diff --git a/manifests/setup.pp b/manifests/setup.pp
index be1dd1bb27fe6053cb85a5fa60717ffaeec99522..5dd737bfc8212080f5456337602b315ecfbdf2ac 100644
--- a/manifests/setup.pp
+++ b/manifests/setup.pp
@@ -1,6 +1,17 @@
 class irc_bouncer::setup {
   require ::irc_bouncer::pre
-  require ::profiles::lysator_repo
+
+  file { [
+    '/var/lib/znc',
+    '/var/lib/znc/configs',
+    '/var/lib/znc/mobdata',
+    '/var/lib/znc/moddata/cyrusauth',
+    '/var/lib/znc/moddata/identfile',
+  ]:
+    ensure => directory,
+    owner  => 'znc',
+  }
+
 
   # We use a self-packaged version of ZNC, whose package source is
   # available at:
@@ -45,11 +56,6 @@ class irc_bouncer::setup {
     groups  => [ 'sasl', ],
   }
 
-  file { '/var/lib/znc':
-    ensure => directory,
-    owner  => 'znc',
-  }
-
   file { '/var/lib/znc/configs/znc.conf':
     ensure  => present,
     replace => no,
@@ -85,52 +91,6 @@ class irc_bouncer::setup {
     args => ['saslauthd'],
   }
 
-  # Letsencrypt challenge is done through DNS since the ZNC webserver
-  # is to inflexible, and I neither want to front it just for certs,
-  # and I don't want to stop ZNC just for updating certs.
-
-  # https://certbot-dns-rfc2136.readthedocs.io/en/stable/
-
-  # Secret is manually generated on the nameserver, and placed in the
-  # appropriate dns config file.
-  # $ tsig-keygen -a hmac-sha256 verdigris.lysator.liu.se
-
-  class { '::letsencrypt':
-    config  => {
-      email => 'hugo@lysator.liu.se',
-    }
-  }
-  # TODO dynamic dns updtae fails since the DNS server manually writes
-  # the zone file, disregarding the journal. Update Lysators DNS
-  # server to not do that.
-  -> class { '::letsencrypt::plugin::dns_rfc2136':
-    # address of ns-master.lysator.liu.se
-    # Since the python can't handle DNS...
-    server              => '2001:6b0:17:f0a0::2',
-    key_name            => $facts['fqdn'],
-    key_algorithm       => 'HMAC-SHA256',
-    # TODO don't publish secret here
-    key_secret          => 'YHR7/5gOkdPF64GwWRu6Ge8jcjz8siqCWIy/G8FsVzw=',
-    propagation_seconds => 10,
-    manage_package      => true,
-  }
-  # TODO znc probably needs to be reloaded after cert upgrade
-  -> letsencrypt::certonly { $certname:
-    ensure          => 'present',
-    domains         => [ $facts['fqdn'], ],
-    plugin          => 'dns-rfc2136',
-    manage_cron     => true,
-    additional_args => [ '--quiet', ],
-  }
-
-  # TODO files in archive is still not readable by znc
-  file { ['/etc/letsencrypt/live',
-          '/etc/letsencrypt/archive', ]:
-    ensure => directory,
-    mode   => '0750',
-    group  => 'znc',
-  }
-
   file { '/var/lib/znc/moddata/cyrusauth/.registry':
     ensure  => file,
     content => "CreateUser true\n",