diff --git a/nixos/mirai/services/default.nix b/nixos/mirai/services/default.nix
index 76c01a1e..618ed62e 100644
--- a/nixos/mirai/services/default.nix
+++ b/nixos/mirai/services/default.nix
@@ -5,6 +5,7 @@
     ./llama.nix
     ./minecraft.nix
     ./tailscale.nix
+    ./zerotier.nix
     ./caddy.nix
     ./fail2ban.nix
     ./gitea.nix
diff --git a/nixos/mirai/services/zerotier.nix b/nixos/mirai/services/zerotier.nix
new file mode 100644
index 00000000..44f83fcd
--- /dev/null
+++ b/nixos/mirai/services/zerotier.nix
@@ -0,0 +1,22 @@
+{config, ...}: {
+  sops = {
+    secrets."zerotier/api_key".owner = config.users.users.zeronsd.name;
+  };
+  services.zerotierone = {
+    enable = true;
+    port = 9994;
+    joinNetworks = [
+      "abfd31bd4766754d"
+    ];
+  };
+  services.zeronsd = {
+    servedNetworks = {
+      abfd31bd4766754d = {
+        settings = {
+          domain = "zt.darksailor.dev";
+          token = config.sops.secrets."zerotier/api_key".path;
+        };
+      };
+    };
+  };
+}
diff --git a/nixos/ryu/services/zerotier.nix b/nixos/ryu/services/zerotier.nix
index 42aef81c..3b96e9c5 100644
--- a/nixos/ryu/services/zerotier.nix
+++ b/nixos/ryu/services/zerotier.nix
@@ -2,6 +2,10 @@
   services = {
     zerotierone = {
       enable = true;
+      port = 9994;
+      joinNetworks = [
+        "abfd31bd4766754d"
+      ];
     };
   };
 }
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index a6d57c63..466f7c0f 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -26,6 +26,8 @@ builder:
         cache:
             private: ENC[AES256_GCM,data:W52mWGwPMIOXneH3QmnuVtALxxfczhaNvjeQiRwNjF30uP/LlQOtiMI4RPm5d90+i8ok1ampLFMFjCqt2MK+ouT6ETa0FcpB4KlV7toA5FEev5NIiLO2NT9M5Is9GQ==,iv:fkKN1VEHHCT3PEi/zZR92Z6yP4jRUjpKBXPs4QtFGAQ=,tag:sjt0YATf8BSlQC5S9y0n2w==,type:str]
             public: ENC[AES256_GCM,data:w63JgOzg3IfLzPzESjgiqKTVmlbc6hcWLNRX8Vyl27eyXeh++agOBpmCDgxZLX/jSFc=,iv:r0Cv5bwPzCxTgDNjUJ3ExYBR5BUfuf4+8bNs2kOTzEU=,tag:SqCcc89wRwDjwEazV7M5nw==,type:str]
+zerotier:
+    api_key: ENC[AES256_GCM,data:Hnihh3l4hZGSnDJcQV5eYz7TLD8AzWFAH9AgHAh6YEA=,iv:XO+nZ3pXmC+rDfgBaiapvkL6KnQTL9s6dmi3ZO18VE0=,tag:rb1gmBcMNWpSRP+wmhr86w==,type:str]
 sops:
     age:
         - recipient: age1pw7kluxp7872c63ne4jecq75glj060jkmqwzkk6esatuyck9egfswufdpk
@@ -37,7 +39,7 @@ sops:
             VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
             ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-28T15:41:49Z"
-    mac: ENC[AES256_GCM,data:CDtVTwy/Z41egW/AWnd5uJRSX4MnakOgq9WI0tx0LfUwrTmJyPli7zXq4JiRPImHlG4OM0Fbm6MpotoHb+o/q8UfyfTXa5n+zF6JQMCnzfbnSNa84ih4FYrUNSqVDkXpsg8tFY57yFt9cITHq7Gxaew/dOSzur0QwLHlRQWdYGw=,iv:Uvt/x2UgN28U1rF8Siawp80KOO2vJ3CBi2RvEkReMjQ=,tag:SemiDosGyGe2e+Isq7/N7A==,type:str]
+    lastmodified: "2025-05-05T19:48:39Z"
+    mac: ENC[AES256_GCM,data:H1hBG5cpmqClX2/25vijBktOYN2lO+Ft0xnX+JmxiIAcBGMakHBxKexPY1eJ5M0nx4cDULt6ks5hJHlB6NebsRDMmUOs5oHRmBktZ9C4Bda5Rki4flZRSqFrCbrl902VEz0xLTIQjmr6DxJAtck9oWuxgKmywEJxtSq5hNW7D7E=,iv:c9JcEyoa6UiZOR7kpbwjHKfvLcQFCMCetpgNfFiRX2w=,tag:oAeyoHdiWSva5FUEE3g/GQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2