diff --git a/README.md b/README.md
index 8b0ee33..13acbdf 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,6 @@ All services below are running under Docker, except NSD and Borg.
 - Jitsi Meet (https://meet.jit.si)
 - Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
 - RSS feed reader using [FreshRSS](https://miniflux.app/)
-- Metrics using [Prometheus](https://prometheus.io/)
 
 ## Possible future services
 
@@ -35,12 +34,12 @@ All services below are running under Docker, except NSD and Borg.
 ## TODO
 
 - Clear view of what services + which versions we are running. This way, we can track security updates better.
+- Delegate pim.kunis.nl to my server
 - Host tobb website?
 - Move from Ubuntu to Debian
-- move to pim.kunis.nl
 - security.txt
 - Podman
-- Replace watchtower with Podman features
+- Remove watchtower with Podman features
 
 ### NSD
 
diff --git a/inventory/group_vars/homeserver.yml b/inventory/group_vars/homeserver.yml
index 0517db2..6b91532 100644
--- a/inventory/group_vars/homeserver.yml
+++ b/inventory/group_vars/homeserver.yml
@@ -2,5 +2,3 @@ base_data_dir: /data
 base_service_dir: /srv
 jitsi_videobridge_port: 54562
 git_ssh_port: 56287
-prometheus_port: 8081
-traefik_api_port: 8080
diff --git a/playbooks/all.yml b/playbooks/all.yml
index 7667947..502f97f 100644
--- a/playbooks/all.yml
+++ b/playbooks/all.yml
@@ -15,7 +15,6 @@
     - {role: 'freshrss', tags: 'freshrss'}
     - {role: 'blog', tags: 'blog'}
     - {role: 'inbucket', tags: 'inbucket'}
-    - {role: 'prometheus', tags: 'prometheus'}
 - name: Setup dataserver
   hosts: dataserver
   roles:
diff --git a/roles/forgejo/templates/docker-compose.yml.j2 b/roles/forgejo/templates/docker-compose.yml.j2
index dd0464a..6e40051 100644
--- a/roles/forgejo/templates/docker-compose.yml.j2
+++ b/roles/forgejo/templates/docker-compose.yml.j2
@@ -24,7 +24,7 @@ services:
       - traefik.http.routers.forgejo.rule=Host(`git.pizzapim.nl`)
       - traefik.http.routers.forgejo.tls=true
       - traefik.http.routers.forgejo.tls.certresolver=pizzapim
-      - traefik.http.routers.forgejo.service=forgejo
+      - traefik.tcp.routers.forgejo.service=forgejo
       - traefik.http.services.forgejo.loadbalancer.server.port=3000
 
       - traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)
diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl
index a4a6e4c..5758df5 100644
--- a/roles/nsd/files/zones/pizzapim.nl
+++ b/roles/nsd/files/zones/pizzapim.nl
@@ -1,7 +1,7 @@
 $ORIGIN pizzapim.nl.
 $TTL 60
 
-pizzapim.nl.	IN 	SOA	ns.pizzapim.nl. pim.kunis.nl. 2023020701 1800 3600 1209600 3600
+pizzapim.nl.	IN 	SOA	ns.pizzapim.nl. pim.kunis.nl. 2023012200 1800 3600 1209600 3600
 
