From 95ebddb661fede3662d6d482f01d0acc5d042226 Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Wed, 20 Mar 2024 18:13:33 +0000
Subject: [PATCH] move default routes to gateway profile

---
 examples/rotuer.nix          | 12 ------------
 modules/profiles/gateway.nix | 13 +++++++++++++
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/examples/rotuer.nix b/examples/rotuer.nix
index 4b23812..9593495 100644
--- a/examples/rotuer.nix
+++ b/examples/rotuer.nix
@@ -97,18 +97,6 @@ in rec {
 
   users.root = secrets.root;
 
-  services.defaultroute4 = svc.network.route.build {
-    via = "$(output ${config.services.wan} address)";
-    target = "default";
-    dependencies = [ config.services.wan ];
-  };
-
-  services.defaultroute6 = svc.network.route.build {
-    via = "$(output ${config.services.wan} ipv6-peer-address)";
-    target = "default";
-    interface = config.services.wan;
-  };
-
   services.firewall = svc.firewall.build {
     ruleset =
       let defaults = import ./demo-firewall.nix;
diff --git a/modules/profiles/gateway.nix b/modules/profiles/gateway.nix
index 82dc964..e34d5f9 100644
--- a/modules/profiles/gateway.nix
+++ b/modules/profiles/gateway.nix
@@ -131,6 +131,19 @@ in {
         domain = dcfg.localDomain;
       };
 
+    services.defaultroute4 = svc.network.route.build {
+      via = "$(output ${config.services.wan} address)";
+      target = "default";
+      dependencies = [ config.services.wan ];
+    };
+
+    services.defaultroute6 = svc.network.route.build {
+      via = "$(output ${config.services.wan} ipv6-peer-address)";
+      target = "default";
+      interface = config.services.wan;
+    };
+
+
     services.resolvconf = oneshot rec {
       dependencies = [ config.services.wan ];
       name = "resolvconf";