1 files changed, 26 insertions, 5 deletions

diff --git a/hosts/poweredge/networking.nix b/hosts/poweredge/networking.nix
index 859bc93..fbf6fa6 100644
--- a/hosts/poweredge/networking.nix
+++ b/hosts/poweredge/networking.nix
@@ -16,11 +16,7 @@ in { config, ... }: {
 			vb-router-lan0.useDHCP = false;
 		};
 		# Configure network
-		defaultGateway = {
-			# Read explaination for veth-router-lan below
-			address = "10.255.255.1";
-			interface = "veth-router-lan";
-		};
+		defaultGateway = "10.255.255.1";  # Read explaination for veth-router-lan below
 		nameservers = [ "192.168.1.1" ];  # DNS will only be available from this ip address THROUGH the default gateway
 		# br-lan0 will be the interface used for networking on poweredge host
 		interfaces.br-lan0.ipv4.addresses = [{
@@ -116,8 +112,33 @@ in { config, ... }: {
 				};
 			};
 
+			services.unbound._blocklists = {
+				enable = true;
+				hageziBlocklists = [ "pro" "nsfw" ];
+			};
+
 			system.stateVersion = "25.11";
 		};
 	};
 
+	# FIXME the following snippet will cause the router container to fail to start:
+	#   networking.defaultGateway = {
+	#     address = "10.255.255.1";
+	#     interface = "veth-router-lan";
+	#   };
+	# Journalctl will report:
+	#   poweredge container router: Bring veth-router-lan up
+	#   poweredge container router: RTNETLINK answers: File exists
+	#   poweredge systemd: container@router.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
+	# So the issue nixos is creating an interface with that same name.
+	# As a temporary workaround, the following service is deployed (after the container starts):
+	systemd.services.router-default-route = {
+		after = [ "container@router.service" ];
+		wants = [ "container@router.service" ];
+		serviceConfig.Type = "oneshot";
+		script = ''
+			/run/current-system/sw/bin/ip route replace default via 10.255.255.1 dev veth-router-lan
+		'';
+		wantedBy = [ "multi-user.target" ];
+	};
 }