diff --git a/.github/workflows/vyos-build.yaml b/.github/workflows/vyos-build.yaml
deleted file mode 100644
index d8c8680b..00000000
--- a/.github/workflows/vyos-build.yaml
+++ /dev/null
@@ -1,144 +0,0 @@
----
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: "VyOS Build"
-
-on:
-  workflow_dispatch:
-    inputs:
-      version:
-        description: VyOS version to build
-        # renovate: datasource=github-tags depName=vyos/vyos-1x
-        default: "1.4.0-epa1"
-        required: true
-      type:
-        description: VyOS version type
-        type: choice
-        options: ["lts", "rolling"]
-        required: true
-      debian:
-        description: |
-          Debian version codename
-          (only used by custom packages' APT repos)
-        default: "bookworm"
-        required: true
-      docker:
-        description: vyos-build image tag (`sagitta`/`current`/custom)
-        # type: choice
-        # options: ["sagitta", "current"]
-        type: string
-        required: false
-  push:
-    branches: ["main"]
-    paths:
-      - vyos/build.sh
-      - .github/workflows/vyos-build.yaml
-
-env:
-  VYOS_BUILDER: "${{ github.repository_owner }}"
-  # renovate: datasource=github-tags depName=vyos/vyos-1x
-  VYOS_VERSION: "1.4.0-epa1"
-  VYOS_VERSION_TYPE: "${{ github.event.inputs.type || 'lts' }}"
-  VYOS_ARCH: "amd64"
-  DEBIAN_CODENAME: "${{ github.event.inputs.debian || 'bookworm' }}"
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    container:
-      image: "docker.io/vyos/vyos-build:${{ github.event.inputs.docker || 'sagitta' }}"
-      options: --privileged
-    steps:
-      - name: "Setup variables"
-        id: "vars"
-        shell: "bash"
-        run: |
-          echo "VYOS_BUILD_TIME=$(date +%Y%m%d%H%M)" >> "${GITHUB_ENV}"
-          echo "VYOS_VERSION=${{ github.event.inputs.version || env.VYOS_VERSION }}" >> "${GITHUB_ENV}"
-
-      - name: "Generate Short Lived OAuth App Token (ghs_*)"
-        uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3
-        id: oauth-token
-        with:
-          app-id: "${{ secrets.BOT_APP_ID }}" # $BOT_APP_ID is found in GitHub App main settings page
-          private-key: "${{ secrets.BOT_JWT_PRIVATE_KEY }}" # $BOT_JWT_PRIVATE_KEY is generated in GitHub App main settings page, uses the X.509 private key format
-
-      - name: Checkout
-        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
-        with:
-          token: "${{ steps.oauth-token.outputs.token }}"
-
-      - name: Build
-        shell: bash
-        run: |
-          sudo \
-            VYOS_VERSION=${{ env.VYOS_VERSION }} \
-            VYOS_VERSION_TYPE=${{ env.VYOS_VERSION_TYPE }} \
-            VYOS_ARCH=${{ env.VYOS_ARCH }} \
-            VYOS_BUILDER=${{ env.VYOS_BUILDER }} \
-            VYOS_BUILD_TIME=${{ env.VYOS_BUILD_TIME }} \
-            DEBIAN_CODENAME=${{ env.DEBIAN_CODENAME }} \
-            bash ./vyos/build.sh
-
-      - name: Upload output ISO as artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
-        with:
-          name: "vyos-v${{ env.VYOS_VERSION }}-${{ env.VYOS_VERSION_TYPE }}-${{ env.VYOS_BUILDER }}-${{ env.VYOS_BUILD_TIME }}-${{ env.VYOS_ARCH }}-iso"
-          path: "./vyos-build/build/vyos-${{ env.VYOS_VERSION }}-${{ env.VYOS_VERSION_TYPE }}-${{ env.VYOS_BUILDER }}-${{ env.VYOS_BUILD_TIME }}-${{ env.VYOS_ARCH }}.iso"
