diff --git a/flake.nix b/flake.nix
index ccd5589..1951766 100644
--- a/flake.nix
+++ b/flake.nix
@@ -79,11 +79,20 @@
           ./system/hosts/nixserver
         ];
       };
-      router = {
+      router-emmc = {
         system = "aarch64-linux";
         modules = [
-          ./system/hardware/bpi_r3.nix
+          ./system/hardware/bpi_r3/emmc.nix
           ./system/hosts/router
+          { networking.hostName = "router"; }
+        ];
+      };
+      router-sd = {
+        system = "aarch64-linux";
+        modules = [
+          ./system/hardware/bpi_r3/sd.nix
+          ./system/hosts/router
+          { networking.hostName = "router"; }
         ];
       };
       nixmsi = rec {
@@ -103,13 +112,25 @@
         ];
       };
     };
-  in {
+  in rec {
     overlays.default = overlay;
     packages = lib.genAttrs [
       "x86_64-linux"
       "aarch64-linux"
     ] (system: let self = overlay self (import nixpkgs { inherit system; }); in self );
     # this is the system config part
+    nixosImages.router = let pkgs = import nixpkgs { system = "aarch64-linux"; overlays = [ overlay ]; }; in {
+      emmcImage = pkgs.callPackage ./system/hardware/bpi_r3/image.nix {
+        inherit (nixosConfigurations.router-emmc) config;
+        rootfsImage = nixosConfigurations.router-emmc.config.system.build.rootfsImage;
+        bpiR3Stuff = pkgs.bpiR3StuffEmmc;
+      };
+      sdImage = pkgs.callPackage ./system/hardware/bpi_r3/image.nix {
+        inherit (nixosConfigurations.router-sd) config;
+        rootfsImage = nixosConfigurations.router-sd.config.system.build.rootfsImage;
+        bpiR3Stuff = pkgs.bpiR3StuffSd;
+      };
+    };
     nixosConfigurations = builtins.mapAttrs (hostname: args @ { system ? "x86_64-linux", modules, nixpkgs ? {}, home ? {}, ... }:
       lib.nixosSystem ({
         inherit system;
@@ -129,8 +150,8 @@
           ./system/modules/common.nix
           (getPrivSys hostname)
           # The common configuration that isn't part of common.nix
-          ({ config, pkgs, ... }: {
-            networking.hostName = hostname;
+          ({ config, pkgs, lib, ... }: {
+            networking.hostName = lib.mkDefault hostname;
             nixpkgs.overlays = [ overlay ];
             nix.extraOptions = ''
               plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 3f18096..0246f1a 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -250,7 +250,7 @@ rec {
 
       BRIDGE = yes;
       HSR = no;
-      NET_DSA = module;
+      NET_DSA = yes;
 
       # packet CLaSsification
       NET_CLS_ROUTE4 = module;
@@ -289,10 +289,13 @@ rec {
       # random stuff
       PSAMPLE = module;
       RFKILL = yes;
+      CRYPTO_SHA256 = yes;
 
       # hardware specific stuff
       FB = lib.mkForce no;
       DRM = no;
+      CFG80211 = module;
+      MAC80211 = module;
 
