diff --git a/hosts/lab/forgejo.nix b/hosts/lab/forgejo.nix
index 982b571..1fcf379 100644
--- a/hosts/lab/forgejo.nix
+++ b/hosts/lab/forgejo.nix
@@ -29,7 +29,7 @@ in
         START_SSH_SERVER = true;
         SSH_PORT = 4201;
         SSH_LISTEN_PORT = 4201;
-        DISABLE_HTTP_GIT = false;
+        DISABLE_HTTP_GIT = true;
       };
       service = {
         DISABLE_REGISTRATION = true;
diff --git a/hosts/lab/wynne.nix b/hosts/lab/wynne.nix
index cd5e9a4..5a276a8 100644
--- a/hosts/lab/wynne.nix
+++ b/hosts/lab/wynne.nix
@@ -2,7 +2,6 @@
 let
   port = 4322;
   dataDir = "/srv/wynne";
-  repo = "https://git.ily.rs/lew/wynne";
 in
 {
   services.caddy.virtualHosts."wynne.rs" = {
@@ -20,8 +19,7 @@ in
 
   systemd.services.wynne = {
     description = "wynne.rs";
-    after = [ "wynne-rebuild.service" ];
-    wants = [ "wynne-rebuild.service" ];
+    after = [ "network.target" ];
     wantedBy = [ "multi-user.target" ];
     environment = {
       HOST = "127.0.0.1";
@@ -39,67 +37,6 @@ in
     };
   };
 
-  # Always rebuilds because wynne bakes DB content (guestbook) into pages at build time
-  systemd.services.wynne-rebuild = {
-    description = "Clone/pull and build wynne.rs";
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = false;
-      ExecStart = pkgs.writeShellScript "rebuild-wynne" ''
-        set -euo pipefail
-        if [ ! -d ${dataDir}/repo/.git ]; then
-          mkdir -p ${dataDir}
-          ${pkgs.git}/bin/git clone ${repo} ${dataDir}/repo
-        fi
-        mkdir -p ${dataDir}/data
-        cd ${dataDir}/repo
-        ${pkgs.git}/bin/git fetch origin
-        ${pkgs.git}/bin/git reset --hard origin/main
-        ${pkgs.pnpm}/bin/pnpm install --frozen-lockfile
-        ${pkgs.pnpm}/bin/pnpm build
-      '';
-      # + prefix runs this line as root (wynne user can't restart services)
-      ExecStartPost = "+/run/current-system/sw/bin/systemctl restart wynne";
-      User = "wynne";
-      Group = "wynne";
-      ReadWritePaths = [ dataDir ];
-    };
-  };
-
-  # Watches a trigger file, starts wynne-rebuild when touched
-  systemd.paths.wynne-rebuild-trigger = {
-    description = "Watch for wynne rebuild trigger";
-    wantedBy = [ "multi-user.target" ];
-    pathConfig = {
-      PathModified = "${dataDir}/trigger";
-      Unit = "wynne-rebuild.service";
-    };
-  };
-
-  systemd.services.wynne-webhook = {
-    description = "Webhook listener for wynne.rs";
-    after = [ "network.target" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = let
-        hooks = pkgs.writeText "wynne-hooks.json" (builtins.toJSON [{
-          id = "wynne-rebuild";
-          execute-command = "/run/current-system/sw/bin/touch";
-          pass-arguments-to-command = [
-            { source = "string"; name = "${dataDir}/trigger"; }
-          ];
-        }]);
-      in "${pkgs.webhook}/bin/webhook -hooks ${hooks} -port ${toString (port + 1)} -verbose";
-      Restart = "always";
-      User = "wynne";
-      Group = "wynne";
-    };
-  };
-
   users.users.wynne = {
     isSystemUser = true;
     group = "wynne";