diff --git a/dyndns/README.md b/dyndns/README.md
deleted file mode 100644
index 21e1264..0000000
--- a/dyndns/README.md
+++ /dev/null
@@ -1,16 +0,0 @@
-# Dynamic DNS
-
-Edit example files to match your needs.
-
-```sh
-sudo mkdir /data/dns
-cp *example* dyndns* /data/dns
-
-chmod 600 /data/dns/tsig*
-```
-
-## Cronjob
-
-```sh
-/data/dns/update-example.com.sh
-```
diff --git a/dyndns/dyndns-nsupdate b/dyndns/dyndns-nsupdate
deleted file mode 100755
index 1876f7c..0000000
--- a/dyndns/dyndns-nsupdate
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-DYN_DIR=/data/dns
-
-if test "x$DYN_TSIGKEY" = x; then DYN_TSIGKEY="$DYN_DIR/tsig.$DYN_DOMAIN.conf"; fi
-if test "x$DYN_NSUPDATE" = x; then DYN_NSUPDATE="$DYN_DIR/$DYN_DOMAIN.nsupdate.txt"; fi
-
-if test "x$1" != x; then
-	cat "$DYN_NSUPDATE" | sed s/%IP%/$1/g | nsupdate -v -k "$DYN_TSIGKEY"
-fi
diff --git a/dyndns/dyndns-update b/dyndns/dyndns-update
deleted file mode 100755
index 2eb07c8..0000000
--- a/dyndns/dyndns-update
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-
-if test "x$DYN_SERVER" = x; then echo export DYN_SERVER=ns.example.com; exit=1; fi
-if test "x$DYN_DOMAIN" = x; then echo export DYN_DOMAIN=example.com; exit=1; fi
-if test "x$DYN_SCRIPT" = x; then echo export DYN_SCRIPT=/path/to/script; exit=1; fi
-if test "x$exit" = x1; then exit 1; fi
-
-if test "x$DYN_IPAPI" = x; then DYN_IPAPI=ifconfig.co; fi
-
-IPACTUAL=$(wget -qO - "$DYN_IPAPI")
-IPSERVER=$(dig +short $DYN_DOMAIN @$DYN_SERVER)
-
-if test "x$IPSERVER" = x -o "x$IPACTUAL" = x; then
-	: # ERROR: IP unknown
-elif test "x$IPSERVER" = "x$IPACTUAL"; then
-	: # INFO: IP not changed
-else
-	"$DYN_SCRIPT" $IPACTUAL
-fi
diff --git a/dyndns/example.com.nsupdate.txt b/dyndns/example.com.nsupdate.txt
deleted file mode 100644
index 8153944..0000000
--- a/dyndns/example.com.nsupdate.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-server ns01.example.com
-zone example.com
-
-update del   example.com. TXT
-update del   example.com. A
-update del *.example.com. A
-
-update add   example.com. 86400 TXT "v=spf1 ip4:%IP%/32 -all"
-update add   example.com. 86400 A %IP%
-update add *.example.com. 86400 A %IP%
-
-send
diff --git a/dyndns/tsig.example.com.conf b/dyndns/tsig.example.com.conf
deleted file mode 100644
index 1cea1d4..0000000
--- a/dyndns/tsig.example.com.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-key "tsig.example.com." {
-	algorithm hmac-sha256;
-	secret "YWRyaXVtLmFkcml1bS4uCg==";
-};
diff --git a/dyndns/update-example.com.sh b/dyndns/update-example.com.sh
deleted file mode 100755
index e30dd4e..0000000
--- a/dyndns/update-example.com.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-export DYN_DOMAIN=example.com
-export DYN_SERVER=ns01.example.com
-export DYN_SCRIPT=/data/dns/dyndns-nsupdate
-
-/data/dns/dyndns-update
diff --git a/letsencrypt/README.md b/letsencrypt/README.md
deleted file mode 100644
index c1f3f51..0000000
--- a/letsencrypt/README.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# Let's Encrypt
-
-Download Let's Encrypt client (only `dehydrated` needed):
-https://github.com/dehydrated-io/dehydrated/releases/latest
-
-```sh
-sudo mkdir -p /data/ssl/{configs,challenge}
-sudo chown -R admin: /data/ssl
-
-cp config dehydrated-* /data/ssl
-
-# List all domains for automatic renewal
-editor /data/ssl/domains.txt
-
-/data/ssl/dehydrated -r
-```
-
-To enable certificate renewal,
-`include snippets/letsencrypt` or put `redirect-ssl-all` in sites-enabled.
-
-## Cronjob
-
-```sh
-/data/ssl/dehydrated -c
-```
-
-## Wildcard Certificates
-
-```sh
-echo "service.example.com *.service.example.com" >> /data/ssl/domains.txt
-echo "CHALLENGETYPE=dns-01" >> /data/ssl/configs/service.example.com
-echo "HOOK=/data/ssl/dehydrated-hook" >> /data/ssl/configs/service.example.com
-```
-
-There are manual and nsupdate hooks.
-See [example-hook](example-hook) for an example nsupdate hook.
diff --git a/letsencrypt/config b/letsencrypt/config
deleted file mode 100644
index 8ddd42e..0000000
--- a/letsencrypt/config
+++ /dev/null
@@ -1,5 +0,0 @@
-DOMAINS_D=/data/ssl/configs
-WELLKNOWN=/data/ssl/challenge
-PRIVATE_KEY_RENEW=no
-KEYSIZE=2048
-# CONTACT_EMAIL=hostmaster@example.com
diff --git a/letsencrypt/dehydrated-manual b/letsencrypt/dehydrated-manual
deleted file mode 100755
index 0436362..0000000
--- a/letsencrypt/dehydrated-manual
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-if test "x$1" = xdeploy_challenge; then
-	echo "Add the following record and press enter to continue:"
-	echo "_acme-challenge.$2. TXT $4"
-	read dummy
-elif test "x$1" = xclean_challenge; then
-	echo "Remove the record and press enter to continue:"
-	echo "_acme-challenge.$2. TXT $4"
-	read dummy
-fi
diff --git a/letsencrypt/dehydrated-nsupdate b/letsencrypt/dehydrated-nsupdate
deleted file mode 100755
index 52fd241..0000000
--- a/letsencrypt/dehydrated-nsupdate
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-SCRIPT_TTL=30
-
-if test "x$LE_SERVER" = x; then echo export LE_SERVER=ns.example.com; exit=1; fi
-if test "x$LE_ZONE" = x; then echo export LE_ZONE=example.com; exit=1; fi
-if test "x$LE_TSIGKEY" = x; then echo export LE_TSIGKEY=/path/to/key; exit=1; fi
-if test "x$exit" = x1; then exit 1; fi
-
-if test "x$1" = xdeploy_challenge; then
-	nsupdate -v -k "$LE_TSIGKEY" <<- NSUPDATE
-		server $LE_SERVER
-		zone $LE_ZONE
-		update add _acme-challenge.$2. $SCRIPT_TTL TXT $4
-		send
-	NSUPDATE
-elif test "x$1" = xclean_challenge; then
-	nsupdate -v -k "$LE_TSIGKEY" <<- NSUPDATE
-		server $LE_SERVER
-		zone $LE_ZONE
-		update del _acme-challenge.$2. TXT
-		send
-	NSUPDATE
-fi
diff --git a/letsencrypt/example-hook b/letsencrypt/example-hook
deleted file mode 100644
index 80a49ad..0000000
--- a/letsencrypt/example-hook
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-export LE_TSIGKEY=/data/dns/tsig.example.com.conf
-export LE_SERVER=ns01.example.com
-export LE_ZONE=example.com
-
-/data/ssl/dehydrated-nsupdate "$@"
diff --git a/mail/README.md b/mail/README.md
index 7945019..1119549 100644
--- a/mail/README.md
+++ b/mail/README.md
@@ -11,7 +11,6 @@ sudo mkdir -p /data/mail/config
 sudo chown vmail: /data/mail/*
 
