nftables routing module for router

1 files changed, 18 insertions, 12 deletions

diff --git a/archetypes/profiles/router/default.nix b/archetypes/profiles/router/default.nix
index 646982b..58e3407 100644
--- a/archetypes/profiles/router/default.nix
+++ b/archetypes/profiles/router/default.nix
@@ -1,26 +1,32 @@
 { lib, pkgs, ... }: let
 	mkRouter = lib.mkOverride 800;
 
+	# https://wiki.nixos.org/wiki/Networking
 	nixosConfig = {
 		services.unbound = {
 			_blocklists = {
 				enable = true;
-				blocklists = {
-					hageziNSFW = [
-						"https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/nsfw.txt"
-						"https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/nsfw.txt"
-						"https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/rpz/nsfw.txt"
-					];
-					hageziPro = [
-						"https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/pro.txt"
-						"https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/pro.txt"
-						"https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/rpz/pro.txt"
+				blocklists = let
+					hageziList = list: [
+						"https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/${list}.txt"
+						"https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/${list}.txt"
+						"https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/rpz/${list}.txt"
 					];
+				in {
+					hageziNSFW = hageziList "nsfw";
+					hageziPro = hageziList "pro";
 				};
 			};
 		};
-		services._router.dnsDhcpConfig = {
-			enable = mkRouter true;
+		services._router = {
+			dnsDhcpConfig.enable = mkRouter true;
+			routing = {
+				enable = mkRouter true;
+				interfaces = {
+					lan = mkRouter "lan0";
+					wan = mkRouter "wan0";
+				};
+			};
 		};
 	};