diff --git a/examples/rotuer.nix b/examples/rotuer.nix
index 4b23812..9593495 100644
--- a/examples/rotuer.nix
+++ b/examples/rotuer.nix
@@ -97,18 +97,6 @@ in rec {
 
   users.root = secrets.root;
 
-  services.defaultroute4 = svc.network.route.build {
-    via = "$(output ${config.services.wan} address)";
-    target = "default";
-    dependencies = [ config.services.wan ];
-  };
-
-  services.defaultroute6 = svc.network.route.build {
-    via = "$(output ${config.services.wan} ipv6-peer-address)";
-    target = "default";
-    interface = config.services.wan;
-  };
-
   services.firewall = svc.firewall.build {
     ruleset =
       let defaults = import ./demo-firewall.nix;
diff --git a/modules/profiles/gateway.nix b/modules/profiles/gateway.nix
index 82dc964..e34d5f9 100644
--- a/modules/profiles/gateway.nix
+++ b/modules/profiles/gateway.nix
@@ -131,6 +131,19 @@ in {
         domain = dcfg.localDomain;
       };
 
+    services.defaultroute4 = svc.network.route.build {
+      via = "$(output ${config.services.wan} address)";
+      target = "default";
+      dependencies = [ config.services.wan ];
+    };
+
+    services.defaultroute6 = svc.network.route.build {
+      via = "$(output ${config.services.wan} ipv6-peer-address)";
+      target = "default";
+      interface = config.services.wan;
+    };
+
+
     services.resolvconf = oneshot rec {
       dependencies = [ config.services.wan ];
       name = "resolvconf";