diff --git a/hosts/h001/mods/etebase.nix b/hosts/h001/mods/etebase.nix
index 7dd96a90..6bc6fdb0 100644
--- a/hosts/h001/mods/etebase.nix
+++ b/hosts/h001/mods/etebase.nix
@@ -1,88 +1,30 @@
+{ ... }:
 {
-  config,
-  pkgs,
-  ...
-}:
-let
-  dataDir = "/var/lib/etebase-server";
-  socketPath = "/run/etebase-server/etebase-server.sock";
-in
-{
-  # Generate a secret file for Django's SECRET_KEY if it doesn't exist
-  systemd.services.etebase-server-secret = {
-    description = "Generate Etebase server secret";
-    wantedBy = [ "etebase-server.service" ];
-    before = [ "etebase-server.service" ];
-    unitConfig.ConditionPathExists = "!${dataDir}/secret.txt";
-    serviceConfig = {
-      Type = "oneshot";
-      User = "etebase-server";
-      Group = "etebase-server";
-      UMask = "0077";
-    };
-    script = ''
-      ${pkgs.openssl}/bin/openssl rand -base64 64 | tr -d '\n' > ${dataDir}/secret.txt
-      chmod 600 ${dataDir}/secret.txt
-    '';
-  };
-
-  # Ensure the etebase-server user/group exist before secret generation
-  users.users.etebase-server = {
-    isSystemUser = true;
-    group = "etebase-server";
-    home = dataDir;
-  };
-  users.groups.etebase-server = { };
-
-  # Pre-create data directory with correct permissions
-  systemd.tmpfiles.rules = [
-    "d '${dataDir}' 0750 etebase-server etebase-server - -"
-  ];
-
-  services.etebase-server = {
-    enable = true;
-    # Use Unix socket for better security (nginx connects via socket, not TCP)
-    unixSocket = socketPath;
-    settings = {
-      global = {
-        debug = false;
-        secret_file = "${dataDir}/secret.txt";
-        static_root = "${dataDir}/static";
-        media_root = "${dataDir}/media";
-      };
-      allowed_hosts = {
-        allowed_host1 = "etebase.joshuabell.xyz";
-      };
-    };
-  };
-
   services.nginx.virtualHosts = {
     "etebase.joshuabell.xyz" = {
       addSSL = true;
       sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
       sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
       locations = {
-        # Serve static files directly via nginx (better performance)
-        "/static/" = {
-          alias = "${dataDir}/static/";
-          extraConfig = ''
-            expires 30d;
-            add_header Cache-Control "public, immutable";
-          '';
-        };
-        # Proxy everything else to the etebase server via Unix socket
         "/" = {
-          proxyPass = "http://unix:${socketPath}";
           proxyWebsockets = true;
           recommendedProxySettings = true;
-          extraConfig = ''
-            client_max_body_size 75M;
-          '';
+          proxyPass = "http://127.0.0.1:8732";
         };
       };
     };
   };
 
-  # Allow nginx to access the etebase socket
-  users.users.nginx.extraGroups = [ "etebase-server" ];
+  services.etebase-server = {
+    enable = true;
+    port = 8732;
+    settings = {
+      global = {
+        debug = false;
+      };
+      allowed_hosts = {
+        allowed_host1 = "etebase.joshuabell.xyz";
+      };
+    };
+  };
 }