diff --git a/role/router/default.nix b/role/router/default.nix
index c0a8d79..4c0404d 100644
--- a/role/router/default.nix
+++ b/role/router/default.nix
@@ -1,32 +1,83 @@
-{
-# To get the MAC address of each card, use this command: cat /sys/class/net/*device_name*/address
-# Make sure to use the lower-case hex values in your udev rules. It does not like upper-case.
-wanInterface, wirelessInterfaces, lanInterfaces,
-internalRouterIP,
-internalPrefixLength? 24,
-internalBridgeInterfaceName? "lan"
-}:
+{ config, lib, pkgs, ... }:
 
-let pkgs = import <nixpkgs> { };
+with lib;
+
+let cfg = config.services.router;
 in {
-  networking = {
-    enableIPv6 = false; # TODO
-    nat = {
-      enable = true;
-      externalInterface = wanInterface;
-      internalInterfaces = [ internalBridgeInterfaceName ];
+  options.services.router = {
+    enable = mkEnableOption "router service";
+
+    wanInterface = mkOption {
+      type = types.str;
+      example = "enp0";
+      description = ''
+        WAN interface name.
+      '';
     };
 
-    bridges.lan.interfaces = lanInterfaces ++ wirelessInterfaces;
-    interfaces.lan = {
-      ipv4 = {
-        addresses = [{
-          address = internalRouterIP;
-          prefixLength = internalPrefixLength;
-        }];
-      };
+    wirelessInterfaces = mkOption {
+      type = types.listOf types.str;
+      example = [ "wlp1" "wlp2" ];
+      default = [ ];
+      description = ''
+        Wireless interfaces names.
+      '';
+    };
+
+    lanInterfaces = mkOption {
+      type = types.listOf types.str;
+      example = [ "enp1" "enp2" ];
+      default = [ ];
+      description = ''
+        LAN interfaces names.
+      '';
+    };
+
+    internalRouterIP = mkOption {
+      type = types.str;
+      example = "192.168.0.1";
+      description = ''
+        Internal IP of router. 
+      '';
+    };
+
+    internalPrefixLength = mkOption {
+      type = types.addCheck types.int (n: n >= 0 && n <= 32);
+      default = 24;
+      description = ''
+        Subnet mask of the network, specified as the number of
+        bits in the prefix (<literal>24</literal>).
+      '';
+    };
+
+    internalBridgeInterfaceName = mkOption {
+      type = types.str;
+      default = "lan";
+      description = ''
+        Name of the virtual internal interface.
+      '';
     };
-    firewall.trustedInterfaces = [ internalBridgeInterfaceName ];
   };
 
+  config = mkIf cfg.enable {
+    networking = {
+      enableIPv6 = false; # TODO
+      nat = {
+        enable = true;
+        externalInterface = cfg.wanInterface;
+        internalInterfaces = [ cfg.internalBridgeInterfaceName ];
+      };
+
+      bridges.lan.interfaces = cfg.lanInterfaces ++ cfg.wirelessInterfaces;
+      interfaces.lan = {
+        ipv4 = {
+          addresses = [{
+            address = cfg.internalRouterIP;
+            prefixLength = cfg.internalPrefixLength;
+          }];
+        };
+      };
+      firewall.trustedInterfaces = [ cfg.internalBridgeInterfaceName ];
+    };
+  };
 }