diff --git a/config/net/yggdrasil.nix b/config/net/yggdrasil.nix
new file mode 100644
index 000000000..d5c63ba
--- /dev/null
+++ b/config/net/yggdrasil.nix
@@ -0,0 +1,19 @@
+{
+  site.hosts.yggdrasil = {
+    role = "container";
+    interfaces = {
+      core = {
+        hwaddr = "0A:14:48:01:26:ff";
+        type = "veth";
+      };
+    };
+    ospf = {
+      allowedUpstreams =
+        [ "upstream3" "upstream1" "upstream4" "anon1" "freifunk" ];
+      stubNets6 = [ "200::/7" ];
+    };
+
+    services.yggdrasil.enable = true;
+    prebuilt = true;
+  };
+}
diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix
index 44faf65..7e23cb8 100644
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@@ -401,6 +401,10 @@ let
         type = types.bool;
         default = false;
       };
+      services.yggdrasil.enable = mkOption {
+        type = types.bool;
+        default = false;
+      };
       links = mkOption {
         description = "Which port is connected to what other device? Keys are either network names or known hostnames.";
         default = {};
diff --git a/nix/nixos-module/container/yggdrasil.nix b/nix/nixos-module/container/yggdrasil.nix
index 89d795d..3af5924 100644
--- a/nix/nixos-module/container/yggdrasil.nix
+++ b/nix/nixos-module/container/yggdrasil.nix
@@ -1,14 +1,15 @@
-{ pkgs, lib, config, hostRegistry, zentralwerk, ... }:
+{ pkgs, lib, config, hostName, ... }:
 
-let
-  host = hostRegistry.hosts.yggdrasil;
-  yggAddress = host.ygg;
-  yggPrefix = "301:4561:bb58:4dac"; # 301:4561:bb58:4dac::/64
-  # taken from the output of "yggdrasilctl getself".
-  port = 46823;
-in {
+lib.mkIf config.site.hosts.${hostName}.services.yggdrasil.enable {
   networking.firewall.enable = false;
 
+  boot.postBootCommands = ''
+    if [ ! -c /dev/net/tun ]; then
+      mkdir -p /dev/net
+      mknod -m 666 /dev/net/tun c 10 200
+    fi
+  '';
+
   services.yggdrasil = {
     enable = true;
     persistentKeys = true;