diff --git a/docs/site/getting-started/convert-existing-NixOS-configuration.md b/docs/site/getting-started/convert-existing-NixOS-configuration.md
index 25c85e62a..233e4c67e 100644
--- a/docs/site/getting-started/convert-existing-NixOS-configuration.md
+++ b/docs/site/getting-started/convert-existing-NixOS-configuration.md
@@ -88,6 +88,7 @@ For the provide flake example, your flake should now look like this:
       self = self; # this needs to point at the repository root
       specialArgs = {};
       meta.name = throw "Change me to something unique";
+      meta.tld = throw "Change me to something unique";
 
       machines = {
         berlin = {
diff --git a/docs/site/getting-started/creating-your-first-clan.md b/docs/site/getting-started/creating-your-first-clan.md
index 14ebf47c3..0f0bdc2f9 100644
--- a/docs/site/getting-started/creating-your-first-clan.md
+++ b/docs/site/getting-started/creating-your-first-clan.md
@@ -137,12 +137,13 @@ Description: None
 
 This confirms your setup is working correctly.
 
-You can now change the default name by editing the `meta.name` field in your `clan.nix` file.
+You can now change the default name and tld by editing the `meta.name` and `meta.tld` fields in your `clan.nix` file.
 
-```{.nix title="clan.nix" hl_lines="3"}
+```{.nix title="clan.nix" hl_lines="3 4"}
 {
   # Ensure this is unique among all clans you want to use.
   meta.name = "__CHANGE_ME__";
+  meta.tld = "changeme";
 
   # ...
   # elided
diff --git a/docs/site/getting-started/update-machines.md b/docs/site/getting-started/update-machines.md
index 8f2b795e6..bde5773e1 100644
--- a/docs/site/getting-started/update-machines.md
+++ b/docs/site/getting-started/update-machines.md
@@ -10,10 +10,11 @@ and how to define a remote builder for your machine closures.
 Set the machine’s `targetHost` to the reachable IP address of the new machine.
 This eliminates the need to specify `--target-host` in CLI commands.
 
-```{.nix title="clan.nix" hl_lines="9"}
+```{.nix title="clan.nix" hl_lines="10"}
 {
 # Ensure this is unique among all clans you want to use.
 meta.name = "my-clan";
+meta.tld = "ccc";
 
 inventory.machines = {
     # Define machines here.
diff --git a/docs/site/guides/flake-parts.md b/docs/site/guides/flake-parts.md
index b3cee3886..9faf35c3c 100644
--- a/docs/site/guides/flake-parts.md
+++ b/docs/site/guides/flake-parts.md
@@ -60,6 +60,7 @@ Configure Clan-wide settings and define machines. Here's an example `flake.nix`:
       # Define your Clan
       clan = {
         meta.name = ""; # Required and must be unique
+        meta.tld = ""; # Required and must be unique
 
         machines = {
           jon = {
diff --git a/docs/site/guides/networking/mesh-vpn.md b/docs/site/guides/networking/mesh-vpn.md
index d629dc94b..7aa2ce1e9 100644
--- a/docs/site/guides/networking/mesh-vpn.md
+++ b/docs/site/guides/networking/mesh-vpn.md
@@ -43,6 +43,7 @@ For the purpose of this guide we have two machines:
         inherit self;
 
         meta.name = "myclan";
+        meta.tld = "ccc";
 
         inventory.machines = {
           controller = {};
diff --git a/docs/site/guides/vars/sops/age-plugins.md b/docs/site/guides/vars/sops/age-plugins.md
index cc1340bb3..2be67aaef 100644
--- a/docs/site/guides/vars/sops/age-plugins.md
+++ b/docs/site/guides/vars/sops/age-plugins.md
@@ -63,6 +63,7 @@ To use `age` plugins with Clan, you need to configure them in your `flake.nix` f
       inherit self;
 
       meta.name = "myclan";
+      meta.tld = "ccc";
 
