diff --git a/nodes/home.hass.toml b/nodes/home.hass.toml
index afb4bce..fab3829 100644
--- a/nodes/home.hass.toml
+++ b/nodes/home.hass.toml
@@ -6,7 +6,10 @@ bundles = [
 groups = ["debian-bookworm"]
 
 [metadata.interfaces.enp1s0]
-ips = ["172.19.138.25/24"]
+ips = [
+    "172.19.138.25/24",
+    "fd90:2017:0:1138::25/64",
+]
 gateway4 = "172.19.138.1"
 ipv6_accept_ra = true
 
diff --git a/nodes/home/nas.py b/nodes/home/nas.py
index 8832b6e..9825874 100644
--- a/nodes/home/nas.py
+++ b/nodes/home/nas.py
@@ -25,6 +25,7 @@ nodes['home.nas'] = {
             'br1138': {
                 'ips': {
                     '172.19.138.20/24',
+                    'fd90:2017:0:1138::20/64',
                 },
                 'gateway4': '172.19.138.1',
                 'ipv6_accept_ra': True,
diff --git a/nodes/home/router.py b/nodes/home/router.py
index ff03ba1..a239cb0 100644
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@@ -19,6 +19,7 @@ nodes['home.router'] = {
             'enp1s0.1138': {
                 'ips': {
                     '172.19.138.1/24',
+                    'fd90:2017:0:1138::1/64',
                 },
             },
             'enp1s0.1139': {
@@ -26,6 +27,11 @@ nodes['home.router'] = {
                     '172.19.139.1/24',
                 },
             },
+            'enp1s0.2000': {
+                'ips': {
+                    'fd90:2017:0:2000::1/64',
+                },
+            },
         },
         'backups': {
             'exclude_from_backups': True,
@@ -80,6 +86,8 @@ nodes['home.router'] = {
             'forward': {
                 '50-router': [
                     'ct state { related, established } accept',
+                    'iifname enp1s0.1138 accept',
+                    'iifname enp1s0.2000 accept',
                     'ip6 nexthdr ipv6-icmp accept',
                     'tcp dport 22 accept',
                 ],
@@ -94,6 +102,7 @@ nodes['home.router'] = {
             'restrict-to': {
                 '172.19.136.0/25',
                 '172.19.138.0/24',
+                'fd90:2017::/32',
             },
             'vhosts': {
                 'vnstat': {
@@ -104,13 +113,23 @@ nodes['home.router'] = {
         },
         'radvd': {
             'interfaces': {
-                'enp1s0.1138': {},
+                'enp1s0.1138': {
+                    'rdnss': {
+                        'fd90:2017:0:1138::1',
+                    },
+                },
                 'enp1s0.1139': {},
+                'enp1s0.2000': {
+                    'rdnss': {
+                        'fd90:2017:0:2000::1',
+                    },
+                },
             },
         },
         'postfix': {
             'mynetworks': {
                 '172.19.138.0/24',
+                'fd90:2017::/32',
             },
         },
         'pppd': {
@@ -124,13 +143,13 @@ nodes['home.router'] = {
                 'password': vault.decrypt('encrypt$gAAAAABfr8Cq5M1hweeJTQAl0dLhFntdlw-QnkIYUQpY-_ycODVWOpyeAwjwOgWLSdsdXIUvqcoiXPZPV-BE12p5C42NGnj9r7sKYpoGz8xfuGIk6haMa2g='),
             },
             'nftables-rules.d': {
-                'inet filter forward iifname enp1s0.1138 accept',
                 'inet filter forward iifname enp1s0.1139 oifname $INTERFACE accept',
             },
         },
         'unbound': {
             'restrict-to': {
                 '172.19.138.0/23',
+                'fd90:2017::/32',
             },
         },
         'users': {
@@ -152,6 +171,7 @@ nodes['home.router'] = {
             'targets': {
                 'enp1s0.1138': '1',
                 'enp1s0.1139': '2',
+                'enp1s0.2000': '3',
             },
         },
         'wireguard': {