From dff621fe42ae3394816fb436b93e3eac231abb49 Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Tue, 16 Jul 2024 16:36:22 -0500
Subject: [PATCH] Firewall?

---
 nixos/router.nix | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/nixos/router.nix b/nixos/router.nix
index 2a07ec3..2caed59 100644
--- a/nixos/router.nix
+++ b/nixos/router.nix
@@ -2,7 +2,7 @@
   lib,
   # outputs,
   # config,
-  # pkgs,
+  pkgs,
   ...
 }: let
   # NOTE: I could turn this into a cool NixOS module?
@@ -181,10 +181,15 @@ in {
     };
   };
 
+  environment.systemPackages = with pkgs; [
+    wpa_supplicant
+  ];
+
   networking = {
     hostName = "router";
     domain = "h.lyte.dev";
     useDHCP = false;
+    wireless.enable = true;
 
     # useDHCP = true;
     # nat.enable = true; # TODO: maybe replace some of the nftables stuff with this module?
@@ -198,7 +203,7 @@ in {
       ff02::2 ip6-allrouters
     '';
 
-    firewall.enable = false;
+    firewall.enable = true;
     firewall.allowedTCPPorts = [
       2201
       22
@@ -356,6 +361,18 @@ in {
 
   systemd.network = {
     enable = true;
+    networks = {
+      wan = {
+        networkConfig = {
+          DHCP = "yes";
+        };
+      };
+      lan = {
+        networkConfig = {
+          DHCP = "yes";
+        };
+      };
+    };
     links = {
       "10-${wan_if}" = {
         enable = true;