diff --git a/machines/core-services-01/configuration.nix b/machines/core-services-01/configuration.nix
index a09eec0..6fb2e79 100644
--- a/machines/core-services-01/configuration.nix
+++ b/machines/core-services-01/configuration.nix
@@ -74,6 +74,7 @@
   users.users.root.openssh.authorizedKeys.keyFiles = [
     ./pubkeys/gdd.keys
     ./pubkeys/raito.keys
+    ./pubkeys/mrf.keys
   ];
 
   # Open ports in the firewall.
diff --git a/machines/core-services-01/my.nix b/machines/core-services-01/my.nix
index bdc2aa4..994190f 100644
--- a/machines/core-services-01/my.nix
+++ b/machines/core-services-01/my.nix
@@ -101,6 +101,12 @@ in
   };
 
   config = {
+    # Default IPv4 exit route
+    networking.defaultGateway = {
+      address = "";
+      interface = "ens18";
+    };
+
     networking.interfaces.ens20 = {
       ipv4.addresses = map mkAddress cfg.ipv4InternalFull;
     };
diff --git a/machines/core-services-01/subZone.nix b/machines/core-services-01/subZone.nix
index ff98ad0..41fd888 100644
--- a/machines/core-services-01/subZone.nix
+++ b/machines/core-services-01/subZone.nix
@@ -48,6 +48,7 @@ dualstack // {
 
     acme = {
       NS = [ "acme.${my.subZone}." ];
+      A = my.ipv4;
       AAAA = [ my.ipv6.acme ];
     };