 			NS	ns.pizzapim.nl.
 			NS	ns0.transip.net.
@@ -18,8 +18,10 @@ www		IN	A	84.245.14.149
 			AAAA	2a02:58:19a:f730:b62e:99ff:fe77:1bda
 ns		IN	A	84.245.14.149
 			AAAA	2a02:58:19a:f730:b62e:99ff:fe77:1bda
+cloud		IN	CNAME	www.pizzapim.nl.
 social		IN	CNAME	www.pizzapim.nl.
 dav		IN	CNAME	www.pizzapim.nl.
 git		IN	CNAME	www.pizzapim.nl.
 meet            IN      CNAME   www.pizzapim.nl.
 rss             IN      CNAME   www.pizzapim.nl.
+traefik         IN      CNAME   www.pizzapim.nl.
diff --git a/roles/prometheus/meta/main.yml b/roles/prometheus/meta/main.yml
deleted file mode 100644
index 090690b..0000000
--- a/roles/prometheus/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-dependencies:
-  - role: common
-  - role: docker
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
deleted file mode 100644
index ede0033..0000000
--- a/roles/prometheus/tasks/main.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-- name: Create app directory
-  file:
-    path: "{{ service_dir }}"
-    state: directory
-- name: Copy Docker Compose script
-  template:
-    src: "{{ role_path }}/templates/docker-compose.yml.j2"
-    dest: "{{ service_dir }}/docker-compose.yml"
-- name: Copy prometheus.yml
-  template:
-    src: "{{ role_path }}/templates/prometheus.yml.j2"
-    dest: "{{ service_dir }}/prometheus.yml"
-  register: config
-- name: Start Docker Compose
-  docker_compose:
-    project_src: "{{ service_dir }}"
-    pull: true
-    remove_orphans: true
-    restarted: "{{ config.changed }}"
diff --git a/roles/prometheus/templates/docker-compose.yml.j2 b/roles/prometheus/templates/docker-compose.yml.j2
deleted file mode 100644
index 9b4b066..0000000
--- a/roles/prometheus/templates/docker-compose.yml.j2
+++ /dev/null
@@ -1,13 +0,0 @@
-version: "3.8"
-
-services:
-  prometheus:
-    image: prom/prometheus
-    container_name: prometheus
-    restart: always
-    volumes:
-      - "{{ service_dir }}/prometheus.yml:/etc/prometheus/prometheus.yml"
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-    ports:
-      - "{{ prometheus_port }}:9090"
diff --git a/roles/prometheus/templates/prometheus.yml.j2 b/roles/prometheus/templates/prometheus.yml.j2
deleted file mode 100644
index 333c3b0..0000000
--- a/roles/prometheus/templates/prometheus.yml.j2
+++ /dev/null
@@ -1,14 +0,0 @@
-global:
-  scrape_interval:     15s
-
-scrape_configs:
-
-  - job_name: 'prometheus'
-    scrape_interval: 5s
-    static_configs:
-      - targets: ['localhost:9090']
-
-  - job_name: 'traefik'
-    scrape_interval: 5s
-    static_configs:
-      - targets: ['host.docker.internal:{{ traefik_api_port }}']
diff --git a/roles/prometheus/vars/main.yml b/roles/prometheus/vars/main.yml
deleted file mode 100644
index 5894688..0000000
--- a/roles/prometheus/vars/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-service_name: prometheus
-data_dir: "{{ base_data_dir }}/{{ service_name }}"
-service_dir: "{{ base_service_dir }}/{{ service_name }}"
diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/roles/traefik/templates/docker-compose.yml.j2
index 1a85265..7db26ed 100644
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@@ -13,7 +13,6 @@ services:
       - "443:443"
       - "80:80"
       - "{{ git_ssh_port }}:{{ git_ssh_port }}"
-      - "{{ traefik_api_port }}:{{ traefik_api_port }}"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - {{ service_dir }}/traefik.toml:/etc/traefik/traefik.toml
@@ -30,6 +29,10 @@ services:
       - traefik.http.routers.esrom.tls=true
       - traefik.http.routers.esrom.tls.certresolver=geokunis
 
-      - traefik.http.routers.traefik.rule=Host(`max.lan`)
-      - traefik.http.routers.traefik.entrypoints=internal
+      - traefik.http.routers.traefik.rule=Host(`traefik.pizzapim.nl`)
+      - traefik.http.routers.traefik.entrypoints=websecure
+      - traefik.http.routers.traefik.tls=true
+      - traefik.http.routers.traefik.tls.certresolver=pizzapim
       - traefik.http.routers.traefik.service=api@internal
+      - traefik.http.routers.traefik.middlewares=whitelist-local
+      - "traefik.http.middlewares.whitelist-local.ipwhitelist.sourcerange=127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1,fc00::/7"
diff --git a/roles/traefik/templates/traefik.toml.j2 b/roles/traefik/templates/traefik.toml.j2
index d7fbb24..b07f315 100644
--- a/roles/traefik/templates/traefik.toml.j2
+++ b/roles/traefik/templates/traefik.toml.j2
@@ -13,17 +13,11 @@ loglevel = "DEBUG"
     address = ":{{ git_ssh_port }}"
   [entryPoints.video]
     address = ":{{ jitsi_videobridge_port }}/udp"
-  [entryPoints.internal]
-    address = ":{{ traefik_api_port }}"
 
 [api]
   insecure = false
   dashboard = true
 
-[metrics]
-  [metrics.prometheus]
-    entryPoint = "internal"
-
 [providers.docker]
   endpoint = "unix:///var/run/docker.sock"