diff --git a/.envrc b/.envrc
deleted file mode 100644
index 8392d15..0000000
--- a/.envrc
+++ /dev/null
@@ -1 +0,0 @@
-use flake
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 2718357..b629ca6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,2 @@
 *~
-result
-/.direnv/
+result
\ No newline at end of file
diff --git a/tide.nix b/tide.nix
index 80f5fdd..fac2eba 100644
--- a/tide.nix
+++ b/tide.nix
@@ -11,7 +11,7 @@
     # Reuse the wildcard cert already issued for *.${domainName}
     # in configuration.nix instead of requesting a new one per
     # subdomain.
-    nginx.useACMEHost = null;
+    nginx.useACMEHost = domainName;
   };
 
   # Don't fail evaluation when secrets/tide.yaml is missing (e.g.
@@ -20,14 +20,6 @@
   # the file is absent, which is the right place for that failure.
   sops.validateSopsFiles = false;
 
-  # Use the host's age key generated with age-keygen, not the
-  # SSH-host-key-derived identity sops-nix falls back to by default.
-  # The encrypted file's recipient is the public key paired with
-  # this private key.
-  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
-  sops.age.sshKeyPaths = [ ];
-  sops.gnupg.sshKeyPaths = [ ];
-
   sops.secrets."tide-env" = {
     sopsFile = ./secrets/tide.yaml;
     # phpfpm reads this via EnvironmentFile, which runs as root