{ lib, pkgs, ... }: let
	mkRouter = lib.mkOverride 800;

	# https://wiki.nixos.org/wiki/Networking
	nixosConfig = {
		services.unbound = {
			_blocklists = {
				enable = true;
				blocklists = let
					hageziList = list: [
						"https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/${list}.txt"
						"https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/${list}.txt"
						"https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/rpz/${list}.txt"
					];
				in {
					hageziNSFW = hageziList "nsfw";
					hageziPro = hageziList "pro";
				};
			};
		};
		services._router = {
			dnsDhcpConfig.enable = mkRouter true;
			routing = {
				enable = mkRouter true;
				interfaces = {
					lan = mkRouter "lan0";
					wan = mkRouter "wan0";
				};
			};
		};
	};

	homeConfig = {};
in {
	imports = [ (lib._mkProfileArchetype "router" nixosConfig homeConfig) ];
}