diff --git a/README.md b/README.md
index 6a83494..eea8517 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,6 @@ The KVM has a declarative service bundle:
 - netty exposes 3 tcp ports (22:ssh, 80:http, 443:https)
 - services only listen on 127.0.0.1 (runs behind nginx with ACME)
 - Self hosts Forgejo mirroring to GitHub (git.harivan.sh)
-- Diff-kit (diffs.harivan.sh)
 - Self hosts VaultWarden
 - betterNAS control-plane and node agent (api.betternas.com)
 - Hermes agent (netty.harivan.sh)
diff --git a/hosts/netty/configuration.nix b/hosts/netty/configuration.nix
index 53dba09..0f1b31f 100644
--- a/hosts/netty/configuration.nix
+++ b/hosts/netty/configuration.nix
@@ -17,7 +17,6 @@ in
     ./nginx.nix
     ./vaultwarden.nix
     ./forgejo.nix
-    ./diffkit.nix
     ./delta.nix
     ./betternas.nix
     ./hermes-gateway.nix
diff --git a/hosts/netty/diffkit.nix b/hosts/netty/diffkit.nix
deleted file mode 100644
index 94107f7..0000000
--- a/hosts/netty/diffkit.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  pkgs,
-  username,
-  ...
-}:
-let
-  diffkitPort = "3200";
-  stateDir = "/var/lib/diffkit";
-  repoDir = "/home/${username}/Documents/GitHub/diffkit";
-  envFile = "${stateDir}/diffkit.env";
-  dbPath = "${stateDir}/diffkit.db";
-  migrationsDir = "${repoDir}/apps/dashboard/drizzle";
-
-  migrationScript = pkgs.writeShellScript "diffkit-migrate" ''
-    set -euo pipefail
-    DB="${dbPath}"
-    MIGRATIONS="${migrationsDir}"
-
-    ${pkgs.sqlite}/bin/sqlite3 "$DB" "SELECT 1;" > /dev/null 2>&1 || true
-    ${pkgs.sqlite}/bin/sqlite3 "$DB" \
-      "CREATE TABLE IF NOT EXISTS __drizzle_migrations (tag TEXT PRIMARY KEY, applied_at INTEGER NOT NULL);"
-
-    for sql_file in "$MIGRATIONS"/[0-9]*.sql; do
-      [ -f "$sql_file" ] || continue
-      tag=$(basename "$sql_file" .sql)
-      applied=$(${pkgs.sqlite}/bin/sqlite3 "$DB" "SELECT COUNT(*) FROM __drizzle_migrations WHERE tag='$tag';")
-      if [ "$applied" = "0" ]; then
-        echo "Applying migration: $tag"
-        ${pkgs.gnused}/bin/sed 's/--> statement-breakpoint/;/g' "$sql_file" \
-          | ${pkgs.sqlite}/bin/sqlite3 "$DB"
-        ${pkgs.sqlite}/bin/sqlite3 "$DB" \
-          "INSERT INTO __drizzle_migrations (tag, applied_at) VALUES ('$tag', strftime('%s','now'));"
-      fi
-    done
-    echo "Migrations complete."
-  '';
-in
-{
-  systemd.tmpfiles.rules = [
-    "d ${stateDir} 0750 ${username} users -"
-    "z ${envFile} 0600 ${username} users -"
-  ];
-
-  systemd.services.diffkit = {
-    description = "diffkit GitHub Diff Viewer";
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-
-    environment = {
-      NODE_ENV = "production";
-      HOST = "127.0.0.1";
-      PORT = diffkitPort;
-      DATABASE_PATH = dbPath;
-      BETTER_AUTH_URL = "https://diffs.harivan.sh";
-      GITHUB_APP_PRIVATE_KEY_FILE = "${stateDir}/github-app-key.pem";
-    };
-
-    serviceConfig = {
-      Type = "simple";
-      User = username;
-      Group = "users";
-      WorkingDirectory = "${repoDir}/apps/dashboard";
-      ExecStartPre = migrationScript;
-      ExecStart = "${pkgs.nodejs_22}/bin/node node-server.mjs";
-      EnvironmentFile = "-${envFile}";
-      Restart = "on-failure";
-      RestartSec = 5;
-    };
-  };
-}
diff --git a/hosts/netty/nginx.nix b/hosts/netty/nginx.nix
index e4068f8..6438ead 100644
--- a/hosts/netty/nginx.nix
+++ b/hosts/netty/nginx.nix
@@ -6,7 +6,6 @@ let
   forgejoDomain = "git.harivan.sh";
   vaultDomain = "vault.harivan.sh";
   betternasDomain = "api.betternas.com";
-  diffkitDomain = "diffs.harivan.sh";
   deltaDomain = "delta.harivan.sh";
 in
 {
@@ -45,15 +44,6 @@ in
       locations."/".proxyPass = "http://127.0.0.1:8222";
     };
 
-    virtualHosts.${diffkitDomain} = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3200";
-        proxyWebsockets = true;
-      };
-    };
-
     virtualHosts.${deltaDomain} = {
       enableACME = true;
       forceSSL = true;