-
-  upload:
-    needs: build
-    runs-on: ubuntu-latest
-    container:
-      image: "docker.io/rclone/rclone:1.66.0@sha256:c89de48cf43e665006077db2ebe47a52ab0f1d6846659f0ca6a0cb01b5559b85" # must be at least Alpine base, because of scripting
-    steps:
-      - name: Download ISO artifact
-        uses: actions/download-artifact@v4
-      - name: "Upload to Cloudflare R2"
-        env:
-          # backend config
-          RCLONE_CONFIG_R2_TYPE: "s3"
-          RCLONE_CONFIG_R2_PROVIDER: "Cloudflare"
-          RCLONE_CONFIG_R2_ENV_AUTH: "true"
-          RCLONE_CONFIG_R2_ENDPOINT: "${{ secrets.R2_ENDPOINT }}"
-          RCLONE_CONFIG_R2_NO_CHECK_BUCKET: "true" # needed for single file copyto bucket root, https://github.com/rclone/rclone/issues/5271 https://forum.rclone.org/t/issue-using-copyto-for-single-files/38842
-          AWS_ACCESS_KEY_ID: "${{ secrets.VYOS_BUILD_R2_ID }}"
-          AWS_SECRET_ACCESS_KEY: "${{ secrets.VYOS_BUILD_R2_KEY }}"
-          # verbosity
-          RCLONE_PROGRESS: "true"
-          # reducing S3 API costs
-          RCLONE_FAST_LIST: "true"
-          RCLONE_UPDATE: "true"
-          RCLONE_USE_SERVER_MODTIME: "true"
-        run:
-          | # first copies ISO as is, then copies ISO with common "latest" filename (with some filters to avoid hardcoding and safeguard against uploading the wrong thing if somehow >1 file), then deletes files older than the past 5 number of files under that arch and builder name
-          for i in $(find . -type f -iname "*.iso"); do mv $i ./; done
-          ls -AlhR .
-          export FILE=$(find . -type f | tail -n 1)
-          echo "File to upload:"
-          echo "${FILE}"
-          rclone copy ./ r2:vyos-build/
-          rclone copyto r2:vyos-build/${FILE} r2:vyos-build/${{ env.VYOS_VERSION_TYPE }}-${{ env.VYOS_ARCH }}.iso
-          rclone lsf --format=p r2:vyos-build | grep "${{ env.VYOS_VERSION_TYPE }}" | grep "${{ env.VYOS_BUILDER }}" | grep "${{ env.VYOS_ARCH }}" | tail -n +3 | rclone delete --files-from - r2:vyos-build
-          rclone cleanup r2:vyos-build
-
-      # OLD CHANGELOG, TODO: maybe add this as a CHANGELOG.md to R2 bucket?
-      #     body: |
-      #       # WARNING
-      #       PLEASE **DO NOT USE** MY IMAGES/ISO UNLESS YOU WANT SOME POTENTIALLY JANKY STUFF!
-      #       I **WILL NOT** BE PROVIDING ANY HELP OR SUPPORT OR WARRANTY, **YOU'RE ON YOUR OWN**!
-      #       This is for my own consumption only.
-
-      #       **YOU HAVE BEEN WARNED!**
-
-      #       # Changelog
-      #       Official VyOS Changelog:
-      #       https://docs.vyos.io/en/latest/changelog/1.4.html
-
-      #       # Extra package versions
-      #       SOPS: ${{ env.SOPS_VERSION }}
-      #       vyaml: ${{ env.VYAML_VERSION }}
-      #       Atuin: ${{ env.ATUIN_VERSION }}
-      #       Task: ${{ env.TASK_VERSION }}
-      #       Duo Unix: ${{ env.DUO_VERSION }}
diff --git a/vyos/build.sh b/vyos/build.sh
deleted file mode 100755
index d50842a3..00000000
--- a/vyos/build.sh
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/usr/bin/env bash
-
-if [[ -z "${VYOS_VERSION}" ]]; then
-    # renovate: datasource=github-tags depName=vyos/vyos-1x
-    export VYOS_VERSION="1.3.6"
-fi
-VYOS_VERSION_TYPE="${VYOS_VERSION_TYPE:=lts}"
-VYOS_URL="${VYOS_URL:=https://github.com/vyos/vyos-build}"
-VYOS_ARCH="${VYOS_ARCH:=amd64}"
