diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix
index f477c99..4257725 100644
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@@ -21,8 +21,6 @@
 
     nixosModule = {
       lab = {
-        terraformDatabase.enable = true;
-
         storage = {
           osDisk = "/dev/sda";
           dataPartition = "/dev/nvme0n1p1";
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index a4ac397..20dc984 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -1,7 +1,6 @@
 {
   imports = [
     ./storage.nix
-    ./terraform-database
     ./ssh-certificates.nix
     ./k3s
     ./backups.nix
diff --git a/nixos/modules/terraform-database/default.nix b/nixos/modules/terraform-database/default.nix
deleted file mode 100644
index 1b749a1..0000000
--- a/nixos/modules/terraform-database/default.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ pkgs, lib, config, ... }:
-let cfg = config.lab.terraformDatabase;
-in {
-  options.lab.terraformDatabase.enable = lib.mkOption {
-    default = false;
-    type = lib.types.bool;
-    description = ''
-      Whether to start a postgreSQL database for Terraform states
-    '';
-  };
-
-  config = lib.mkIf cfg.enable {
-    networking.firewall.interfaces.${config.lab.networking.mainNicNamePattern}.allowedTCPPorts = [ 5432 ];
-
-    services.postgresql = {
-      enable = true;
-      ensureDatabases = [ "terraformstates" ];
-      package = pkgs.postgresql_15;
-      enableTCPIP = true;
-
-      dataDir = "${config.lab.storage.dataMountPoint}/postgresql/${config.services.postgresql.package.psqlSchema}";
-
-      authentication = ''
-        hostssl terraformstates terraform all cert
-      '';
-
-      settings =
-        let
-          serverCert = builtins.toFile "postgresql_server.crt"
-            (builtins.readFile ./postgresql_server.crt);
-        in
-        {
-          ssl = true;
-          ssl_cert_file = serverCert;
-          ssl_key_file = config.age.secrets."postgresql_server.key".path;
-          ssl_ca_file = serverCert;
-        };
-
-      ensureUsers = [{ name = "terraform"; }];
-    };
-
-    age.secrets."postgresql_server.key" = {
-      file = ../../secrets/postgresql_server.key.age;
-      mode = "400";
-      owner = builtins.toString config.ids.uids.postgres;
-      group = builtins.toString config.ids.gids.postgres;
-    };
-  };
-}
diff --git a/nixos/physical.nix b/nixos/physical.nix
index 540a6b4..72bdd94 100644
--- a/nixos/physical.nix
+++ b/nixos/physical.nix
@@ -37,8 +37,6 @@
 
     age.identityPaths = [ "/etc/age_ed25519" ];
 
-    virtualisation.libvirtd.enable = true;
-
     nix = {
       package = pkgs.nixFlakes;
       extraOptions = ''
diff --git a/nixos/secrets/postgresql_server.key.age b/nixos/secrets/postgresql_server.key.age
deleted file mode 100644
index afc4810..0000000
Binary files a/nixos/secrets/postgresql_server.key.age and /dev/null differ
diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix
index 577ba2e..ef9d1d2 100644
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -10,7 +10,6 @@ let
   encryptedFileNames = [
     "jefke_host_ed25519.age"
     "jefke_user_ed25519.age"
-    "postgresql_server.key.age"
     "atlas_host_ed25519.age"
     "atlas_user_ed25519.age"
     "lewis_host_ed25519.age"