diff --git a/host-registry.nix b/host-registry.nix
index cd002dde..5bb3211c 100644
--- a/host-registry.nix
+++ b/host-registry.nix
@@ -9,12 +9,49 @@ rec {
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
     pulsebert.publicKey =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
-    server7.publicKey =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
     storage-ng.publicKey =
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
+
+    server1 = {
+      ip4 = "172.20.72.1";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD7M0j9goPMstNFj8dkNjMIgKFvbIGqpgeNKDjwTQdl5QJE+mE0k5/t8RlhN0MprZBr8px8PZw1dZlXAMLK4FQs=
+      '';
+    };
+
+    server3 = {
+      ip4 = "172.22.99.13";
+      ip6 = "2a02:8106:208:5201::13";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBQq8QxGUdvQTF6QPiRYHtD73ls4zoUcOtAPLVN/7dDZk7KZLQ+c373VB5jd9FfYKB2/w8lDCHXVi1sY26e+QE=
+      '';
+    };
+    server4 = {
+      ip4 = "172.22.99.15";
+      ip6 = "2a02:8106:208:5201::15";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGUwIWqP92toOSuV16wSN46t05RUKu609pqV2aexj8+DTO/hM8QWrhv51/jQG6TGmabZNlXbEvKMt48mW69uy48=
+      '';
+    };
+    server5 = {
+      ip4 = "172.22.99.16";
+      ip6 = "2a02:8106:208:5201::16";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB1qxi7ROlXvbmmeBJvNqyJdGDZG35e38RHujtqqDJXORwhy63LdW5jlv/09fNRj4nQMvKwdY5Oew2xgTzkaDwE=
+      '';
+    };
+    server6 = {
+      ip4 = "172.22.99.17";
+      ip6 = "2a02:8106:208:5201::17";
+      publicKey = ''
+        ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
+      '';
+    };
+    server7.publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
+
   };
 
-  hqPublic = builtins.attrNames hosts;
-  hqPrivate = builtins.attrNames hosts;
+  hqGlobal = builtins.attrNames hosts;
+  hqLocal = builtins.attrNames hosts;
 }
diff --git a/lib/default.nix b/lib/default.nix
index ad795d37..93c59388 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -98,7 +98,7 @@ in {
       assertion = let
         check = hostName: hostName == config.networking.hostName;
         checkRegistry = list: builtins.any check list;
-      in cfg.isInHq -> checkRegistry hostRegistry.hqPrivate;
+      in cfg.isInHq -> checkRegistry hostRegistry.hqLocal;
       message = "${config.networking.hostName} is not registered in ${
           toString ../host-registry.nix
         }";
@@ -111,6 +111,8 @@ in {
     users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
 
     networking.hosts = let
+      getHost = hostName: builtins.getAttr hostName hostRegistry.hosts;
+
       mapHostsNamesToAttrs = f: list: builtins.listToAttrs (map f list);
 
       /* hqPublicHosts = mapHostsNamesToAttrs (hostName: {
@@ -119,12 +121,25 @@ in {
          }) hostRegistry.hqPublic;
       */
 
-      hqPrivateHosts = mapHostsNamesToAttrs (hostName: {
-        name = toHqPrivateAddress hostName;
-        value = [ "${hostName}.hq" hostName ];
-      }) hostRegistry.hqPrivate;
+      hqLocalHosts = with builtins;
+        let
+          f = hostName:
+            let
+              host = getHost hostName;
+              ip6 = if hasAttr "ip6" host then
+                host.ip6
+              else
+                toHqPrivateAddress hostName;
+            in [{
+              name = ip6;
+              value = [ "${hostName}.hq" hostName ];
+            }] ++ lib.optional (hasAttr "ip4" host) {
+              name = host.ip4;
+              value = [ "${hostName}.hq" hostName ];
+            };
+        in listToAttrs (concatLists (map f (attrNames hostRegistry.hosts)));
 
-    in if cfg.mapHqHosts then hqPrivateHosts else { };
+    in if cfg.mapHqHosts then hqLocalHosts else { };
 
     networking.interfaces =
       /* (if cfg.hq.externalInterface == null then
@@ -151,26 +166,28 @@ in {
 
     programs.ssh.knownHosts = with builtins;
       let
-        hostNames = hostRegistry.hqPrivate;
+        hostNames = hostRegistry.hqLocal;
         intersectKeys = intersectAttrs {
           publicKey = null;
           publicKeyFile = null;
         };
         list = map (name:
-          let sshAttrs = intersectKeys (getAttr name hostRegistry.hosts);
+          let
+            host = getAttr name hostRegistry.hosts;
+            sshAttrs = intersectKeys host;
           in if sshAttrs == { } then
             null
           else {
             inherit name;
-            value = {
+            value = let
+              ip6 = if hasAttr "ip6" host then
+                host.ip6
+              else
+                toHqPrivateAddress name;
+            in {
               publicKey = null;
               publicKeyFile = null;
-              hostNames = [
-                (toHqPrivateAddress name)
-                "${name}.hq.c3d2.de"
-                "${name}.hq"
-                name
-              ];
+              hostNames = [ ip6 "${name}.hq.c3d2.de" "${name}.hq" name ];
             } // sshAttrs;
           }) hostNames;
         keyedHosts = filter (x: x != null) list;