-VYOS_BUILD_TIME="${VYOS_BUILD_TIME:="$(date +%Y%m%d%H%M)"}"
-DEBIAN_CODENAME=${DEBIAN_CODENAME:=bookworm} # only used by custom packages' APT repos like Duo Unix
-
-# renovate: datasource=github-releases depName=getsops/sops
-SOPS_VERSION="v3.8.1"
-SOPS_VERSION="${SOPS_VERSION#*v}"
-
-# renovate: datasource=github-releases depName=p3lim/vyaml
-VYAML_VERSION="0.2.6"
-
-# renovate: datasource=github-releases depName=atuinsh/atuin
-ATUIN_VERSION="v18.0.2"
-ATUIN_VERSION="${ATUIN_VERSION#*v}"
-
-# renovate: datasource=github-releases depName=go-task/task
-TASK_VERSION="v3.35.1"
-TASK_VERSION="${TASK_VERSION#*v}"
-
-# renovate: datasource=github-releases depName=duosecurity/duo_unix
-DUO_VERSION="duo_unix-2.0.3"
-DUO_VERSION="${DUO_VERSION#*duo_unix-}"
-
-# renovate: datasource=github-releases depName=tailscale/tailscale
-TAILSCALE_VERSION="v1.60.1"
-TAILSCALE_VERSION="${TAILSCALE_VERSION#*v}"
-
-echo "STAGE 1: Clone vyos-build Git repository, with ${VYOS_VERSION} tag"
-echo "=========="
-git clone --depth=1 --branch "${VYOS_VERSION}" "${VYOS_URL}" ./vyos-build
-cd ./vyos-build
-VYOSDIR=$(pwd)
-git switch -c "${VYOS_VERSION}" # T6064
-mkdir -p ${VYOSDIR}/build ${VYOSDIR}/packages
-ls -AlhR ${VYOSDIR} # debug
-
-echo "STAGE 2: Download packages outside of Debian & VyOS repos"
-echo "=========="
-cd ${VYOSDIR}/packages
-curl -vLO "https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops_${SOPS_VERSION}_${VYOS_ARCH}.deb"
-curl -vL -o ./vyaml_${VYAML_VERSION}_${VYOS_ARCH}.deb "https://github.com/p3lim/vyaml/releases/download/${VYAML_VERSION}/vyaml-${VYOS_ARCH}.deb"
-curl -vLO "https://github.com/atuinsh/atuin/releases/download/v${ATUIN_VERSION}/atuin_${ATUIN_VERSION}_${VYOS_ARCH}.deb"
-curl -vLO "https://github.com/go-task/task/releases/download/v${TASK_VERSION}/task_linux_${VYOS_ARCH}.deb"
-curl -vO "https://pkgs.tailscale.com/stable/debian/pool/tailscale_${TAILSCALE_VERSION}_${VYOS_ARCH}.deb"
-curl -vO "https://pkg.duosecurity.com/Debian/dists/${DEBIAN_CODENAME}/main/binary-${VYOS_ARCH}/duo-unix_${DUO_VERSION}-0_amd64.deb" # TODO: better solution to this than assuming the -0 version suffix
-curl -vO "https://downloads.1password.com/linux/debian/${VYOS_ARCH}/stable/1password-cli-${VYOS_ARCH}-latest.deb" # always use latest 1Password CLI version for security reasons
-OP_VERSION=$(dpkg-deb --field ./1password-cli-${VYOS_ARCH}-latest.deb version)
-mv ./1password-cli-${VYOS_ARCH}-latest.deb ./1password-cli_${OP_VERSION}_${VYOS_ARCH}.deb
-cd ${VYOSDIR}
-
-# script assumes running as sudo/root
-echo "STAGE 3: Build VyOS ISO"
-echo "=========="
-make clean
-ls -AlhR ${VYOSDIR}/packages # debug
-./build-vyos-image iso \
-    --architecture "${VYOS_ARCH}" \
-    --build-by "${VYOS_BUILDER:=custom}" \
-    --build-type "${VYOS_BUILD_TYPE:=release}" \
-    --build-comment "Biohazardous VyOS" \
-    --version "${VYOS_VERSION}-${VYOS_VERSION_TYPE}-${VYOS_BUILDER:=custom}-${VYOS_BUILD_TIME}" \
-    --custom-package "iptables" \
-    --custom-package "jo" \
-    --custom-package "moreutils" \
-    --custom-package "tree" \
-    --custom-package "tmux" \
-    --custom-package "fish" \
-    --custom-package "iotop" \
-    --custom-package "btop" \
-    --custom-package "neovim" \
-    # VyOS doesn't build kernel with zram :(
-    # --custom-package "zram-tools" \
-    # --custom-package "systemd-zram-generator" # jank city