diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix
index a8bbeee..7ee705a 100644
--- a/containers/amethyst/flake.nix
+++ b/containers/amethyst/flake.nix
@@ -17,6 +17,11 @@
         internalInterfaces = [ "ve-+" ];
       };
 
+      services.nginx.virtualHosts."amethyst.local.lava.moe" = {
+        locations."/".proxyPass = "http://10.30.${subnet}.2:9091";
+        listenAddresses = [ "10.0.0.0/24" "fd0d::/16" ];
+      };
+
       systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
       containers.${name} = {
         autoStart = true;
diff --git a/hosts/dandelion/transmission-container.nix b/hosts/dandelion/transmission-container.nix
deleted file mode 100644
index e3ee5ae..0000000
--- a/hosts/dandelion/transmission-container.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{ lib, modules, pkgs, gcSecrets, ... }: {
-  networking.nat = {
-    enable = true;
-    internalInterfaces = [ "ve-+" ];
-    externalInterface = "enp0s6";
-  };
-
-  networking.firewall = {
-    extraCommands = ''
-        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE
-    '';
-    extraStopCommands = ''
-        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE || true
-    '';
-  };
-
-  services.nginx.virtualHosts."tr.dandelion.gw.lava.moe" = {
-    locations."/".proxyPass = "http://10.25.0.11:9091";
-  };
-
-  containers.transmission = {
-    autoStart = true;
-    privateNetwork = true;
-    hostAddress = "10.25.0.10";
-    localAddress = "10.25.0.11";
-    bindMounts."vpn" = {
-      hostPath = "/persist/aus.conf";
-      mountPoint = "/vpn.conf";
-      isReadOnly = true;
-    };
-    bindMounts."transmission" = {
-      hostPath = "/persist/transmission";
-      mountPoint = "/persist/transmission";
-      isReadOnly = false;
-    };
-    config = {
-      system.stateVersion = "23.11";
-      networking.wg-quick.interfaces.wg0 = {
-        configFile = "/vpn.conf";
-        preUp = ''
-          # Try to access the DNS for up to 300s
-          for i in {1..60}; do
-            ${pkgs.iputils}/bin/ping -c1 'google.com' && break
-            echo "Attempt $i: DNS still not available"
-            sleep 5s
-          done
-        '';
-      };
-
-      networking.firewall.enable = false;
-      # https://github.com/NixOS/nixpkgs/issues/258793
-      systemd.services.transmission.serviceConfig = {
-          BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
-          RootDirectoryStartOnly = lib.mkForce false;
-          RootDirectory = lib.mkForce "";
-          PrivateMounts = lib.mkForce false;
-          PrivateUsers = lib.mkForce false;
-      };
-      imports = [ modules.services.transmission ];
-      services.transmission.settings = {
-        rpc-host-whitelist-enabled = false;
-        rpc-whitelist = lib.mkForce "10.100.0.*,10.0.0.*,10.25.0.*,192.168.100.*";
-        rpc-username = gcSecrets.transmission.username;
-        rpc-password = gcSecrets.transmission.password;
-      };
-    };
-  };
-}