diff --git a/networking.nix b/networking.nix
index e2cabb8..893befa 100644
--- a/networking.nix
+++ b/networking.nix
@@ -14,6 +14,8 @@ in {
   networking.wireless.enable = true;
   imports = [ ./wireless-networks.nix ];
 
+  networking.extraHosts = secrets.hosts;
+
   networking.firewall = {
     enable = true;
     extraCommands = ''
diff --git a/secrets.nix.example b/secrets.nix.example
index 130da79..397f270 100644
--- a/secrets.nix.example
+++ b/secrets.nix.example
@@ -1,4 +1,8 @@
 {
+  hosts = ''
+    203.0.113.1 example.com
+  '';
+
   iptables = ''
     # vpn with default interface name (tun/tap)
     iptables -A OUTPUT -d 192.0.2.15 -j ACCEPT