diff --git a/flake.lock b/flake.lock
index 0338f69f..5774a4b6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -198,11 +198,11 @@
         "zentralwerk-network-key": "zentralwerk-network-key"
       },
       "locked": {
-        "lastModified": 1632346528,
-        "narHash": "sha256-NHRRcKxdz4JRs7h0L1w+8NQXxhm+pCJyrypnLmy+bWg=",
+        "lastModified": 1632576605,
+        "narHash": "sha256-LDMtUOVEPYBfIQ16pyFe+LeZjnFLn8UJsrkCCrBZuZc=",
         "ref": "master",
-        "rev": "44094c1346080aa18ec0e212b29529bbea766188",
-        "revCount": 1181,
+        "rev": "a2a04a54bd4f5e110f511b996bfb2463ff891932",
+        "revCount": 1182,
         "type": "git",
         "url": "https://gitea.c3d2.de/zentralwerk/network.git"
       },
diff --git a/host-registry.nix b/host-registry.nix
index 6a27e840..2d417f5d 100644
--- a/host-registry.nix
+++ b/host-registry.nix
@@ -117,8 +117,6 @@ rec {
       ip4 = "172.20.73.45";
       ip6 = "2a00:8180:2c00:282:1024:5fff:febd:9be7";
     };
-
-    radiobert.ip4 = "172.22.99.154";
   };
 
   hqGlobal = builtins.attrNames hosts;
diff --git a/hosts/containers/public-access-proxy/default.nix b/hosts/containers/public-access-proxy/default.nix
index 4fe7cf93..6dbff9a4 100644
--- a/hosts/containers/public-access-proxy/default.nix
+++ b/hosts/containers/public-access-proxy/default.nix
@@ -43,6 +43,10 @@
         hostNames = [ "mobilizon.c3d2.de" ];
         proxyTo.host = hostRegistry.hosts.mobilizon.ip4;
       }
+      {
+        hostNames = [ "sdr.c3d2.de" ];
+        proxyTo.host = hostRegistry.hosts.radiobert.ip4;
+      }
     ];
   };
 
diff --git a/hosts/radiobert/default.nix b/hosts/radiobert/default.nix
index f0c1cced..23e43d49 100644
--- a/hosts/radiobert/default.nix
+++ b/hosts/radiobert/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ hostRegistry, config, lib, pkgs, modulesPath, ... }:
 
 {
   boot.initrd.availableKernelModules = [ "usbhid" ];
@@ -47,11 +47,7 @@
     firmwareSize = 512;
   };
 
-  c3d2 = {
-    isInHq = true;
-    mapHqHosts = true;
-    hq.interface = "eth0";
-  };
+  c3d2.isInHq = false;
 
   nix = {
     buildCores = 4;
@@ -60,15 +56,13 @@
 
   networking = {
     hostName = "radiobert"; # Define your hostname.
-
-    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-    # Per-interface useDHCP will be mandatory in the future, so this generated config
-    # replicates the default behaviour.
     useDHCP = false;
-    interfaces.eth0.useDHCP = true;
-    interfaces.wlan0.useDHCP = true;
-    # TODO
-    firewall.enable = false;
+    interfaces.eth0.ipv4.addresses = [{
+      address = hostRegistry.hosts.${config.networking.hostName}.ip4;
+      prefixLength = 26;
+    }];
+    defaultGateway = "172.20.73.1";
+    firewall.allowedTCPPorts = [ 22 80 443 ];
   };
 
   services.openwebrx.enable = true;
@@ -105,6 +99,16 @@
     extraGroups = [ "wheel" "audio" ];
   };
 
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts."sdr.hq.c3d2.de" = {
+      default = true;
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://localhost:8073";
+    };
+  };
   security.acme = {
     acceptTerms = true;
     email = "mail@c3d2.de";