diff --git a/nixos/coredns.nix b/nixos/coredns.nix
index bf64527..139043c 100644
--- a/nixos/coredns.nix
+++ b/nixos/coredns.nix
@@ -62,7 +62,7 @@ in {
             lib.concatMapStrings (host: ''
               ${host.ipv4}     ${host.name}.${domain}
               ${host.ipv6.ula} ${host.name}.${domain}
-            '') [ vars.hosts.desktop vars.hosts.monitor vars.hosts.server ]
+            '') vars.hosts.servers
           }
 
           192.168.1.2 switch-livingroom01.${domain}
diff --git a/nixos/dhcpd4.nix b/nixos/dhcpd4.nix
index c613d32..8c454cc 100644
--- a/nixos/dhcpd4.nix
+++ b/nixos/dhcpd4.nix
@@ -14,21 +14,6 @@ in {
       [ "${lan0.name}" "${guest0.name}" "${iot0.name}" "${lab0.name}" ];
     enable = true;
     machines = [
-      {
-        hostName = "monitnerr-1";
-        ethernetAddress = "dc:a6:32:1e:66:94";
-        ipAddress = "${vars.hosts.monitor.ipv4}";
-      }
-      {
-        hostName = "nerr-3";
-        ethernetAddress = "04:d9:f5:7e:1c:47";
-        ipAddress = "${vars.hosts.desktop.ipv4}";
-      }
-      {
-        hostName = "servnerr-3";
-        ethernetAddress = "06:cb:90:4d:a2:59";
-        ipAddress = "${vars.hosts.server.ipv4}";
-      }
       {
         hostName = "switch-livingroom01";
         ethernetAddress = "f0:9f:c2:0b:28:ca";
@@ -49,7 +34,13 @@ in {
         ethernetAddress = "00:18:dd:32:52:c0";
         ipAddress = "192.168.1.8";
       }
-    ];
+    ] ++ lib.forEach vars.hosts.servers (host:
+      {
+        hostName = host.name;
+        ethernetAddress = host.mac;
+        ipAddress = host.ipv4;
+      }
+    );
     extraConfig = ''
       ddns-update-style none;
 
diff --git a/nixos/nftables.nix b/nixos/nftables.nix
index 637ac98..ee6510b 100644
--- a/nixos/nftables.nix
+++ b/nixos/nftables.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:
 
 let
   vars = import ./vars.nix;
@@ -10,10 +10,6 @@ let
   wan0 = vars.interfaces.wan0;
   wg0 = vars.interfaces.wg0;
 
-  desktop = vars.hosts.desktop;
-  monitor = vars.hosts.monitor;
-  server = vars.hosts.server;
-
   ports = {
     dns = "53";
     dhcp4_server = "67";
@@ -267,11 +263,13 @@ in {
 
           # SSH for internal machines.
           ip6 daddr {
-            ${desktop.ipv6.gua},
-            ${monitor.ipv6.gua},
-            ${server.ipv6.gua},
+            ${lib.concatMapStrings (host: "${host.ipv6.gua}, ") vars.hosts.servers}
           } tcp dport ${ports.ssh} counter accept comment "IPv6 SSH"
 
+          # Plex running on server.
+          ip daddr ${vars.server_ipv4} tcp dport ${ports.plex} counter accept comment "server IPv4 Plex"
+          ip6 daddr ${vars.server_ipv6} tcp dport ${ports.plex} counter accept comment "server IPv6 Plex"
+
           counter reject
         }
 
@@ -294,7 +292,7 @@ in {
         chain prerouting_wan0 {
           tcp dport {
             ${ports.plex},
-          } dnat ${server.ipv4} comment "server TCPv4 DNAT"
+          } dnat ${vars.server_ipv4} comment "server TCPv4 DNAT"
 
           udp dport {
             ${ports.dns},
diff --git a/nixos/vars.nix b/nixos/vars.nix
index dfe1604..75f97ef 100644
--- a/nixos/vars.nix
+++ b/nixos/vars.nix
@@ -1,31 +1,45 @@
-{
+# Variables referenced two or more places in the configuration.
+let
+  server_ipv4 = "192.168.1.4";
+  server_ipv6 = "2600:6c4a:787f:d100:4cb:90ff:fe4d:a259";
+
+# Configuration variables which are used to build out configs elsewhere.
+in {
+  server_ipv4 = server_ipv4;
+  server_ipv6 = server_ipv6;
   cfg = "/home/matt/cfg";
   domain = "lan.servnerr.com";
   hosts = {
-    monitor = {
-      name = "monitnerr-1";
-      ipv4 = "192.168.1.11";
-      ipv6 = {
-        gua = "2600:6c4a:787f:d100:dea6:32ff:fe1e:6694";
-        ula = "fd9e:1a04:f01d:0:dea6:32ff:fe1e:6694";
-      };
-    };
-    desktop = {
-      name = "nerr-3";
-      ipv4 = "192.168.1.9";
-      ipv6 = {
-        gua = "2600:6c4a:787f:d100:6d9:f5ff:fe7e:1c47";
-        ula = "fd9e:1a04:f01d:0:6d9:f5ff:fe7e:1c47";
-      };
-    };
-    server = {
-      name = "servnerr-3";
-      ipv4 = "192.168.1.4";
-      ipv6 = {
-        gua = "2600:6c4a:787f:d100:4cb:90ff:fe4d:a259";
-        ula = "fd9e:1a04:f01d:0:4cb:90ff:fe4d:a259";
-      };
-    };
+    # Machines that are remotely accessible and run services.
+    servers = [
+      {
+        name = "monitnerr-1";
+        ipv4 = "192.168.1.11";
+        ipv6 = {
+          gua = "2600:6c4a:787f:d100:dea6:32ff:fe1e:6694";
+          ula = "fd9e:1a04:f01d:0:dea6:32ff:fe1e:6694";
+        };
+        mac = "dc:a6:32:1e:66:94";
+      }
+      {
+        name = "nerr-3";
+        ipv4 = "192.168.1.9";
+        ipv6 = {
+          gua = "2600:6c4a:787f:d100:6d9:f5ff:fe7e:1c47";
+          ula = "fd9e:1a04:f01d:0:6d9:f5ff:fe7e:1c47";
+        };
+        mac = "04:d9:f5:7e:1c:47";
+      }
+      {
+        name = "servnerr-3";
+        ipv4 = server_ipv4;
+        ipv6 = {
+          gua = server_ipv6;
+          ula = "fd9e:1a04:f01d:0:4cb:90ff:fe4d:a259";
+        };
+        mac = "06:cb:90:4d:a2:59";
+      }
+    ];
   };
   interfaces = {
     wan0 = {