diff --git a/config/hosts/athame/meta.nix b/config/hosts/athame/meta.nix
index 8dc03b2c..0e9d43a9 100644
--- a/config/hosts/athame/meta.nix
+++ b/config/hosts/athame/meta.nix
@@ -23,92 +23,3 @@ config = {
     };
   };
 }
-
-# For the eventual migration
-
-#resources.athame = {
-  #provider = "hcloud";
-  #  type = "server";
-  #  inputs = {
-  #    name = "athame";
-  #    image = "ubuntu-20.04";
-  #    server_type = "cpx21";
-  #    location = "nbg1";
-  #    backups = false;
-  #    ssh_keys = [ (hcloud_ssh_key.refAttr "id") ];
-  #  };
-  #  connection = { host = config.lib.tf.terraformSelf "ipv4_address"; };
-  #  provisioners = [
-  #    {
-  #      file = {
-  #        destination = "/tmp/sshportfix.nix";
-  #        content = "{ config, ...}: { services.openssh.ports = [ 62954 ]; }";
-  #      };
-  #    }
-  #    {
-  #      remote-exec.command =
-  #        "curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIXOS_IMPORT=/tmp/sshportfix.nix NO_REBOOT=true PROVIDER=hetznercloud NIX_CHANNEL=nixos-20.09 bash 2>&1 | tee /tmp/infect.log";
-  #    }
-  #    {
-  #      remote-exec.command = "reboot";
-  #      onFailure = "continue";
-  #    }
-  #  ];
-  #};
-
-  /* resources.athame_rdns = {
-    provider = "hcloud";
-    type = "rdns";
-    inputs = {
-    server_id = athame.refAttr "id";
-    dns_ptr = "athame.kittywit.ch";
-    ip_address = athame.refAttr "ipv4_address";
-    };
-    };
-  */
-
-  #dns.records.kittywitch_athame = {
-  #  tld = "kittywit.ch.";
-  #  domain = "athame";
-  #  a.address = athame.refAttr "ipv4_address";
-  #};
-
-  #dns.records.kittywitch_root = {
-  #  tld = "kittywit.ch.";
-  #  domain = "@";
-  #  a.address = athame.refAttr "ipv4_address";
-  #};
-
-  #dns.records.kittywitch_athame_v6 = {
-  #  tld = "kittywit.ch.";
-  #  domain = "athame";
-  #  aaaa.address = athame.refAttr "ipv6_address";
-  #};
-
-  #dns.records.kittywitch_root_v6 = {
-  #  tld = "kittywit.ch.";
-  #  domain = "@";
-  #  aaaa.address = athame.refAttr "ipv6_address";
-  #};
-
-  #dns.records.kittywitch_www = {
-  #  tld = "kittywit.ch.";
-  #  domain = "www";
-  #  cname.target = "athame.kittywit.ch.";
-  #};
-
-  #    connection = {
-  #      host = athame.refAttr "ipv4_address";
-  #      port = 62954;
-  #    };
-
-  #triggers.switch = lib.mapAttrs (name: record:
-  #  {
-  #    A = config.lib.tf.terraformExpr
-  #      ''join(",", ${record.out.resource.namedRef}.addresses)'';
-  #    AAAA = config.lib.tf.terraformExpr
-  #      ''join(",", ${record.out.resource.namedRef}.addresses)'';
-  #    CNAME = record.out.resource.refAttr "cname";
-  #    SRV = record.out.resource.refAttr "id";
-  #  }.${record.out.type}) config.dns.records;
-
diff --git a/config/hosts/athame/nixos.nix b/config/hosts/athame/nixos.nix
index f03091c6..dae0c426 100644
--- a/config/hosts/athame/nixos.nix
+++ b/config/hosts/athame/nixos.nix
@@ -85,12 +85,7 @@ with lib;
 
   kw.dns.ipv4 = "168.119.126.111";
   kw.dns.ipv6 = (lib.head config.networking.interfaces.enp1s0.ipv6.addresses).address;
-
-  deploy.tf.dns.records.kittywitch_athame_v6 = {
-    tld = "kittywit.ch.";
-    domain = "athame";
-    aaaa.address = config.kw.dns.ipv6;
-  };
+  kw.dns.isPublic = true;
 
