Hey, I've got an apu2c4 and was actually thinking about installing Ubuntu or Debian and try to run ansible on it, but your Nixos idea sounds good. Do you have any references for the setup? Have you found any downsides?
The reason I want to move away from pfsense is the lack of support for Wireguard.
The router uses systemd-networkd, unbound, corerad, hostapd.
I'm not in a position to share my config yet. If you give me contact details, I can share a few bits.
Downsides:
* When you screw up, you can lose Internet connectivity.
* When you screw up, you can lose access to your router. I mitigate this by securing exposing the router on the Internet, and then using 4G to SSH to the router.
* It took a while for me to figure out how to get a decent IPv6 setup.
* NixOS specific: if you find some config on StackOverflow (eg) it takes a bit of time to figure out how to fit that into NixOS.
The result is great though:
* this router has been through 2-3 major upgrades, and it just works.
* NixOS is modern/popular enough that it has had wireguard/corerad packaged for a while.
* I have confidence my router is actually behaving according to its config, because NixOS does a great job of that. This allows me to easily rebuild, which is useful if I experiment with something but give up: revert code, then deploy and the router is back to its previous state.
The reason I want to move away from pfsense is the lack of support for Wireguard.