diff --git a/.sops.yaml b/.sops.yaml
index c498892..5440fce 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -3,7 +3,7 @@ keys:
   - &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
   - &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
   - &host_sarek age1yjc08ykd5d687p9tmn6mpsna3azryreuuz6akj2p0dtft9xqq5lsuamljk
-  - &host_janeway age1sjk38fy5dk2nn0q0rmxuvr9uw3ttgz7mq4632f8jllzqryft0y3s46j65k
+  - &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
 
 creation_rules:
   # Global secrets
@@ -21,16 +21,15 @@ creation_rules:
       - *user_felixalb_old
       - *user_felixalb
 
+  - path_regex: secrets/defiant/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *host_defiant
+      - *user_felixalb
+
   - path_regex: secrets/sarek/[^/]+\.yaml$
     key_groups:
     - age:
       - *host_sarek
       - *user_felixalb_old
       - *user_felixalb
-
-  - path_regex: secrets/janeway/[^/]+\.yaml$
-    key_groups:
-    - age:
-      - *host_janeway
-      - *user_felixalb_old
-      - *user_felixalb
diff --git a/flake.nix b/flake.nix
index 62c27ea..d05abf1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -66,6 +66,7 @@
 
             ./hosts/defiant/configuration.nix
             sops-nix.nixosModules.sops
+            matrix-synapse-next.nixosModules.default
             home-manager.nixosModules.home-manager {
               home-manager.useGlobalPkgs = true;
               home-manager.useUserPackages = true;
@@ -109,20 +110,6 @@
             }
           ];
         };
-        janeway = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          specialArgs = {
-            inherit inputs;
-          };
-          modules = [
-            # Overlays-module makes "pkgs.unstable" available in configuration.nix
-            ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
-
-            ./hosts/janeway/configuration.nix
-            sops-nix.nixosModules.sops
-            matrix-synapse-next.nixosModules.default
-          ];
-        };
         redshirt = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
           specialArgs = {
diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix
index 9e6548d..2be9052 100644
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -6,6 +6,10 @@
       ../../base.nix
       ../../common/metrics-exporters.nix
       ./hardware-configuration.nix
+
+      ./services/postgresql.nix
+      ./services/nginx.nix
+      ./services/matrix-synapse.nix
   ];
 
   networking = {
@@ -13,13 +17,13 @@
     defaultGateway = "192.168.10.1";
     interfaces.enp3s0.ipv4 = {
       addresses = [
-      { address = "192.168.10.175"; prefixLength = 24; }
+        { address = "192.168.10.175"; prefixLength = 24; } # Main IP for defiant, internal
       ];
     };
     hostId = "8e84f235";
   };
 
-  # sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
+  sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
 
   environment.variables = { EDITOR = "vim"; };
   environment.systemPackages = with pkgs; [
diff --git a/hosts/janeway/services/matrix-synapse.nix b/hosts/defiant/services/matrix-synapse.nix
similarity index 92%
rename from hosts/janeway/services/matrix-synapse.nix
rename to hosts/defiant/services/matrix-synapse.nix
index 61897af..f534cff 100644
--- a/hosts/janeway/services/matrix-synapse.nix
+++ b/hosts/defiant/services/matrix-synapse.nix
@@ -73,11 +73,12 @@
   };
 
   services.redis.servers."".enable = true;
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
 
   services.nginx.virtualHosts."matrix.feal.no" = {
-    enableACME = lib.mkForce false;
-    forceSSL = lib.mkForce false;
+    listen = [
+      { addr = "192.168.10.175"; port = 43443; ssl = true; }
+      { addr = "192.168.10.175"; port = 43080; ssl = false; }
+    ];
   };
 
