diff --git a/nix/lib/config/legacy.nix b/nix/lib/config/legacy.nix
index 9822ac5..78fadee 100644
--- a/nix/lib/config/legacy.nix
+++ b/nix/lib/config/legacy.nix
@@ -32,7 +32,7 @@ in
     (builtins.mapAttrs (_: hosts4: { inherit hosts4; }) pillar.hosts-inet)
     (builtins.mapAttrs (net: dhcpData: {
       dhcp = {
-        inherit (dhcpData) start end time max-time;
+        inherit (dhcpData) start end time max-time fixed-hosts;
         server =
           if netHasDHCP net
           then "${net}-gw"
diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix
index f828f6d..3f8e97f 100644
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@@ -31,6 +31,10 @@ let
       description = "Domain name option";
       type = types.str;
     };
+    fixed-hosts = mkOption {
+      type = with types; attrsOf str;
+      default = {};
+    };
   };
   netOpts = { name, ... }: {
     options = {
diff --git a/nix/nixos-module/container/dhcp-server.nix b/nix/nixos-module/container/dhcp-server.nix
index 64764ab..c379366 100644
--- a/nix/nixos-module/container/dhcp-server.nix
+++ b/nix/nixos-module/container/dhcp-server.nix
@@ -16,23 +16,38 @@ in
     interfaces = builtins.attrNames dhcpNets;
 
     extraConfig = ''
-      option domain-name-servers 172.20.73.8, 9.9.9.9;
       ${builtins.concatStringsSep "\n" (
         builtins.attrValues (
           builtins.mapAttrs (net: { dhcp, subnet4Net, subnet4Len, ...}:
             ''
-              subnet ${subnet4Net} netmask ${lib.netmasks.${toString subnet4Len}} {
-                range ${dhcp.start} ${dhcp.end};
+              group {
                 default-lease-time ${toString dhcp.time};
                 max-lease-time ${toString dhcp.max-time};
                 option routers ${config.site.net.${net}.hosts4.${builtins.replaceStrings [".${net}"] [""] dhcp.router}};
                 option domain-name "${dhcp.domainName}";
+                option domain-name-servers 172.20.73.8, 9.9.9.9;
+
+                subnet ${subnet4Net} netmask ${lib.netmasks.${toString subnet4Len}} {
+                  range ${dhcp.start} ${dhcp.end};
+                }
+
+                ${builtins.concatStringsSep "\n" (
+                  builtins.attrValues (
+                    builtins.mapAttrs (addr: hwaddr:
+                      ''
+                        host ${addr} {
+                          hardware ethernet ${hwaddr};
+                          fixed-address ${addr};
+                        }
+                      ''
+                    ) dhcp.fixed-hosts
+                  )
+                )}
               }
             ''
           ) dhcpNets
         )
       )}
     '';
-    # TODO: fixed-hosts
   };
 }