diff --git a/defaults/main.yml b/defaults/main.yml
index 9fb6cb2..8272c66 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,3 +8,5 @@ maatma_network:
   gateway6: "2a01:e0a:518:833::1"
 
 wg_adlin_port: 42912
+
+nameserver_host: aton.ra.nemunai.re
diff --git a/tasks/container-setup.yml b/tasks/container-setup.yml
index b7841c1..a9a9fce 100644
--- a/tasks/container-setup.yml
+++ b/tasks/container-setup.yml
@@ -48,7 +48,6 @@
       lxc.net.1.veth.pair = veth_sshpipper
       lxc.net.1.ipv4.address = 169.254.42.1/30
 
-      lxc.environment = ADLIN_SHARED_SECRET={{ adlin_shared_secret }}
       lxc.environment = MYSQL_HOST=tcp({{ mysql_endpoint.host }}:{{ mysql_endpoint.port}})
       lxc.environment = MYSQL_USER={{ mysql_maatma.username }}
       lxc.environment = MYSQL_PASSWORD={{ mysql_maatma.password }}
@@ -83,6 +82,14 @@
     - checker
     - clean-wg
 
+- name: Copy init configs
+  template:
+    src: "{{ item }}.conf.j2"
+    dest: "/var/lib/lxc/{{ ctr_name }}/rootfs/etc/conf.d/{{ item }}"
+    mode: 0755
+  loop:
+    - token-validator
+
 - name: Setup runlevels
   file:
     path: "/var/lib/lxc/{{ ctr_name }}/rootfs/etc/runlevels/{{ item.runlevel }}/{{ item.filename }}"
diff --git a/templates/token-validator.conf.j2 b/templates/token-validator.conf.j2
new file mode 100644
index 0000000..1d0727d
--- /dev/null
+++ b/templates/token-validator.conf.j2
@@ -0,0 +1,7 @@
+export ADLIN_SHARED_SECRET="{{ adlin_shared_secret }}"
+export ADLIN_NS_HOST={{ nameserver_host }}:53
+{% if acl_maatma_secret is defined %}
+export ADLIN_TSIG_NAME=maatma.
+export ADLIN_TSIG_SECRET="{{ acl_maatma_secret }}"
+{% endif %}
+export ADLIN_COLLECTOR_SECRET="{{ adlin_collector_secret }}"