From 3f889c7119145518e43b2f57bb1b9d7b4fdbd01a Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Mon, 10 Feb 2025 21:16:20 +0000
Subject: [PATCH] default firewall zones in gateway profile

---
 examples/rotuer.nix          | 4 ----
 modules/profiles/gateway.nix | 4 ++++
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/rotuer.nix b/examples/rotuer.nix
index 78251e2..1d2a726 100644
--- a/examples/rotuer.nix
+++ b/examples/rotuer.nix
@@ -69,10 +69,6 @@ in rec {
     firewall = {
       enable = true;
       rules = secrets.firewallRules;
-      zones = {
-        lan = [ config.services.int ];
-        wan = [ config.services.wan  ] ;
-      };
     };
     wireless.networks = {
       # EDIT: if you have more or fewer wireless radios, here is where
diff --git a/modules/profiles/gateway.nix b/modules/profiles/gateway.nix
index 1e0ae48..c62c816 100644
--- a/modules/profiles/gateway.nix
+++ b/modules/profiles/gateway.nix
@@ -50,6 +50,10 @@ in {
       rules = mkOption { type = types.attrsOf types.attrs; };
       zones = mkOption {
         type = types.attrsOf (types.listOf  liminix.lib.types.service);
+        default = {
+          lan = [ config.services.int ];
+          wan = [ config.services.wan ];
+        };
       };
     };