diff --git a/modules/hosts/loptland/default.nix b/modules/hosts/loptland/default.nix
index aaf6f9e..54c01b7 100644
--- a/modules/hosts/loptland/default.nix
+++ b/modules/hosts/loptland/default.nix
@@ -33,7 +33,6 @@ topLevel: {
         # services
         matrix-synapse
         mautrix-discord
-        element-call
 
         # game server
         minecraft-server
diff --git a/modules/hosts/loptland/nginx.nix b/modules/hosts/loptland/nginx.nix
index a28c106..d6b759d 100644
--- a/modules/hosts/loptland/nginx.nix
+++ b/modules/hosts/loptland/nginx.nix
@@ -8,9 +8,6 @@
     }:
     let
       domainName = "christophhollizeck.dev";
-      matrixDomain = "alwayssleepy.online";
-      livekitPort = 7880;
-      lkJwtPort = 8089;
     in
     {
       services.nginx = {
@@ -53,9 +50,9 @@
             };
           };
 
-          "matrix.${matrixDomain}" = lib.mkIf config.services.matrix-synapse.enable {
+          "matrix.alwayssleepy.online" = lib.mkIf config.services.matrix-synapse.enable {
             forceSSL = true;
-            useACMEHost = matrixDomain;
+            useACMEHost = "alwayssleepy.online";
 
             locations."/" = {
               proxyPass = "http://localhost:${toString 8008}";
@@ -65,60 +62,15 @@
             };
           };
 
-          "call.${matrixDomain}" = lib.mkIf config.services.lk-jwt-service.enable {
-            forceSSL = true;
-            useACMEHost = matrixDomain;
-
-            locations."= /config.json" = {
-              extraConfig = ''
-                default_type application/json;
-                return 200 '${builtins.toJSON {
-                  default_server_config = {
-                    "m.homeserver" = {
-                      base_url = "https://matrix.${matrixDomain}";
-                      server_name = matrixDomain;
-                    };
-                  };
-                  livekit = {
-                    livekit_service_url = "https://call.${matrixDomain}/livekit/jwt";
-                  };
-                }}';
-              '';
-            };
-
-            locations."/" = {
-              root = "${pkgs.element-call}";
-              tryFiles = "$uri /index.html";
-              extraConfig = ''
-                add_header Cache-Control "no-cache" always;
-              '';
-            };
-
-            # Proxy lk-jwt-service for token generation
-            locations."/livekit/jwt" = {
-              proxyPass = "http://localhost:${toString lkJwtPort}";
-            };
-
-            # Proxy LiveKit SFU websocket
-            locations."/livekit/sfu" = {
-              proxyPass = "http://localhost:${toString livekitPort}";
-              extraConfig = ''
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-              '';
-            };
-          };
-
           # .well-known Matrix delegation so Matrix IDs are @user:alwayssleepy.online
           "alwayssleepy.online" = {
             forceSSL = true;
-            useACMEHost = matrixDomain;
+            useACMEHost = "alwayssleepy.online";
 
             locations."/.well-known/matrix/server" = {
               extraConfig = ''
                 default_type application/json;
-                return 200 '{"m.server":"matrix.${matrixDomain}:443"}';
+                return 200 '{"m.server":"matrix.alwayssleepy.online:443"}';
               '';
             };
 
@@ -126,7 +78,7 @@
               extraConfig = ''
                 default_type application/json;
                 add_header 'Access-Control-Allow-Origin' '*';
-                return 200 '{"m.homeserver":{"base_url":"https://matrix.${matrixDomain}"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://call.${matrixDomain}/livekit/jwt"}]}';
+                return 200 '{"m.homeserver":{"base_url":"https://matrix.alwayssleepy.online"}}';
               '';
             };
           };
diff --git a/modules/server/acme.nix b/modules/server/acme.nix
index 631f967..303710a 100644
--- a/modules/server/acme.nix
+++ b/modules/server/acme.nix
@@ -55,6 +55,11 @@ topLevel: {
           extraDomainNames = [ "*.${domainname}" ];
         };
 