 }
diff --git a/hosts/defiant/services/nginx.nix b/hosts/defiant/services/nginx.nix
new file mode 100644
index 0000000..8ef3566
--- /dev/null
+++ b/hosts/defiant/services/nginx.nix
@@ -0,0 +1,30 @@
+{ config, values, ... }:
+{
+  services.nginx = {
+    enable = true;
+    enableReload = true;
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+
+    defaultListen = [
+      {
+        addr = "192.168.10.175";
+        port = "80";
+        ssl = false;
+      }
+    ];
+  };
+
+  networking.firewall.allowedTCPPorts = [
+       80   443 # Internal / Default
+    43080 43443 # External / Publicly exposed
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "felix@albrigtsen.it";
+  };
+}
diff --git a/hosts/janeway/services/postgresql.nix b/hosts/defiant/services/postgresql.nix
similarity index 100%
rename from hosts/janeway/services/postgresql.nix
rename to hosts/defiant/services/postgresql.nix
diff --git a/hosts/janeway/configuration.nix b/hosts/janeway/configuration.nix
deleted file mode 100644
index 60c35f0..0000000
--- a/hosts/janeway/configuration.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, pkgs, lib, modulesPath, ... }:
-
-{
-  imports =
-    [
-      (modulesPath + "/virtualisation/proxmox-lxc.nix")
-      ../../base.nix
-      ../../common/metrics-exporters.nix
-
-      ./services/nginx.nix
-      ./services/postgresql.nix
-      ./services/matrix-synapse.nix
-  ];
-
-  # Boot and console is handled by proxmoxLXC.
-  boot.loader.systemd-boot.enable = lib.mkForce false; # Enabled in base.nix, forced off here.
-
-  # Override proxmox networking
-  proxmoxLXC.manageNetwork = true;
-  networking = {
-    hostName = "janeway";
-    defaultGateway = "192.168.10.1";
-    interfaces."eth0".ipv4 = {
-      addresses = [
-        { address = "192.168.10.183"; prefixLength = 24; }
-      ];
-    };
-    hostId = "bed956ff";
-  };
-
-  environment.systemPackages = with pkgs; [
-    vim
-    bottom
-  ];
-
-  sops.defaultSopsFile = ../../secrets/janeway/janeway.yaml;
-
-  system.stateVersion = "23.05";
-}
-
diff --git a/hosts/janeway/services/bridge-discord.nix b/hosts/janeway/services/bridge-discord.nix
deleted file mode 100644
index 0d5586c..0000000
--- a/hosts/janeway/services/bridge-discord.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.mx-puppet-discord = {
-    enable = true;
-
-    serviceDependencies = [
-      "matrix-synapse.service"
-      "postgresql.service"
-    ];
-
-    settings = {
-      bridge = {
-        bindAddress = "localhost";
-        domain = "feal.no";
-        homeserverUrl = "https://matrix.feal.no";
-        # homeserverUrl = "http://127.0.1.2:8008";
-
-        port = 8434;
-        enableGroupSync = true;
-      };
-
-      database.connString = "postgresql://mx-puppet-discord@localhost/mx-puppet-discord?sslmode=disable";
-
-      provisioning.whitelist = [ "@felixalb:feal\\.no" ];
-      relay.whitelist = [ ".*" ];
-      selfService.whitelist = [ "@felixalb:feal\\.no" ];
-
-    };
-  };
-
-  services.matrix-synapse.settings.app_service_config_files = [ /var/lib/mx-puppet-discord/discord-registration.yaml ];
-}
diff --git a/hosts/janeway/services/nginx.nix b/hosts/janeway/services/nginx.nix
deleted file mode 100644
index 4c376d7..0000000
--- a/hosts/janeway/services/nginx.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, values, ... }:
-{
-  services.nginx = {
-    enable = true;
-    enableReload = true;
-
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  /* security.acme = { */
-  /*   acceptTerms = true; */
-  /*   email = "felix@albrigtsen.it"; */
-  /* }; */
-}
diff --git a/secrets/defiant/defiant.yaml b/secrets/defiant/defiant.yaml
new file mode 100644
index 0000000..eb1e2a5
--- /dev/null
+++ b/secrets/defiant/defiant.yaml
@@ -0,0 +1,32 @@
+matrix:
+    synapse:
+        registrationsecret: ENC[AES256_GCM,data:6gRW6t080VSyNRAmIrMqXL/oj7dj0JbcQekG3lac7zcdvJbgkUaqEGoWdrym2XiEOSLBOVMthnpLdalC2wcyJdmxB7xMNsYS4RfjR3PMKIo1Ap7JSmuKBl3eeaOalHk=,iv:dZl4/qFMoqEbSwL4JF/sjG21e6DuKVxbXwrGHkxfW4U=,tag:LWdCcmUUeTO4YAHkHOSJuw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQXEzMHQzaTU2YW85Yjhh
+            eDZ1eG15UytULzhYaTBZemlRak5USmVrMlhRCmtOUmNqYS9xa0VHU2J1V0E0NjN0
+            ZDRhek9xNXJNY0FhZUJCVjJpYW1ZNHcKLS0tIER3OFlyV2Q3b2l0RkkzVkZMaHdt
+            MHI3WEV0RnZvWGw5a3BIV21kMlJxdU0Kpa1mjuwYoyk8Qfsst1k/pGGONYQf/sdZ
+            kfTZV2btleBISsP5aBDTF+I4AJZesumJuNVA0gPsI88GaQuf3rqb8w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRi9mRDMvcDhBN3RVcG90
+            Q2Y5NGhTVmVOaW9VRTl0R25QQXJsb2FQOTFrCnNsL0M2OTQ1KzJKSXJaVlVrL01v
+            R1RnOURGcDU3V2JldTdlRitQeDBIZE0KLS0tIHB2T3ZGQjZZRUlUL0FUSzhoZ1Ez
+            RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
+            fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-12-24T17:26:56Z"
+    mac: ENC[AES256_GCM,data:lj6GLwoKmDyZ7Gs7X4LOl531jHXn/yiollTFtKNTRfXKoayg40edWuyZR4eQBUWyjmznWeWSB7DT4L82S5DX6NNEqzBFMBlPFrz6DLDfWW/nMdmHW3l7tPxydm8BbmVi1kvp6W7JnHeA3dTaHyMaq5mwwPxhui64joN7964ABWA=,iv:TeESIqgS4ml7cYERq8+NItIjU+HLuxhXdzGMErcSrjg=,tag:fCIHhf77O6SjY9KjHVdrYw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1