diff --git a/machines/celerrime/default.nix b/machines/celerrime/default.nix
index 037c79b..b5d1eaf 100644
--- a/machines/celerrime/default.nix
+++ b/machines/celerrime/default.nix
@@ -23,6 +23,7 @@ in {
     torrent.enable = true;
     virtualisation.enable = false;
     yggdrasil-client.enable = true;
+    yggdrasil-peer.enable = false;
 
     server = { ivabus-dev.enable = false; };
   };
diff --git a/machines/periculo/default.nix b/machines/periculo/default.nix
index 77a75e0..eb04958 100644
--- a/machines/periculo/default.nix
+++ b/machines/periculo/default.nix
@@ -22,6 +22,7 @@ in {
     torrent.enable = false;
     virtualisation.enable = false;
     yggdrasil-client.enable = false;
+    yggdrasil-peer.enable = false;
 
     server = { ivabus-dev.enable = false; };
   };
diff --git a/machines/rubusidaeus/default.nix b/machines/rubusidaeus/default.nix
index ead730d..4915451 100644
--- a/machines/rubusidaeus/default.nix
+++ b/machines/rubusidaeus/default.nix
@@ -25,7 +25,7 @@ in {
     ntp-server.enable = true;
     torrent.enable = false;
     virtualisation.enable = false;
-    yggdrasil-client.enable = true;
+    yggdrasil-peer.enable = true;
 
     server = { ivabus-dev.enable = true; };
   };
diff --git a/machines/stella/default.nix b/machines/stella/default.nix
index 14517d5..8676cb7 100644
--- a/machines/stella/default.nix
+++ b/machines/stella/default.nix
@@ -29,7 +29,8 @@ in {
     media-client.enable = true;
     torrent.enable = false;
     virtualisation.enable = false;
-    yggdrasil-client.enable = false;
+    yggdrasil-client.enable = true;
+    yggdrasil-peer.enable = false;
   };
 
   my.users = {
diff --git a/machines/vetus/default.nix b/machines/vetus/default.nix
index 02641dc..955a984 100644
--- a/machines/vetus/default.nix
+++ b/machines/vetus/default.nix
@@ -19,6 +19,7 @@ in {
     latex.enable = true;
     virtualisation.enable = true;
     yggdrasil-client.enable = true;
+    yggdrasil-peer.enable = false;
   };
 
   my.users = {
diff --git a/roles/default.nix b/roles/default.nix
index eff3e73..7d4c506 100644
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -11,6 +11,7 @@
     ./torrent.nix
     ./virtualisation.nix
     ./yggdrasil-client.nix
+    ./yggdrasil-peer.nix
 
     ./server/nginx.nix
     ./server/ivabus-dev.nix
diff --git a/roles/yggdrasil-client.nix b/roles/yggdrasil-client.nix
index 9a469fb..4fd9ade 100644
--- a/roles/yggdrasil-client.nix
+++ b/roles/yggdrasil-client.nix
@@ -1,17 +1,20 @@
-{ config, lib, ... }:
+{ config, lib, secrets, ... }:
 
 let cfg = config.my.roles.yggdrasil-client;
 in {
   options.my.roles.yggdrasil-client.enable =
     lib.mkEnableOption "Enable yggdrasil";
   config = lib.mkIf (cfg.enable) {
+    my.features.secrets = lib.mkForce true;
     services.yggdrasil = {
       enable = true;
       persistentKeys = true;
-      settings = {
-        Peers = [
-          # TODO: Maybe add more peers, not only mine. But for now it's ok
-          "tls://ygg.iva.bz:50002"
+      settings = 
+      {
+        # Not connecting to global ygg network
+        Peers = lib.mkDefault [
+          "quic://${secrets.yggdrasil-peer}:60003?password=${secrets.yggdrasil-password}"
+          "tls://${secrets.yggdrasil-peer}:60002?password=${secrets.yggdrasil-password}"
         ];
       };
     };
diff --git a/roles/yggdrasil-peer.nix b/roles/yggdrasil-peer.nix
new file mode 100644
index 0000000..38a6ce9
--- /dev/null
+++ b/roles/yggdrasil-peer.nix
@@ -0,0 +1,26 @@
+{ config, lib, secrets, ... }:
+
+let cfg = config.my.roles.yggdrasil-peer;
+in {
+  options.my.roles.yggdrasil-peer.enable =
+    lib.mkEnableOption "Enable yggdrasil (semi-public) peer";
+  config = lib.mkIf (cfg.enable) {
+    my.features.secrets = lib.mkForce true;
+	my.roles.yggdrasil-client.enable = true;
+    services.yggdrasil = {
+      enable = true;
+      persistentKeys = true;
+      settings = 
+      {
+        # Not connecting to global ygg network
+        Peers = lib.mkForce [];
+		Listen = [
+          "quic://[::]:60003?password=${secrets.yggdrasil-password}"
+          "tls://[::]:60002?password=${secrets.yggdrasil-password}"
+		];
+      };
+    };
+    networking.firewall.allowedTCPPorts = [ 60002 ];
+    networking.firewall.allowedUDPPorts = [ 60003 ];
+  };
+}
diff --git a/secrets.nix b/secrets.nix
index 4171464..6bf416f 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -8,4 +8,6 @@ in if (canaryHash != expectedHash && config.my.features.secrets) then
 else {
   hashed-password = builtins.readFile ./secrets/hashed-password;
   maas-address = builtins.readFile ./secrets/maas-address;
+  yggdrasil-peer = builtins.readFile ./secrets/yggdrasil-peer;
+  yggdrasil-password = builtins.readFile ./secrets/yggdrasil-password;
 }
diff --git a/secrets/yggdrasil-password b/secrets/yggdrasil-password
new file mode 100644
index 0000000..39c0312
Binary files /dev/null and b/secrets/yggdrasil-password differ
diff --git a/secrets/yggdrasil-peer b/secrets/yggdrasil-peer
new file mode 100644
index 0000000..f6fcb50
Binary files /dev/null and b/secrets/yggdrasil-peer differ