diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix
index 98e0a49..6ecda6d 100644
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@@ -1,9 +1,4 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
+{ pkgs, config, ... }:
 {
   imports = [
     ./hardware-configuration.nix
diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix
index 2d36d14..acc1a6c 100644
--- a/hosts/lily/default.nix
+++ b/hosts/lily/default.nix
@@ -16,10 +16,7 @@ in
   imports = [
     ./hardware-configuration.nix
     ./variables.nix
-    ./dns.nix
-    ./wireguard.nix
     ./../../modules/core/default.router.nix
-    ./../../modules/services/lily.nix
   ];
 
   liv = {
@@ -28,6 +25,7 @@ in
   };
 
   boot = {
+    supportedFilesystems = [ "zfs" ];
     loader.grub = {
       enable = true;
       device = "/dev/sda";
@@ -53,7 +51,7 @@ in
 
   networking = {
     firewall = {
-      enable = false;
+      enable = true;
       allowPing = true;
 
       # allow ssh on *all* interfaces, even wan.
@@ -89,7 +87,20 @@ in
 
   environment.systemPackages = with pkgs; [
     kitty.terminfo
-    tcpdump
-    dnsutils
+    zfs
   ];
+
+  networking.hostId = "8ddb2a9b";
+
+  services.zfs = {
+    autoScrub.enable = true;
+    trim.enable = true;
+  };
+
+  # boot.zfs.extraPools = [ "terrabite" ];
+
+  # fileSystems."/terrabite/main" = {
+  #   device = "terrabite/main";
+  #   fsType = "zfs";
+  # };
 }
diff --git a/hosts/lily/dns.nix b/hosts/lily/dns.nix
deleted file mode 100644
index b754a51..0000000
--- a/hosts/lily/dns.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ lib, config, ... }:
-{
-  services = {
-    dnsmasq = {
-      enable = true;
-      settings = {
-        cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains.
-        server = [
-          "9.9.9.9"
-          "149.112.112.112"
-        ];
-        domain-needed = true; # Ensures that DNS queries are only forwarded for domains that are not found in the local configuration.
-        bogus-priv = true; # Blocks DNS queries for private IP address ranges to prevent accidental exposure of private resources.
-        no-resolv = true; # Prevents dnsmasq from using /etc/resolv.conf for DNS server configuration.
-
-        # configure DHCP server; get leases by running: `cat /var/lib/dnsmasq/dnsmasq.leases`
-        dhcp-range = [ "br-lan,172.16.10.50,172.16.10.254,24h" ];
-        interface = "br-lan";
-        dhcp-host = "172.16.10.1";
-
-        # local sets the local domain name to "n". Combinded with expand-hosts = true, it will add a .local suffix to any local defined name when trying to resolve it.
-        local = "/local/";
-        domain = "local";
-        expand-hosts = true;
-
-        no-hosts = true; # Prevents the use of /etc/hosts. This ensures that the local hosts file is not used to override DNS resolution.
-        address = "/booping.local/172.16.10.1";
-      };
-    };
-  };
-}
diff --git a/hosts/lily/wireguard.nix b/hosts/lily/wireguard.nix
deleted file mode 100644
index 0db3279..0000000
--- a/hosts/lily/wireguard.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-
-}
diff --git a/modules/services/lily.nix b/modules/services/lily.nix
deleted file mode 100644
index 2774318..0000000
--- a/modules/services/lily.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ ... }:
-{
-  imports =
-    [ (import ./docker.nix) ]
-    ++ [ (import ./monitoring.nix) ]
-    ++ [ (import ./smart-monitoring.nix) ]
-    ++ [ (import ./unifi.nix) ]
-    ++ [ (import ./tailscale.nix) ]
-    ++ [ (import ./grafana.nix) ];
-}
diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix
deleted file mode 100644
index d886410..0000000
--- a/modules/services/tailscale.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  services.tailscale.enable = true;
-}
diff --git a/modules/services/unifi.nix b/modules/services/unifi.nix
deleted file mode 100644
index c206c3d..0000000
--- a/modules/services/unifi.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-{ pkgs, lib, ... }:
-
-{
-  services.unifi = {
-    enable = true;
-    unifiPackage = pkgs.unifi8;
-    mongodbPackage = pkgs.mongodb-7_0;
-  };
-  # services.nginx = {
-  #   enable = true;
-  #   recommendedProxySettings = true;
-
-  #   virtualHosts."unifi.local" = {
-  #     forceSSL = true;
-  #     useACMEHost = "unifi.local";
-  #     locations."/" = {
-  #       proxyPass = "https://127.0.0.1:8443";
-  #       proxyWebsockets = true;
-  #     };
-  #   };
-  # };
-  #   virtualisation.oci-containers.containers."unifi" = {
-  #     image = "lscr.io/linuxserver/unifi-network-application:latest";
-  #     autoStart = true;
-  #     environmentFiles = [ /run/unifi/container-vars.env ];
-  #     volumes = [
-  #       "/etc/localtime:/etc/localtime:ro"
-  #       "/run/unifi/data:/config"
-  #     ];
-  #     ports = [
-  #       "8443:8443" # web admin UI
-  #       "3478:3478/udp" # STUN
-  #       "10001:10001/udp" # AP discovery
-  #       "8080:8080" # device communication
-  #       "6789:6789/udp" # mobile throughput test (assumption: wifiman)
-  #       "5514:5514/udp" # remote syslog (optional)
-  #     ];
-  #     dependsOn = [
-  #       "unifi-mongo"
-  #     ];
-  #     log-driver = "journald";
-  #   };
-  #   virtualisation.oci-containers.containers."unifi-mongo" = {
-  #     image = "mongo:latest";
-  #     autoStart = true;
-  #     volumes = [
-  #       "/etc/localtime:/etc/localtime:ro"
-  #       "/run/unifi/mongo/db:/data/db"
-  #       "/run/unifi/mongo/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro"
-  #     ];
-  #     log-driver = "journald";
-  #   };
-
-  networking.firewall.interfaces."lan0" = {
-    allowedTCPPorts = [
-      8443 # web admin UI
-      8080 # device communication
-    ];
-    allowedUDPPorts = [
-      6789 # mobile throughput test (assumption: wifiman)
-      5514 # remote syslog (optional)
-      3478 # STUN
-      10001 # AP discovery
-    ];
-  };
-}