diff --git a/.forgejo/workflows/build_nixos_configs.yml b/.forgejo/workflows/build_nixos_configs.yml
index d4c2f5c..02bec45 100644
--- a/.forgejo/workflows/build_nixos_configs.yml
+++ b/.forgejo/workflows/build_nixos_configs.yml
@@ -17,7 +17,3 @@ jobs:
       - run: |
           echo 'Building configuration for ${{ matrix.system }}'
           nix build .#nixosConfigurations.${{ matrix.system }}.config.system.build.toplevel
-      - name: Push build to attic
-        run: |
-          attic login gospel https://attic.kilonull.com ${{ secrets.ATTIC_PUSH_SECRET }}
-          attic push gospel ./result
diff --git a/modules/nixos/services/atticd/default.nix b/modules/nixos/services/atticd/default.nix
index 48c9806..e78696e 100644
--- a/modules/nixos/services/atticd/default.nix
+++ b/modules/nixos/services/atticd/default.nix
@@ -5,7 +5,6 @@
   ...
 }:
 let
-  attic_cfg = config.services.atticd;
   cfg = config.${namespace}.services.atticd;
 in
 {
@@ -23,7 +22,6 @@ in
 
   config = lib.mkIf cfg.enable {
     age.secrets.atticd.file = ../../../../secrets/atticd.age;
-
     services.atticd = {
       enable = true;
       # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. Generate it with openssl genrsa -traditional 4096 | base64 -w0.
@@ -41,27 +39,9 @@ in
         api-endpoint = "https://attic.kilonull.com/";
         listen = "[::]:8080";
         garbage-collection.retention-period = "30d";
-        database.url = "postgresql://atticd/?host=/run/postgresql";
       };
     };
 
-    services.postgresql = {
-      enable = true;
-      ensureDatabases = [ "atticd" ];
-      ensureUsers = [
-        {
-          name = attic_cfg.user;
-          ensureDBOwnership = true;
-        }
-      ];
-      identMap = ''
-        attic attic attic
-      '';
-      authentication = ''
-        local all attic peer map=attic
-      '';
-    };
-
     services.nginx = {
       enable = true;
       virtualHosts."attic.kilonull.com" = {