diff --git a/config/hosts/netbox/default.nix b/config/hosts/netbox/default.nix
index 6ff0e7a..5fdb479 100644
--- a/config/hosts/netbox/default.nix
+++ b/config/hosts/netbox/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ./configuration.nix
     ./netbox.nix
+    ./networking.nix
     ./nginx.nix
   ];
 }
diff --git a/config/hosts/netbox/netbox.nix b/config/hosts/netbox/netbox.nix
index 85a328a..152cf92 100644
--- a/config/hosts/netbox/netbox.nix
+++ b/config/hosts/netbox/netbox.nix
@@ -11,7 +11,7 @@
     enable = true;
     secretKeyFile = "/secrets/netbox-secret-key.secret";
     settings = {
-      ALLOWED_HOSTS = [ "netbox.ccchh.net" "10.31.208.29" ];
+      ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ];
       SESSION_COOKIE_SECURE = true;
     };
   };
diff --git a/config/hosts/netbox/networking.nix b/config/hosts/netbox/networking.nix
new file mode 100644
index 0000000..dbfe9a6
--- /dev/null
+++ b/config/hosts/netbox/networking.nix
@@ -0,0 +1,26 @@
+# Networking configuration for the host.
+# Sources for this configuration:
+# - https://nixos.org/manual/nixos/stable/#sec-networking
+# - https://nixos.wiki/wiki/Systemd-networkd
+# - https://wiki.archlinux.org/title/Systemd-networkd
+
+{ config, pkgs, ... }:
+
+{
+  networking.interfaces.net0 = {
+    ipv4.addresses = [
+      {
+        address = "172.31.17.149";
+        prefixLength = 25;
+      }
+    ];
+  };
+  networking.defaultGateway = "172.31.17.129";
+  networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
+  networking.search = [ "hamburg.ccc.de" ];
+
+  systemd.network.links."10-net0" = {
+    matchConfig.MACAddress = "62:ED:44:20:7C:C1";
+    linkConfig.Name = "net0";
+  };
+}
diff --git a/config/hosts/netbox/nginx.nix b/config/hosts/netbox/nginx.nix
index 5f73e7b..bf51ebe 100644
--- a/config/hosts/netbox/nginx.nix
+++ b/config/hosts/netbox/nginx.nix
@@ -12,10 +12,10 @@
     # So nginx can access the Netbox static files.
     user = "netbox";
 
-    virtualHosts."acme-netbox.ccchh.net" = {
+    virtualHosts."acme-netbox.hamburg.ccc.de" = {
       default = true;
       enableACME = true;
-      serverName = "netbox.ccchh.net";
+      serverName = "netbox.hamburg.ccc.de";
 
       listen = [
         {
@@ -25,20 +25,17 @@
       ];
     };
 
-    virtualHosts."netbox.ccchh.net" = {
+    virtualHosts."netbox.hamburg.ccc.de" = {
       default = true;
       forceSSL = true;
-      useACMEHost = "netbox.ccchh.net";
+      useACMEHost = "netbox.hamburg.ccc.de";
 
       listen = [
         {
           addr = "0.0.0.0";
-          port = 80;
-        }
-        {
-          addr = "0.0.0.0";
-          port = 443;
+          port = 8443;
           ssl = true;
+          extraParameters = [ "proxy_protocol" ];
         }
       ];
 
@@ -51,11 +48,20 @@
       };
 
       extraConfig = ''
+        # Make use of the ngx_http_realip_module to set the $remote_addr and
+        # $remote_port to the client address and client port, when using proxy
+        # protocol.
+        # First set our proxy protocol proxy as trusted.
+        set_real_ip_from 172.31.17.140;
+        # Then tell the realip_module to get the addreses from the proxy protocol
+        # header.
+        real_ip_header proxy_protocol;
+
         client_max_body_size 25m;
       '';
     };
   };
 
-  networking.firewall.allowedTCPPorts = [ 80 443 31820 ];
-  networking.firewall.allowedUDPPorts = [ 443 ];
+  networking.firewall.allowedTCPPorts = [ 8443 31820 ];
+  networking.firewall.allowedUDPPorts = [ 8443 ];
 }
diff --git a/flake.nix b/flake.nix
index 0feeae8..bc5d1d0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -65,10 +65,10 @@
 
       netbox = {
         deployment = {
-          targetHost = "netbox.z9.ccchh.net";
+          targetHost = "netbox-intern.hamburg.ccc.de";
           targetPort = 22;
           targetUser = "colmena-deploy";
-          tags = [ "thinkcccluster" ];
+          tags = [ "chaosknoten" ];
         };
         imports = [ 
           ./config/common