diff --git a/flake.nix b/flake.nix
index eccb00a..f8917cd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -44,6 +44,10 @@
       pre-yate-n0emis = { config, pkgs, ... }: {
         deployment.targetHost = "2001:470:7694::5e5";
       };
+
+      router = { config, pkgs, ... }: {
+        deployment.targetHost = "router.bula22.de";
+      };
     };
   };
 }
diff --git a/hosts/router/configuration.nix b/hosts/router/configuration.nix
new file mode 100644
index 0000000..2df2629
--- /dev/null
+++ b/hosts/router/configuration.nix
@@ -0,0 +1,31 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+
+      ./net-services.nix
+    ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "router";
+
+  networking.useDHCP = false;
+
+  networking.defaultGateway = { address = "10.42.10.1"; interface = "net-services"; };
+  networking.defaultGateway6 = { address = "2a01:4f8:1c0c:8221::1"; interface = "net-services"; };
+
+  networking.nameservers = [ "10.42.10.1" "2a01:4f8:1c0c:8221::1" ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.05"; # Did you read the comment?
+
+}
diff --git a/hosts/router/hardware-configuration.nix b/hosts/router/hardware-configuration.nix
new file mode 100644
index 0000000..b34fb0e
--- /dev/null
+++ b/hosts/router/hardware-configuration.nix
@@ -0,0 +1,36 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/7dc69b5a-5951-4361-a3ed-b0d5a1d1bda2";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1CA1-50C3";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/router/net-services.nix b/hosts/router/net-services.nix
new file mode 100644
index 0000000..cf3beba
--- /dev/null
+++ b/hosts/router/net-services.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ...}:
+
+{
+    networking.vlans."net-services" = {
+      id = 10;
+      interface = "ens18";
+    };
+
+    networking.interfaces.net-services.ipv4.addresses = [
+      { address = "10.42.10.2"; prefixLength = 24; }
+    ];
+    networking.interfaces.net-services.ipv6.addresses = [
+      { address = "2a01:4f8:1c0c:8221::2"; prefixLength = 64; }
+    ];
+}