diff --git a/machines/liminix/ap-v01/addresses.nix b/machines/liminix/ap-v01/addresses.nix
index c71fe1e..7dc61ff 100644
--- a/machines/liminix/ap-v01/addresses.nix
+++ b/machines/liminix/ap-v01/addresses.nix
@@ -2,20 +2,24 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 
-{ config, ... }:
+{ config, nodeMeta, ... }:
 let
   svc = config.system.service;
+  inherit (nodeMeta.extraNodeSettings) building floor ap-no;
+  # FIXME switch to ipv6 tu be able to scale
+  adminIp = "10.0.253.${builtins.toString (ap-no + floor * 8 + building * 32 + 2)}";
 in
 {
-  services.admin-dhcpv4 = svc.network.dhcp.client.build {
+  services.admin-ip = svc.network.address.build {
     interface = config.services.admin-vlan;
+    address = adminIp;
+    prefixLength = 24;
+    family = "inet";
   };
 
   services.admin-defaultroute4 = svc.network.route.build {
-    via = "$(output ${config.services.admin-dhcpv4} router)";
+    via = "10.0.253.1";
     target = "default";
-    dependencies = [ config.services.admin-dhcpv4 ];
+    dependencies = [ config.services.admin-ip ];
   };
-
-  # TODO: ensure SLAAC for admin-vlan.
 }
diff --git a/machines/liminix/ap-v01/dns.nix b/machines/liminix/ap-v01/dns.nix
index c47ef42..b371292 100644
--- a/machines/liminix/ap-v01/dns.nix
+++ b/machines/liminix/ap-v01/dns.nix
@@ -2,34 +2,24 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 
-{ config, pkgs, ... }:
+{ pkgs, lib, ... }:
 let
-  inherit (pkgs.liminix.services) oneshot;
   inherit (pkgs.pseudofile) dir symlink;
-  inherit (pkgs) serviceFns;
+  # TODO: imho, DNS should be static and provided by the router?
+  dns = [
+    "8.8.8.8"
+    "8.8.4.4"
+    "1.0.0.1"
+  ];
+  resolvconf = pkgs.writeText "resolv.conf" (
+    lib.concatMapStringsSep "\n" (dns: ''echo "nameserver ${dns}" >> resolv.conf'') dns
+  );
 in
 {
   # TODO: support dynamic reconfiguration once we are in the target VLAN?
-  services.resolvconf = oneshot rec {
-    name = "resolvconf";
-    # TODO: imho, DNS should be static and provided by the router?
-    up = ''
-      . ${serviceFns}
-      ( in_outputs ${name}
-      for i in $(output ${config.services.admin-dhcpv4} dns); do
-        echo "nameserver $i" >> resolv.conf
-      done
-      )
-    '';
-
-    dependencies = [
-      config.services.admin-dhcpv4
-    ];
-  };
-
   filesystem = dir {
     etc = dir {
-      "resolv.conf" = symlink "${config.services.resolvconf}/.outputs/resolv.conf";
+      "resolv.conf" = symlink "${resolvconf}";
     };
   };
 }
diff --git a/machines/liminix/ap-v01/recovery.nix b/machines/liminix/ap-v01/recovery.nix
index 7e02afb..35edaa7 100644
--- a/machines/liminix/ap-v01/recovery.nix
+++ b/machines/liminix/ap-v01/recovery.nix
@@ -41,7 +41,7 @@ in
                 inherit (parentConfig.services)
                   sshd
                   admin-vlan
-                  admin-dhcpv4
+                  admin-ip
                   admin-defaultroute4
                   ;
                 defaultroute4 = svc.network.route.build {