 cat schema.sql | sudo -u vmail sqlite3 /data/mail/config/vmail.db
-sudo chown vmail:postfix /data/mail/config/vmail.db
 sudo chmod 640 /data/mail/config/vmail.db
 ```
 
@@ -27,13 +26,12 @@ sudo apt install sqlite3 postfix postfix-sqlite dovecot-imapd dovecot-sqlite ope
 DOMAIN=example.com
 
 sudo cp -r postfix dovecot /etc
-sudo chmod 600 /etc/postfix/sni.cf
-
 sudo sed -i '$ r opendkim/local.conf' /etc/opendkim.conf
-sudo sed -i s/example.com/$DOMAIN/ /etc/postfix/{main,sni}.cf /etc/dovecot/local.conf
+sudo sed -i s/example.com/$DOMAIN/ /etc/postfix/main.cf /etc/dovecot/local.conf
 sudo sed -i '/include auth-system/ s/.*/#&/' /etc/dovecot/conf.d/10-auth.conf
 
 sudo ln -s /data/mail/config/vmail.db /.opendkim-bug-241.db
+sudo chown vmail:postfix /data/mail/config/vmail.db
 
 opendkim-genkey -d $DOMAIN -s s
 chmod +r s.private
@@ -42,12 +40,6 @@ cat s.txt
 rm s.private s.txt
 ```
 
