diff --git a/clan.nix b/clan.nix
index 0223b45..eed0182 100644
--- a/clan.nix
+++ b/clan.nix
@@ -29,6 +29,16 @@
       roles.server.tags.nixos = { };
     };
 
+    # Direct SSH to public IPs — clan's priority-1 connection path, with the
+    # ZeroTier mesh and Tor kept as automatic fallbacks. Raw IPs (not the
+    # ns1/ns2 DNS names) so reaching these hosts never depends on their own
+    # DNS being up.
+    internet = {
+      roles.default.machines.control.settings.host = "77.42.68.181";
+      roles.default.machines.ns1.settings.host = "46.224.170.206";
+      roles.default.machines.ns2.settings.host = "157.180.70.82";
+    };
+
     # Recovery root password for console access when a machine fails to boot.
     emergency-access = {
       roles.default.tags.nixos = { };