0AcQ1j/bPx12wZVBY
+-> ssh-ed25519 dbKeHw +G44jyudYu9opDuMcTs05j5Ha91m9lm5g551uIAACEk
+9DXJxDc2L3PDCAi3cLfVajqPseaxmBpb+Uo3AW2R05I
+-> ssh-ed25519 Svnssw PZN+FpZsFnCqerEgW7B4RFHo7iumlUXL4pYt54/XxjM
+bKrgyqBpIMnntB0CHA560TvraQE9bPF06oOXR+wocIA
+--- RW8fUuT62TXXKS8k8MgKISzwORr/3hEl0XK2XSZFzpA
+W:ÙÍðiZS¶Öì‡ÓÞtó±ƒhÍðÕž0JßEg¾õÚPTá#8™²‡ì¹Žõ‘-‡“'€È°L8k­pØ
\ No newline at end of file
diff --git a/secrets/darwin-policies-json.age b/secrets/darwin-policies-json.age
index 9fa2d2b..e1a202f 100644
Binary files a/secrets/darwin-policies-json.age and b/secrets/darwin-policies-json.age differ
diff --git a/secrets/network-information.age b/secrets/network-information.age
index 0de69b7..66c199c 100644
Binary files a/secrets/network-information.age and b/secrets/network-information.age differ
diff --git a/secrets/pihole.age b/secrets/pihole.age
index babead9..e7f0c78 100644
Binary files a/secrets/pihole.age and b/secrets/pihole.age differ
diff --git a/services/crowdsec.nix b/services/crowdsec.nix
deleted file mode 100644
index f7e2e5a..0000000
--- a/services/crowdsec.nix
+++ /dev/null
@@ -1,90 +0,0 @@
-{ pkgs, config, ... }:
-let
-  crowdsec-url = "127.0.0.1:2763";
-  firewall-bouncer-name = "fw-bouncer";
-  # Although this key can be reproduced by anyone who actually cares to, the
-  # Crowdsec API will not be exposed to the outside world, so keeping this key
-  # super secret really isn't that important to me. Still make it look random
-  # so that hungry botnets can't just slurp up the password in plaintext.
-  firewall-bouncer-key = builtins.hashString "sha256"
-    "${config.networking.hostName}-crowdsec-bouncer-salt";
-  toMultiYAML = items:
-    pkgs.lib.concatMapStrings (item:
-      ''
-
-        ---
-      '' + (pkgs.lib.generators.toYAML { } item) + "\n") items;
-in {
-  services = {
-    crowdsec = {
-      enable = true;
-      settings = {
-        api.server = { listen_uri = crowdsec-url; };
-        allowLocalJournalAccess = true;
-        crowdsec_service.acquisition_path = pkgs.writeText "acquisitions.yaml"
-          (toMultiYAML [
-            {
-              source = "journalctl";
-              journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
-              labels.type = "syslog";
-            }
-            {
-              filenames = [ "/var/log/auth.log" ];
-              labels.type = "syslog";
-            }
-            {
-              filenames = [ "/var/log/syslog" "/var/log/kern.log" ];
-              labels.type = "syslog";
-            }
-          ]);
-      };
-    };
-    crowdsec-firewall-bouncer = {
-      enable = true;
-      settings = {
-        api_url = firewall-bouncer-name;
-        api_key = firewall-bouncer-key;
-      };
-    };
-  };
-
-  systemd.services.crowdsec.serviceConfig = {
-    ExecStartPre = let
-      bouncer-script = pkgs.writeScriptBin "register-bouncer" ''
-        #!${pkgs.runtimeShell}
-        set -eu
-        set -o pipefail
-
-        if ! cscli bouncers list | grep -q "${firewall-bouncer-name}"; then
-          cscli bouncers add "${firewall-bouncer-name}" --key "${firewall-bouncer-key}"
-        fi
-      '';
-      collection-check = collection: ''
-
-        if ! cscli collections list | grep -q "${collection}"; then
-          cscli collections install "${collection}"
-        fi
-
-      '';
-      collections = [
-        "crowdsecurity/base-http-scenarios"
-        "crowdsecurity/http-cve"
-        "crowdsecurity/http-dos"
-        "crowdsecurity/iptables"
-        "crowdsecurity/linux"
-        "crowdsecurity/sshd"
-        "crowdsecurity/whitelist-good-actors"
-      ];
-      collection-script = pkgs.writeScriptBin "install-collections" ''
-        #!${pkgs.runtimeShell}
-        set -eu
-        set -o pipefail
-
-        ${pkgs.lib.concatMapStrings collection-check collections}
-      '';
-    in [
-      "${bouncer-script}/bin/register-bouncer"
-      "${collection-script}/bin/install-collections"
-    ];
-  };
-}
diff --git a/systems/linux/mcentire.nix b/systems/linux/mcentire.nix
index 07135d1..6ee0ae4 100644
--- a/systems/linux/mcentire.nix
+++ b/systems/linux/mcentire.nix
@@ -4,7 +4,6 @@
   imports = [ # Include the results of the hardware scan.
     ./hardware-configuration/mcentire.nix
     ./../../services/nixos-update.nix
-    ./../../services/crowdsec.nix
   ];
 
   # Use the GRUB 2 boot loader.