diff --git a/ops/nixos/swann/default.nix b/ops/nixos/swann/default.nix
index fa316c1b27..cb709d5ead 100644
--- a/ops/nixos/swann/default.nix
+++ b/ops/nixos/swann/default.nix
@@ -110,8 +110,17 @@ in {
         { priority = 10024; v6 = "to 2a09:a441::1:0/112 table main"; }
         { priority = 10025; v6 = "to 2a09:a441::2:0/112 table main"; }
 
+        # And the Google VIP I'm (ab)using for Stadia (see CoreDNS below).
+        { priority = 10030; v4 = "to 216.239.38.120/32 table main"; }
+
+        # add-on.ee.co.uk goes via EE.
+        { priority = 10031; v4 = "to 82.192.97.153/32 table 201"; }
+
+        # Anything originating from 192.168.200.0/24 should go via EE too.
+        { priority = 10032; v4 = "from 192.168.200.0/24 table 201"; }
+
         # Everything else over WG.
-        { priority = 10030; both = "table 150"; }
+        { priority = 10099; both = "table 150"; }
       ];
       clearRules = map (x: ''
         ip -4 rule del priority ${toString x} >/dev/null 2>&1 || true
@@ -159,6 +168,7 @@ in {
     "net.ipv6.conf.default.forwarding" = "1";
     "net.ipv6.conf.all.forwarding" = "1";
     "net.ipv6.conf.en-virginmedia.accept_ra" = "2";
+    "net.ipv6.conf.en-ee.accept_ra" = "2";
   };
   networking.nat = {
     enable = true;
@@ -249,7 +259,7 @@ in {
       listenPort = 51821;
       privateKey = secrets.wireguard.tuvok-swann.swann.privateKey;
       peers = [(peerBase // {
-        endpoint = "92.118.28.252:51821";
+        endpoint = "[2a09:a441::f00f]:51821";
         publicKey = secrets.wireguard.tuvok-swann.tuvok.publicKey;
       })];
       postSetup = ''
@@ -353,6 +363,7 @@ in {
           block
         }
         hosts /dev/null {
+          216.239.38.120 stadia.google.com stadia.com
           fallthrough
         }
         loadbalance