diff --git a/home-server.nix b/home-server.nix
index 291581b..85a513e 100644
--- a/home-server.nix
+++ b/home-server.nix
@@ -21,7 +21,6 @@ in with builtins; {
     # ./services/kodi.nix
     ./services/jellyfin.nix
     ./services/etebase.nix
-    ./services/mosquitto.nix
     ./services/genie.nix
     ./services/home-assistant
     ./services/esphome.nix
@@ -89,7 +88,6 @@ in with builtins; {
       "photos.felschr.com"
       "books.felschr.com"
       "news.felschr.com"
-      "mqtt.felschr.com"
       "etebase.felschr.com"
       "paperless.felschr.com"
     ];
diff --git a/secrets/mqtt/hass.age b/secrets/mqtt/hass.age
deleted file mode 100644
index f700407..0000000
Binary files a/secrets/mqtt/hass.age and /dev/null differ
diff --git a/secrets/mqtt/tasmota.age b/secrets/mqtt/tasmota.age
deleted file mode 100644
index 99a7160..0000000
Binary files a/secrets/mqtt/tasmota.age and /dev/null differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1869b33..eca37ef 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -18,8 +18,6 @@ in {
   "restic/password.age".publicKeys = [ felschr home-pc home-server pilot1 ];
   "smtp.age".publicKeys = [ felschr home-pc home-server ];
   "samba.age".publicKeys = [ felschr home-pc home-server ];
-  "mqtt/hass.age".publicKeys = [ felschr home-pc home-server ];
-  "mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ];
   "cloudflare.age".publicKeys = [ felschr home-pc home-server ];
   "etebase-server.age".publicKeys = [ felschr home-pc home-server ];
   "calibre-web/htpasswd.age".publicKeys = [ felschr home-pc home-server ];
diff --git a/services/home-assistant/default.nix b/services/home-assistant/default.nix
index 3c85084..26099ff 100644
--- a/services/home-assistant/default.nix
+++ b/services/home-assistant/default.nix
@@ -4,7 +4,6 @@ with pkgs;
 
 let
   port = config.services.home-assistant.config.http.server_port;
-  mqttPort = 1883;
   geniePort = 3232;
 in {
   # just installed for ConBee firmware updates
@@ -30,7 +29,6 @@ in {
     extraComponents = [
       "default_config"
       "otp"
-      "mqtt"
       "esphome"
       "homekit_controller"
       "fritz"
diff --git a/services/mosquitto.nix b/services/mosquitto.nix
deleted file mode 100644
index 70bbba0..0000000
--- a/services/mosquitto.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ config, pkgs, ... }:
-
-with pkgs;
-
-let
-  port = 1883;
-  wsPort = 9001;
-
-  mkSecret = file: {
-    inherit file;
-    owner = "mosquitto";
-  };
-in {
-  age.secrets = {
-    mqtt-felix = mkSecret ../secrets/mqtt/felix.age;
-    mqtt-birgit = mkSecret ../secrets/mqtt/birgit.age;
-    mqtt-hass = mkSecret ../secrets/mqtt/hass.age;
-    mqtt-tasmota = mkSecret ../secrets/mqtt/tasmota.age;
-  };
-
-  services.nginx = {
-    virtualHosts."mqtt.felschr.com" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://localhost:${toString wsPort}";
-        proxyWebsockets = true;
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ port ];
-
-  services.mosquitto = {
-    enable = true;
-    listeners = [{
-      port = port;
-      users = {
-        "hass" = {
-          acl = [ "readwrite homeassistant/#" "readwrite tasmota/#" ];
-          hashedPasswordFile = config.age.secrets.mqtt-hass.path;
-        };
-        "tasmota" = {
-          acl = [ "readwrite tasmota/#" "readwrite homeassistant/#" ];
-          hashedPasswordFile = config.age.secrets.mqtt-tasmota.path;
-        };
-      };
-    }];
-  };
-}