From 9f2f1c795a36f5863aba8f848ce6ea57d34bde02 Mon Sep 17 00:00:00 2001
From: Nolan Darilek <nolan@thewordnerd.info>
Date: Mon, 21 Jul 2025 10:46:59 -0400
Subject: [PATCH] Basic router config.

---
 flake.nix                               |  4 ++
 hosts/router/default.nix                | 67 +++++++++++++++++++++++++
 hosts/router/hardware-configuration.nix | 57 +++++++++++++++++++++
 3 files changed, 128 insertions(+)
 create mode 100644 hosts/router/default.nix
 create mode 100644 hosts/router/hardware-configuration.nix

diff --git a/flake.nix b/flake.nix
index 143389a..7dcdf21 100644
--- a/flake.nix
+++ b/flake.nix
@@ -95,6 +95,10 @@
           includeHomeManager = false;
           specialArgs = { inherit inputs; };
         };
+
+        router = mkHost {
+          hostPath = ./hosts/router;
+        };
       };
 
       checks.${system} = {
diff --git a/hosts/router/default.nix b/hosts/router/default.nix
new file mode 100644
index 0000000..6d0dec8
--- /dev/null
+++ b/hosts/router/default.nix
@@ -0,0 +1,67 @@
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../base.nix
+    ../../roles/zfs.nix
+    ../../users/root.nix
+    ../../roles/espeakup.nix
+    ../../roles/tailscale.nix
+    ../../roles/vscode-remote.nix
+    # ../../roles/caddy.nix
+  ];
+
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+    supportedFilesystems = [ "zfs" ];
+  };
+
+  networking = {
+    hostName = "router";
+    hostId = "91312b0b";
+    # nat = {
+    #   enable = true;
+    #   internalInterfaces = [ "ve-+" ];
+    #   externalInterface = "enp5s0";
+    #   enableIPv6 = true;
+    # };
+    useNetworkd = true;
+  };
+
+  time.timeZone = "America/Detroit";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console.keyMap = "us";
+
+  # Enable the Flakes feature and the accompanying new nix command-line tool
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "25.05"; # Did you read the comment?
+}
diff --git a/hosts/router/hardware-configuration.nix b/hosts/router/hardware-configuration.nix
new file mode 100644
index 0000000..1bcb0ef
--- /dev/null
+++ b/hosts/router/hardware-configuration.nix
@@ -0,0 +1,57 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "thunderbolt"
+    "ahci"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+    "sdhci_pci"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/a0df6959-f878-48d0-aabe-5f46915c1921";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/7EEE-698D";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp89s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}