diff --git a/Readme.md b/Readme.md
index fe88ff7..cf7fc04 100644
--- a/Readme.md
+++ b/Readme.md
@@ -42,9 +42,23 @@ meshes:
       gw: server 96mbit/96mbit
       mm: 0
       dat: 0
+      hop_penalty: 60
+    radvd:
+      maxrtradvinterval: 900
+      advvalidlifetime: 864000
+      advpreferredlifetime: 172800
     iface_mtu: 1350
     peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffmz.git
     peers_intragate_repo: https://github.com/freifunk-mwu/ffmz-infrastructure-peers.git
+    dns:
+      master: fd37:b4dc:4b1e::a25:103
+      forward_zones:
+        ffmz.org:
+        user.ffmz.org:
+        bb.ffmz.org:
+        nodes.ffmz.org:
+        ffbin:
+          master: fd37:b4dc:4b1e::a25:10c
 
   wi:
     site_number: 56
@@ -64,9 +78,20 @@ meshes:
       gw: server 96mbit/96mbit
       mm: 0
       dat: 0
+      hop_penalty: 60
+    radvd:
+      maxrtradvinterval: 900
+      advvalidlifetime: 864000
     iface_mtu: 1350
     peers_mesh_repo: https://github.com/freifunk-mwu/peers-ffwi.git
     peers_intragate_repo: https://github.com/freifunk-mwu/ffwi-infrastructure-peers.git
+    dns:
+      master: fd56:b4dc:4b1e::a38:103
+      forward_zones:
+        ffwi.org:
+        user.ffwi.org:
+        bb.ffwi.org:
+        nodes.ffwi.org:
 ```
 
 ## Sensible Informationen
@@ -74,7 +99,7 @@ meshes:
 Sensible Daten, z.B. private keys für Dienste wie fastd und tinc verwalten wir in einem [Password Store](https://www.passwordstore.org/).
 Falls ihr mehrere Password Stores verwaltet, denkt vor Benutzung von Ansible daran, die Umgebungsvariable auf den richtigen Store zu verweisen:
 ```
-export PASSWORD_STORE_DIR=... 
+export PASSWORD_STORE_DIR=...
 ```
 
 ## Aufsetzen eines neuen Gateways
@@ -86,7 +111,40 @@ export PASSWORD_STORE_DIR=...
 ```
 ---
 # Gateway-Nummer, von der vieles abgeleitet wird. Integer zwischen 1-254. Muss eindeutig unter allen FFMWU Servern sein.
-magic: 
+magic:
+
+# Die Nummer des /22er IPv4-Subnetzes, das per DHCP verteilt werden soll.
+ipv4_dhcp_range:
+
+# FFRL (muss vorher bereits zugewiesen worden sein)
+# Öffentliche IPv4 NAT Adresse, Format: IP/Prefix
+ffrl_public_ipv4_nat:
+
+ffrl_exit_server:
+  ffrl-a-ak-ber:
+    public_ipv4_address: 185.66.195.0
+    tunnel_ipv4_network: # Format: IP/Maske
+    tunnel_ipv6_network:
+  ffrl-b-ak-ber:
+    public_ipv4_address: 185.66.195.1
+    tunnel_ipv4_network: # Format: IP/Maske
+    tunnel_ipv6_network:
+  ffrl-a-ix-dus:
+    public_ipv4_address: 185.66.193.0
+    tunnel_ipv4_network: # Format: IP/Maske
+    tunnel_ipv6_network:
+  ffrl-b-ix-dus:
+    public_ipv4_address: 185.66.193.1
+    tunnel_ipv4_network: # Format: IP/Maske
+    tunnel_ipv6_network:
+  ffrl-a-fra2-fra:
+    public_ipv4_address: 185.66.194.0
+    tunnel_ipv4_network: # Format: IP/Maske
+    tunnel_ipv6_network:
+  ffrl-b-fra2-fra:
+    public_ipv4_address: 185.66.194.1
+    tunnel_ipv4_network: # Format: IP/Maske
+    tunnel_ipv6_network:
 
 # Pfade zu den fastd secrets im passwordstore
 fastd_secrets:
@@ -95,54 +153,8 @@ fastd_secrets:
   mzigVPN: "{{ lookup('passwordstore', 'fastd/mzVPN/$Hostname subkey=secret') }}"
   wiigVPN: "{{ lookup('passwordstore', 'fastd/wiVPN/$Hostname subkey=secret') }}"
 
-# FFRL (muss vorher bereits zugewiesen worden sein)
-# Öffentliche IPv4 NAT Adresse
-ffrl_public_ipv4_nat:
-
-ffrl_exit_server:
-  ffrl-a-ak-ber:
-    public_ipv4_address: 
-    tunnel_ipv4_network: # Format: IP/Maske
-    tunnel_ipv4_address: 
-    tunnel_ipv4_netmask: 
-    tunnel_ipv6_address: 
-    tunnel_ipv6_netmask: 
-  ffrl-b-ak-ber:
-    public_ipv4_address: 
-    tunnel_ipv4_network: # Format: IP/Maske
-    tunnel_ipv4_address: 
-    tunnel_ipv4_netmask: 
-    tunnel_ipv6_address: 
-    tunnel_ipv6_netmask: 
-  ffrl-a-ix-dus:
-    public_ipv4_address: 
-    tunnel_ipv4_network: # Format: IP/Maske
-    tunnel_ipv4_address: 
-    tunnel_ipv4_netmask: 
-    tunnel_ipv6_address: 
-    tunnel_ipv6_netmask: 
-  ffrl-b-ix-dus:
-    public_ipv4_address: 
-    tunnel_ipv4_network: # Format: IP/Maske
-    tunnel_ipv4_address: 
-    tunnel_ipv4_netmask: 
-    tunnel_ipv6_address: 
-    tunnel_ipv6_netmask: 
-  ffrl-a-fra2-fra:
-    public_ipv4_address: 
-    tunnel_ipv4_network: # Format: IP/Maske
-    tunnel_ipv4_address: 
-    tunnel_ipv4_netmask: 
-    tunnel_ipv6_address: 
-    tunnel_ipv6_netmask: 
-  ffrl-b-fra2-fra:
-    public_ipv4_address: 
-    tunnel_ipv4_network: # Format: IP/Maske
-    tunnel_ipv4_address: 
-    tunnel_ipv4_netmask: 
-    tunnel_ipv6_address: 
-    tunnel_ipv6_netmask: 
-
+# Pfade zum tinc secret im passwordstore
+tinc_private_key: "{{ lookup('passwordstore', 'tinc/icVPN/$hostname_private returnall=true') }}"
 ```
 - Neues Gateway aufsetzen per `ansible-playbook playbooks/gateways.yml`
   - Hierbei werden die definierten Rollen auch auf schon aufgesetzte Gateways angewandt, was unkritisch ist, weil wir unsere Rollen idempotent schreiben.