-## Certificate Reload
-
-```sh
-postmap -F /etc/postfix/sni.cf
-```
-
 ## Notes
 
 * The `vmail.db` parent directory needs to be writeable by the user modifying the database
diff --git a/mail/postfix/main.cf b/mail/postfix/main.cf
index 66b0ba0..4b2e97f 100644
--- a/mail/postfix/main.cf
+++ b/mail/postfix/main.cf
@@ -14,7 +14,6 @@ smtp_tls_security_level = may
 smtpd_tls_security_level = may
 smtpd_tls_key_file =  /data/ssl/certs/mail.example.com/privkey.pem
 smtpd_tls_cert_file = /data/ssl/certs/mail.example.com/fullchain.pem
-tls_server_sni_maps = hash:/etc/postfix/sni.cf
 
 # Custom
 
diff --git a/mail/postfix/sni.cf b/mail/postfix/sni.cf
deleted file mode 100644
index e9ae8a0..0000000
--- a/mail/postfix/sni.cf
+++ /dev/null
@@ -1 +0,0 @@
-mail.example.com /data/ssl/certs/mail.example.com/privkey.pem /data/ssl/certs/mail.example.com/fullchain.pem
diff --git a/network-manager/99-no-wifi-on-ethernet b/network-manager/99-no-wifi-on-ethernet
deleted file mode 100755
index fa44a2f..0000000
--- a/network-manager/99-no-wifi-on-ethernet
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-logger -t no-wifi-on-ethernet "Device $1 is $2"
-
-if [ "dev:$1:$2" = "dev:eth0:up" ]; then
-	nmcli r wifi off
-fi
-
-if [ "dev:$1:$2" = "dev:eth0:down" ]; then
-	nmcli r wifi on
-fi
diff --git a/network-manager/README.md b/network-manager/README.md
deleted file mode 100644
index 6e60a35..0000000
--- a/network-manager/README.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# NetworkManager
-
-## Manage ethernet devices with NetworkManager
-
-```sh
-touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
-```
-
-## Automatically switch off wifi when ethernet is connected
-
-```sh
-sudo cp 99-no-wifi-on-ethernet /etc/NetworkManager/dispatcher.d
-```
diff --git a/nextcloud/nginx.conf b/nextcloud/nginx.conf
index 8030b02..15307c4 100644
--- a/nextcloud/nginx.conf
+++ b/nextcloud/nginx.conf
@@ -9,6 +9,7 @@ server {
 	client_max_body_size 0;
 
 	location / {
+		index index.php;
 		try_files $uri /index.php$request_uri;
 	}
 
@@ -25,10 +26,6 @@ server {
 		include fastcgi.conf;
 	}
 
-	location /updater { index index.php; }
-	location /ocm-provider { index index.php; }
-	location /ocs-provider { index index.php; }
-
 	location = /.well-known/carddav {
 		return 301 $scheme://$host:$server_port/remote.php/dav;
 	}
diff --git a/nginx/README.md b/nginx/README.md
index d87501e..fee1b7c 100644
--- a/nginx/README.md
+++ b/nginx/README.md
@@ -1,19 +1,9 @@
 # Nginx
 
 ```sh
-DOMAIN=example.com
-
 sudo cp -r sites-available snippets conf.d /etc/nginx
 
 sudo rm /etc/nginx/sites-*/default
 sudo ln -s ../sites-available/0nohost /etc/nginx/sites-enabled
 sudo ln -s ../sites-available/redirect-ssl-all /etc/nginx/sites-enabled
-
-sudo sed -i s/example.com/$DOMAIN/ /etc/nginx/conf.d/ssl.conf
-```
-
-## Certificate Reload
-
-```sh
-nginx -s reload
 ```