       # Add YubiKey and FIDO2 HMAC plugins
       # Note: Plugins must be available in nixpkgs.
diff --git a/lib/tests.nix b/lib/tests.nix
index fb13d3912..ee4950e15 100644
--- a/lib/tests.nix
+++ b/lib/tests.nix
@@ -81,6 +81,7 @@ in
         description = null;
         icon = null;
         name = "test";
+        tld = "clan";
       };
     };
 
diff --git a/modules/inventoryClass/meta-interface.nix b/modules/inventoryClass/meta-interface.nix
index 5bf12be26..d11c113fd 100644
--- a/modules/inventoryClass/meta-interface.nix
+++ b/modules/inventoryClass/meta-interface.nix
@@ -31,6 +31,20 @@ let
         Under construction, will be used for the UI
       '';
     };
+    tld = lib.mkOption {
+      type = types.strMatching "[a-z]+";
+      default = "clan";
+      example = "ccc";
+      description = ''
+        Top level domain (TLD) of the clan. It should be set to a valid, but
+        not already existing TLD.
+
+        It will be used to provide clan-internal services and resolve each host of the
+        clan with:
+
+        <hostname>.<tld>
+      '';
+    };
   };
 in
 {
diff --git a/modules/machineModules/forName.nix b/modules/machineModules/forName.nix
index e537ba55d..361f58dfb 100644
--- a/modules/machineModules/forName.nix
+++ b/modules/machineModules/forName.nix
@@ -20,7 +20,7 @@
   );
 
   clan.core.settings = {
-    inherit (meta) name icon;
+    inherit (meta) name icon tld;
     inherit directory;
     machine = {
       inherit name;
diff --git a/nixosModules/clanCore/metadata.nix b/nixosModules/clanCore/metadata.nix
index 644d16120..7e016dce0 100644
--- a/nixosModules/clanCore/metadata.nix
+++ b/nixosModules/clanCore/metadata.nix
@@ -106,6 +106,15 @@ in
             # Set by the flake, so it's read-only in the machine
             readOnly = true;
           };
+          tld = lib.mkOption {
+            default = "clan";
+            type = lib.types.str;
+            description = ''
+              the TLD for the clan
+            '';
+            # Set by the flake, so it's read-only in the machine
+            readOnly = true;
+          };
           machine = mkOption {
             description = ''
               Settings of the machine.
diff --git a/pkgs/clan-cli/clan_lib/nix_models/clan.py b/pkgs/clan-cli/clan_lib/nix_models/clan.py
index 234fbf235..9277044b2 100644
--- a/pkgs/clan-cli/clan_lib/nix_models/clan.py
+++ b/pkgs/clan-cli/clan_lib/nix_models/clan.py
@@ -81,11 +81,13 @@ class InventoryMachine(TypedDict):
 InventoryMetaNameType = str
 InventoryMetaDescriptionType = str | None
 InventoryMetaIconType = str | None
+InventoryMetaTldType = str
 
 class InventoryMeta(TypedDict):
     name: str
     description: NotRequired[InventoryMetaDescriptionType]
     icon: NotRequired[InventoryMetaIconType]
+    tld: NotRequired[InventoryMetaTldType]
 
 
 
diff --git a/templates/clan/default/clan.nix b/templates/clan/default/clan.nix
index 956a0a3c2..0c3f47ddd 100644
--- a/templates/clan/default/clan.nix
+++ b/templates/clan/default/clan.nix
@@ -1,6 +1,7 @@
 {
   # Ensure this is unique among all clans you want to use.
   meta.name = "__CHANGE_ME__";
+  meta.tld = "changeme";
 
   inventory.machines = {
     # Define machines here.
diff --git a/templates/clan/flake-parts-minimal/clan.nix b/templates/clan/flake-parts-minimal/clan.nix
index 173e01fe4..183c5afab 100644
--- a/templates/clan/flake-parts-minimal/clan.nix
+++ b/templates/clan/flake-parts-minimal/clan.nix
@@ -5,5 +5,6 @@
   ];
   clan = {
     meta.name = "__CHANGE_ME__";
+    meta.tld = "changeme";
   };
 }
diff --git a/templates/clan/flake-parts/clan.nix b/templates/clan/flake-parts/clan.nix
index 956a0a3c2..0c3f47ddd 100644
--- a/templates/clan/flake-parts/clan.nix
+++ b/templates/clan/flake-parts/clan.nix
@@ -1,6 +1,7 @@
 {
   # Ensure this is unique among all clans you want to use.
   meta.name = "__CHANGE_ME__";
+  meta.tld = "changeme";
 
   inventory.machines = {
     # Define machines here.
diff --git a/templates/clan/minimal/flake.nix b/templates/clan/minimal/flake.nix
index 6ce796cf9..4c1e59c5e 100644
--- a/templates/clan/minimal/flake.nix
+++ b/templates/clan/minimal/flake.nix
@@ -11,6 +11,7 @@
         # Change this to your clan name
         # Setting a name is required
         meta.name = inputs.nixpkgs.lib.mkDefault "__clan__";
+        meta.tld = inputs.nixpkgs.lib.mkDefault "changeme";
       };
     in
     {