+        certs."cholli.de" = {
+          dnsResolver = "1.1.1.1:53";
+          extraDomainNames = [ "*.cholli.de" ];
+        };
+
         certs."alwayssleepy.online" = {
           dnsResolver = "1.1.1.1:53";
           extraDomainNames = [ "*.alwayssleepy.online" ];
diff --git a/modules/server/element-call.nix b/modules/server/element-call.nix
deleted file mode 100644
index 2e10ba8..0000000
--- a/modules/server/element-call.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-topLevel: {
-  flake.modules.nixos.element-call =
-    { config, lib, pkgs, ... }:
-    let
-      matrixDomain = "alwayssleepy.online";
-      livekitPort = 7880;
-      livekitRtcPortStart = 50000;
-      livekitRtcPortEnd = 50200;
-      lkJwtPort = 8089;
-      sopsFile = ../../secrets/secrets-loptland.yaml;
-    in
-    {
-      sops.secrets."matrix/livekit/keyFile" = {
-        inherit sopsFile;
-        # livekit and lk-jwt-service both read this file
-        mode = "0440";
-        group = "livekit-secrets";
-      };
-
-      users.groups.livekit-secrets = { };
-
-      # LiveKit SFU media server
-      services.livekit = {
-        enable = true;
-        openFirewall = true;
-        keyFile = config.sops.secrets."matrix/livekit/keyFile".path;
-
-        settings = {
-          port = livekitPort;
-          rtc = {
-            port_range_start = livekitRtcPortStart;
-            port_range_end = livekitRtcPortEnd;
-          };
-        };
-      };
-
-      # lk-jwt-service: bridges Matrix OpenID tokens to LiveKit JWTs
-      services.lk-jwt-service = {
-        enable = true;
-        livekitUrl = "wss://call.${matrixDomain}/livekit/sfu";
-        keyFile = config.sops.secrets."matrix/livekit/keyFile".path;
-        port = lkJwtPort;
-      };
-
-      # Allow lk-jwt-service (DynamicUser) to read the secrets file
-      systemd.services.lk-jwt-service.serviceConfig.SupplementaryGroups = [ "livekit-secrets" ];
-    };
-}
diff --git a/secrets/secrets-loptland.yaml b/secrets/secrets-loptland.yaml
index b9e4d11..effcc4c 100644
--- a/secrets/secrets-loptland.yaml
+++ b/secrets/secrets-loptland.yaml
@@ -24,8 +24,6 @@ matrix:
     registrationSharedSecret: ENC[AES256_GCM,data:6IBlAfQhWlywWo/l8u5gAfW7bTgXwrAyk8WBBWkJQK+FL9LvUU5hDscozHrPIiRRzZdyeoAZ7phirDk3kN9E6Q==,iv:arZaxnIEUU3psaV8PqKAb46nlq73r2SAVlmCY+y+HB0=,tag:X/zsAtryEfl2PHKQ6GQfbg==,type:str]
     mautrix-discord:
         botToken: ENC[AES256_GCM,data:IrYMnUNorLK8853LXubpaXX2LwKbtlsdQzDHoeUq1VLyeH6Kz2CdnOV7UfuR4I0oEXBvw16PS+aBqjQCLcWGgXdTInEmq7lJ,iv:FmPlP1ZTdTTVcJeO0sKwiyaJ9KrZ8jbbyEiCK+O2XuI=,tag:Z+gVRNC34XV2OAUJcburIQ==,type:str]
-    livekit:
-        keyFile: ENC[AES256_GCM,data:h7pIrLswWJhS5vkcvVquMCFC/prCVavCJWUck7W6x7emH+qalXxmMxPnkCskFr163re+Y04PuOsrtFe4,iv:8BDrFPDhC5UHAzGUZ77hzNQh2RuMzdWphLXt9WI54gk=,tag:66MGl67bpOF/3n/vzYUOuw==,type:str]
 sops:
     age:
         - recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47
@@ -46,7 +44,7 @@ sops:
             czdSTjNGSEpURlZEUTlIaUtGQUk5cW8KvylMTgtmHNvGnN7DonAsYQZB31mVli75
             3OTN+mOetq2YNxh/Se7vqzwbZnshfTDk9nJi9bKZQhBt2nYR8eLRkg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-26T15:57:42Z"
-    mac: ENC[AES256_GCM,data:gyiA6KTHS6I/geGuAldEHibD9TXKSW25k5hF+Ay1vFHdvjBqwvZ2ExOh/mgTz9qvE3FC24R2le8BTQbRvymWaE6wulzNEuzh3KoQHdsJpVWUIfizESj3Nt83WmJPr4jW7suTslhXdFHU3a1RTOHkiqARZtg9HdWg/Wo8gsLkXLU=,iv:L0aEQkQ5pyPKzVxbWrOYtIszV/AapdsdSI0yH7+xqrI=,tag:xvKEcWMfy1GnU4p1OfH1lA==,type:str]
+    lastmodified: "2026-03-26T12:52:45Z"
+    mac: ENC[AES256_GCM,data:ObHBFxdJlDrJJY9y+yRAJ+7lnBbIpAzV53Jc6BR5lvuwywu1LgPTigqs2YgK8Nnl7GSsW84s4ewN+aYj5UANx47iylSCyIQmfLz56d8r6REjNtH/hnRyoR7s2tFHE8FYlsW9P2PNSNBkjkPovWrPBejZ4ZmZdhaXbCx/13tJXU8=,iv:X6FyE7S5uo0fwluFtpUraiLJQ4FMbAMBiMaaggPaWdY=,tag:VEHWZ8QMGulYs0h+Q1CAvA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.12.2