diff --git a/infra/README.md b/infra/README.md
index 664306c..3c9e53d 100644
--- a/infra/README.md
+++ b/infra/README.md
@@ -19,3 +19,8 @@ tofu import hcloud_firewall.hcloud_firewall YYY
 ```
 
 For Hetzner Cloud, the resource IDs can be found in the URL of the admin console.
+
+## Outputs
+
+The nix configuration reads some values from the `outputs.json` file.
+When modifying these, the file should be regenerated with `tofu output -json > outputs.json`.
diff --git a/infra/outputs.json b/infra/outputs.json
new file mode 100644
index 0000000..6c7c237
--- /dev/null
+++ b/infra/outputs.json
@@ -0,0 +1,17 @@
+{
+  "verbena_gateway6": {
+    "sensitive": false,
+    "type": "string",
+    "value": "2001:41d0:305:2100::1"
+  },
+  "verbena_ipv4": {
+    "sensitive": false,
+    "type": "string",
+    "value": "51.68.122.153"
+  },
+  "verbena_ipv6": {
+    "sensitive": false,
+    "type": "string",
+    "value": "2001:41d0:305:2100::271e"
+  }
+}
diff --git a/infra/verbena.tf b/infra/verbena.tf
new file mode 100644
index 0000000..7ffe9cb
--- /dev/null
+++ b/infra/verbena.tf
@@ -0,0 +1,20 @@
+output "verbena_ipv4" {
+  value = local.verbena_ipv4_addresses[0]
+}
+
+output "verbena_ipv6" {
+  value = local.verbena_ipv6_addresses[0]
+}
+
+output "verbena_gateway6" {
+  value = local.gateway6
+}
+
+locals {
+  hextets      = 4
+  parts        = split(":", local.verbena_ipv6_addresses[0])
+  prefix_parts = slice(local.parts, 0, local.hextets)
+  prefix_str   = join(":", local.prefix_parts)
+  gateway6     = "${local.prefix_str}::1"
+}
+
diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix
index 0760a87..934a4b8 100644
--- a/machines/verbena/configuration.nix
+++ b/machines/verbena/configuration.nix
@@ -1,4 +1,7 @@
 { self, lib, ... }:
+let
+  tf_outputs = builtins.fromJSON (builtins.readFile ../../infra/outputs.json);
+in
 {
   imports = [
     self.nixosModules.nix-defaults
@@ -16,6 +19,19 @@
 
   networking.useDHCP = lib.mkDefault true;
 
+  networking.defaultGateway6 = {
+    address = tf_outputs.verbena_gateway6.value;
+    interface = "ens3";
+  };
+  networking.interfaces."ens3" = {
+    ipv6.addresses = [
+      {
+        address = tf_outputs.verbena_ipv6.value;
+        prefixLength = 64;
+      }
+    ];
+  };
+
   clan.core.settings.state-version.enable = true;
 
   services.nginx = {