diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix
index 21b6992..acc1a6c 100644
--- a/hosts/lily/default.nix
+++ b/hosts/lily/default.nix
@@ -1,14 +1,87 @@
-{ pkgs, config, ... }:
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+let
+  externalInterface = "wan0";
+  # networks = config.homelab.networks.local;
+  # internalInterfaces = lib.mapAttrsToList (_: val: val.interface) networks;
+  # internalIPs = lib.mapAttrsToList (
+  #   _: val: lib.strings.removeSuffix ".1" val.cidr + ".0/24"
+  # ) networks;
+in
 {
   imports = [
     ./hardware-configuration.nix
     ./variables.nix
-    ./../../modules/core/default.server.nix
+    ./../../modules/core/default.router.nix
   ];
 
-  networking.hostName = "lily";
+  liv = {
+    server.enable = true;
+    router.enable = true;
+  };
 
-  liv.server.enable = true;
+  boot = {
+    supportedFilesystems = [ "zfs" ];
+    loader.grub = {
+      enable = true;
+      device = "/dev/sda";
+      useOSProber = true;
+    };
+    kernel = {
+      sysctl = {
+        # Forward both IPv4 and IPv6 on all interfaces
+        "net.ipv4.conf.all.forwarding" = true;
+        "net.ipv6.conf.all.forwarding" = false;
+
+        # By default, do not automatically configure any IPv6 addresses.
+        # "net.ipv6.conf.all.accept_ra" = 0;
+        # "net.ipv6.conf.all.autoconf" = 0;
+        # "net.ipv6.conf.all.use_tempaddr" = 0;
+
+        # Allow IPv6 autoconfiguration and tempory address use on WAN.
+        "net.ipv6.conf.${externalInterface}.accept_ra" = 2;
+        "net.ipv6.conf.${externalInterface}.autoconf" = 1;
+      };
+    };
+  };
+
+  networking = {
+    firewall = {
+      enable = true;
+      allowPing = true;
+
+      # allow ssh on *all* interfaces, even wan.
+      allowedTCPPorts = lib.mkForce [ 22 ];
+      allowedUDPPorts = lib.mkForce [ 22 ];
+
+      # interface-specific rules
+      interfaces = {
+        "lan0" = {
+          allowedTCPPorts = [
+            22
+            53
+          ];
+          allowedUDPPorts = [
+            22
+            53
+          ];
+        };
+      };
+    };
+  };
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0"
+    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0"
+    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1"
+    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2"
+  '';
+
+  networking.hostName = "lily";
 
   time.timeZone = "Europe/Amsterdam";
 
@@ -17,10 +90,6 @@
     zfs
   ];
 
-  boot = {
-    supportedFilesystems = [ "zfs" ];
-  };
-
   networking.hostId = "8ddb2a9b";
 
   services.zfs = {
@@ -28,10 +97,6 @@
     trim.enable = true;
   };
 
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.useOSProber = true;
-
   # boot.zfs.extraPools = [ "terrabite" ];
 
   # fileSystems."/terrabite/main" = {
diff --git a/modules/core/default.router.nix b/modules/core/default.router.nix
new file mode 100644
index 0000000..c0f7c80
--- /dev/null
+++ b/modules/core/default.router.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+  imports =
+    [ (import ./hardware.nix) ]
+    ++ [ (import ./program.nix) ]
+    ++ [ (import ./sshd.nix) ]
+    ++ [ (import ./security.nix) ]
+    ++ [ (import ./services.nix) ]
+    ++ [ (import ./system.nix) ]
+    ++ [ (import ./user.nix) ];
+}
diff --git a/modules/core/user.nix b/modules/core/user.nix
index b96dbee..ee3ecce 100644
--- a/modules/core/user.nix
+++ b/modules/core/user.nix
@@ -23,6 +23,8 @@
           [ ./../home/default.server.nix ]
         else if (host == "dandelion") then
           [ ./../home/default.server.nix ]
+        else if (host == "lily") then
+          [ ./../home/default.server.nix ]
         # else if (host == "yoshino") then
         # [ ./../home/default.nix ]
         else
diff --git a/roles/default.nix b/roles/default.nix
index 0d11aa1..8f3d3c2 100644
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -5,6 +5,7 @@
     ++ [ (import ./amdgpu.nix) ]
     ++ [ (import ./nvidia.nix) ]
     ++ [ (import ./server.nix) ]
+    ++ [ (import ./router.nix) ]
     ++ [ (import ./desktop.nix) ]
     ++ [ (import ./wine.nix) ]
     ++ [ (import ./creative.nix) ]
diff --git a/roles/router.nix b/roles/router.nix
new file mode 100644
index 0000000..a762d7d
--- /dev/null
+++ b/roles/router.nix
@@ -0,0 +1,46 @@
+{
+  lib,
+  pkgs,
+  config,
+  username,
+  home-manager,
+  ...
+}:
+with lib;
+let
+  cfg = config.liv.router;
+in
+{
+  options.liv.router = {
+    enable = mkEnableOption "Enable router";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      pkgs.kitty.terminfo
+      powertop
+      bind
+    ];
+
+    services = {
+      thermald.enable = true;
+      vnstat.enable = true;
+      # cpupower-gui.enable = true;
+      # power-profiles-daemon.enable = true;
+
+      # auto-cpufreq = {
+      #   enable = true;
+      #   settings = {
+      #     battery = {
+      #       governor = "powersave";
+      #       turbo = "auto";
+      #     };
+      #     charger = {
+      #       governor = "performance";
+      #       turbo = "auto";
+      #     };
+      #   };
+      # };
+    };
+  };
+}