   # Yggdrasil
 
diff --git a/config/modules/home/dns.nix b/config/modules/home/dns.nix
index db56259e..11a2cdb2 100644
--- a/config/modules/home/dns.nix
+++ b/config/modules/home/dns.nix
@@ -25,6 +25,7 @@ with lib;
       type = types.nullOr types.str;
       default = "";
     };
+    isPublic = mkEnableOption "Provide DNS for the public primary IP addresses of the host";
     ipv4 = mkOption {
       type = types.str;
     };
diff --git a/config/modules/nixos/dns.nix b/config/modules/nixos/dns.nix
index 0f9a92e0..68698691 100644
--- a/config/modules/nixos/dns.nix
+++ b/config/modules/nixos/dns.nix
@@ -25,11 +25,14 @@ with lib;
       type = types.nullOr types.str;
       default = "";
     };
+    isPublic = mkEnableOption "Provide DNS for the public primary IP addresses of the host";
     ipv4 = mkOption {
-      type = types.str;
+      type = types.nullOr types.str;
+      default = null;
     };
     ipv6 = mkOption {
-      type = types.str;
+      type = types.nullOr types.str;
+      default = null;
     };
   };
 
@@ -43,7 +46,20 @@ with lib;
     kw.dns.ipv4 = mkDefault (mkIf (tf.resources ? config.networking.hostName) (mkOptionDefault (config.deploy.tf.resources."${config.networking.hostName}".refAttr "ipv4_address")));
     kw.dns.ipv6 = mkDefault (mkIf (tf.resources ? config.networking.hostName) (mkOptionDefault (config.deploy.tf.resources."${config.networking.hostName}".refAttr "ipv6_address")));
 
-    # This is derived.
+    # These are derived.
     kw.dns.domain = builtins.substring 0 ((builtins.stringLength config.kw.dns.tld) - 1) config.kw.dns.tld;
+
+    deploy.tf.dns.records = lib.mkIf (config.kw.dns.isPublic) {
+      "node_${config.networking.hostName}_v4" = {
+        tld = config.kw.dns.tld;
+        domain = config.networking.hostName;
+        a.address = config.kw.dns.ipv4;
+      };
+      "node_${config.networking.hostName}_v6" = {
+        tld = config.kw.dns.tld;
+        domain = config.networking.hostName;
+        aaaa.address = config.kw.dns.ipv6;
+      };
+    };
   };
 }
diff --git a/config/services/filehost/default.nix b/config/services/filehost/default.nix
index 540dccc9..d13e245f 100644
--- a/config/services/filehost/default.nix
+++ b/config/services/filehost/default.nix
@@ -9,9 +9,9 @@
     };
   };
 
-  deploy.tf.dns.records.kittywitch_files = {
-    tld = "kittywit.ch.";
+  deploy.tf.dns.records.services_filehost = {
+    tld = config.kw.dns.tld;
     domain = "files";
-    cname.target = "athame.kittywit.ch.";
+    cname.target = "${config.networking.hostName}.${config.kw.dns.tld}";
   };
 }
diff --git a/config/services/grafana/default.nix b/config/services/grafana/default.nix
index 1075d535..d3a78089 100644
--- a/config/services/grafana/default.nix
+++ b/config/services/grafana/default.nix
@@ -28,7 +28,7 @@
     locations = { "/".proxyPass = "http://127.0.0.1:3001"; };
   };
 
-  deploy.tf.dns.records.kittywitch_graph = {
+  deploy.tf.dns.records.services_grafana = {
     tld = config.kw.dns.tld;
     domain = "graph";
     cname.target = "${config.networking.hostName}.${config.kw.dns.tld}";
diff --git a/config/targets/personal/default.nix b/config/targets/personal/default.nix
index c0c84cd5..441c1768 100644
--- a/config/targets/personal/default.nix
+++ b/config/targets/personal/default.nix
@@ -4,15 +4,15 @@
   deploy.targets.personal = {
     nodeNames = [ "samhain" "yule"];
     tf = { config, ... }: {
-      dns.records.kittywitch_net_grimoire = {
-        tld = "kittywit.ch.";
-        domain = "grimoire.net";
+      dns.records.ygg_grimoire = {
+        tld = config.kw.dns.tld;
+        domain = "grimoire.${config.kw.dns.ygg_prefix}";
         aaaa.address = "200:c87d:7960:916:bf0e:a0e1:3da7:4fc6";
       };
 
-      dns.records.kittywitch_net_boline = {
-        tld = "kittywit.ch.";
-        domain = "boline.net";
+      dns.records.ygg_boline = {
+        tld = config.kw.dns.tld;
+        domain = "boline.${config.kw.dns.ygg_prefix}";
         aaaa.address = "200:474d:14f7:1d21:f171:4e85:a3fa:9393";
       };
     };
diff --git a/wiki b/wiki
index bbc1c86c..cda4f1d9 160000
--- a/wiki
+++ b/wiki
@@ -1 +1 @@
-Subproject commit bbc1c86ceb851b413cd8bcb414fd56a39fc2de87
+Subproject commit cda4f1d9cb996f528ad5d2395abef1d6ed6bbc46