diff --git a/modules/gitea-runner.nix b/modules/gitea-runner.nix
index ed007cf..8157f35 100644
--- a/modules/gitea-runner.nix
+++ b/modules/gitea-runner.nix
@@ -32,13 +32,6 @@ let
     # Add SSL CA certs
     mkdir -p $out/etc/ssl/certs
     cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt
-
-    # HACK: Add our k8s ca-issuer certs to container
-    chmod +w $out/etc/ssl/certs/ca-bundle.crt
-    cat << 'EOF' >> $out/etc/ssl/certs/ca-bundle.crt
-    ${lib.concatStringsSep "\n" config.security.pki.certificates}
-    EOF
-    ln -s ca-bundle.crt $out/etc/ssl/certs/ca-certificates.crt
   '';
 
   configuration = {
@@ -199,8 +192,8 @@ let
     services.gitea-actions-runner = {
       instances.nix = {
         enable = true;
-        name = "nix-runner";
-        url = "https://git.svc.hel1.obx";
+        name = "nix";
+        url = "https://git.oceanbox.io";
         # Obtaining the path to the runner token file may differ
         # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
         # tokenFile = config.age.secrets.gitea-runner-token.path;
@@ -214,8 +207,6 @@ let
             "-e PATH=/bin"
             "-e NIX_PATH=nixpkgs=${builtins.toString pkgs.path}"
             "-e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
-            "-e GIT_SSL_CAINFO=/etc/ssl/certs/ca-bundle.crt"
-            "-e NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-bundle.crt"
             "-v /nix:/nix"
             "-v ${storeDeps}/bin:/bin"
             "-v ${storeDeps}/etc/ssl:/etc/ssl"
diff --git a/tos/hashmap/default.nix b/tos/hashmap/default.nix
index 7b80aae..2453323 100644
--- a/tos/hashmap/default.nix
+++ b/tos/hashmap/default.nix
@@ -212,21 +212,21 @@
     '';
   };
 
-  security.pki.certificates = [
-    ''
-      -----BEGIN CERTIFICATE-----
-      MIIBijCCATCgAwIBAgIRAML2sKHuRRU3o+LiyniC3hEwCgYIKoZIzj0EAwIwFTET
-      MBEGA1UEChMKa3ViZXJuZXRlczAeFw0yNDAxMTUxMDU4MDRaFw0zNDAxMTIxMDU4
-      MDRaMBUxEzARBgNVBAoTCmt1YmVybmV0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMB
-      BwNCAARGTPqkfZeik3pQDZTEOercIIumiQ2PJ+DIHc1rHFZA6EFRXrQr7PZ6bQ+k
-      D0cBS1u0yFDrkEcbOflyT8e/HK51o2EwXzAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0l
-      BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
-      BBYEFIhf9uRytHnvdZSbeTjY6MFRk4VjMAoGCCqGSM49BAMCA0gAMEUCIQDDfa7E
-      JyLQDORiYilpKejnWF/Pxe4pGNQ4SRNLUUJcoAIgYVoSEsqOoH2Kdk92fkS+yxoT
-      m9H0cfSnZwsuwl6yETI=
-      -----END CERTIFICATE-----
-    ''
-  ];
+  # security.pki.certificates = [
+  #   ''
+  #     -----BEGIN CERTIFICATE-----
+  #     MIIBijCCATCgAwIBAgIRAML2sKHuRRU3o+LiyniC3hEwCgYIKoZIzj0EAwIwFTET
+  #     MBEGA1UEChMKa3ViZXJuZXRlczAeFw0yNDAxMTUxMDU4MDRaFw0zNDAxMTIxMDU4
+  #     MDRaMBUxEzARBgNVBAoTCmt1YmVybmV0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMB
+  #     BwNCAARGTPqkfZeik3pQDZTEOercIIumiQ2PJ+DIHc1rHFZA6EFRXrQr7PZ6bQ+k
+  #     D0cBS1u0yFDrkEcbOflyT8e/HK51o2EwXzAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0l
+  #     BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+  #     BBYEFIhf9uRytHnvdZSbeTjY6MFRk4VjMAoGCCqGSM49BAMCA0gAMEUCIQDDfa7E
+  #     JyLQDORiYilpKejnWF/Pxe4pGNQ4SRNLUUJcoAIgYVoSEsqOoH2Kdk92fkS+yxoT
+  #     m9H0cfSnZwsuwl6yETI=
+  #     -----END CERTIFICATE-----
+  #   ''
+  # ];
 
   imports = [
     ./users.nix