       NR_CPUS = lib.mkForce (freeform "4");
       SMP = yes;
@@ -312,8 +315,11 @@ rec {
       MTK_PMIC_WRAP = yes;
       MTK_THERMAL = yes;
       MTK_TIMER = yes;
-      NET_DSA_MT7530 = module;
-      NET_MEDIATEK_SOC = module;
+      NET_DSA_MT7530 = yes;
+      NET_DSA_MT7530_MDIO = yes;
+      NET_DSA_MT7530_MMIO = yes;
+      NET_DSA_TAG_MTK = yes;
+      NET_MEDIATEK_SOC = yes;
       NET_MEDIATEK_SOC_WED = yes;
       NET_MEDIATEK_STAR_EMAC = yes;
       NET_SWITCHDEV = yes;
diff --git a/system/hardware/bpi_r3.nix b/system/hardware/bpi_r3.nix
deleted file mode 100644
index df2d897..0000000
--- a/system/hardware/bpi_r3.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ pkgs
-, ... }:
-
-{
-  boot.loader = {
-    grub.enable = false;
-    generic-extlinux-compatible.enable = true;
-  };
-
-  # i'm not about to build a kernel on every update without an arm device...
-  # i guess i could use my phone for building it, but no, not interested
-  # boot.kernelPackages = pkgs.linuxPackages_testing;
-  boot.kernelPackages = pkgs.linuxPackages_bpiR3;
-
-  hardware.deviceTree.enable = true;
-  hardware.deviceTree.filter = "*mt7986*";
-  hardware.enableRedistributableFirmware = true;
-
-  # # disable a bunch of useless drivers
-  # boot.initrd.includeDefaultModules = false;
-  boot.initrd.availableKernelModules = [ "mmc_block" "dm_mod" "rfkill" "cfg80211" "mt7915e" ];
-  boot.kernelParams = [ "console=ttyS0,115200" ];
-
-  boot.initrd.compressor = "zstd";
-  nixpkgs.buildPlatform = "x86_64-linux";
-}
diff --git a/system/hardware/bpi_r3/default.nix b/system/hardware/bpi_r3/default.nix
new file mode 100644
index 0000000..10a2f83
--- /dev/null
+++ b/system/hardware/bpi_r3/default.nix
@@ -0,0 +1,43 @@
+{ pkgs
+, config
+, ... }:
+
+{
+  boot.loader = {
+    grub.enable = false;
+    generic-extlinux-compatible.enable = true;
+  };
+
+  # boot.kernelPackages = pkgs.linuxPackages_testing;
+  boot.kernelPackages = pkgs.linuxPackages_bpiR3;
+
+  hardware.deviceTree.enable = true;
+  hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb";
+  hardware.enableRedistributableFirmware = true;
+
+  # # disable a bunch of useless drivers
+  # boot.initrd.includeDefaultModules = false;
+  boot.initrd.availableKernelModules = [ "mmc_block" "dm_mod" "rfkill" "cfg80211" "mt7915e" ];
+  boot.kernelParams = [ "boot.shell_on_fail" "console=ttyS0,115200" ];
+
+  boot.initrd.compressor = "zstd";
+  nixpkgs.buildPlatform = "x86_64-linux";
+
+  system.build.rootfsImage = pkgs.callPackage "${pkgs.path}/nixos/lib/make-ext4-fs.nix" {
+    storePaths = config.system.build.toplevel;
+    compressImage = false;
+    volumeLabel = "NIX_ROOTFS";
+  };
+
+  boot.postBootCommands = ''
+    if [ -f ${toString config.impermanence.path}/nix-path-registration ]; then
+      ${config.nix.package.out}/bin/nix-store --load-db < ${toString config.impermanence.path}/nix-path-registration
+      mkdir -p /etc
+      touch /etc/NIXOS
+      ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+      rm -f ${toString config.impermanence.path}/nix-path-registration
+    fi
+  '';
+
+  hardware.wirelessRegulatoryDatabase = true;
+}
diff --git a/system/hardware/bpi_r3/emmc.nix b/system/hardware/bpi_r3/emmc.nix
new file mode 100644
index 0000000..ba5c196
--- /dev/null
+++ b/system/hardware/bpi_r3/emmc.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+
+{
+  imports = [ ./. ];
+  hardware.deviceTree.overlays = [
+    {
+      name = "mt7986a-bananapi-bpi-r3-emmc.dtbo";
+      dtboFile = "${config.boot.kernelPackages.kernel}/dtbs/mediatek/mt7986a-bananapi-bpi-r3-emmc.dtbo";
+    }
+  ];
+}
diff --git a/system/hosts/router/image.nix b/system/hardware/bpi_r3/image.nix
similarity index 95%
rename from system/hosts/router/image.nix
rename to system/hardware/bpi_r3/image.nix
index 9748a0c..eaa5c1b 100644
--- a/system/hosts/router/image.nix
+++ b/system/hardware/bpi_r3/image.nix
@@ -52,7 +52,6 @@ vmTools.runInLinuxVM (runCommand "bpi-r3-fs" {
   ];
   preVM = ''
     img=./result.img
-    ls /dev/fuse /etc/mtab || (echo "Must have /dev/fuse and /etc/mtab in nix options (extra-sandbox-paths)" && exit 1)
     ${vmTools.qemu}/bin/qemu-img create -f raw $img 7818182656
     truncate -s ${toString imageSize} $img
 
diff --git a/system/hosts/router/image.sh b/system/hardware/bpi_r3/image.sh
similarity index 93%
rename from system/hosts/router/image.sh
rename to system/hardware/bpi_r3/image.sh
index 9eeb0d5..8ae4ab1 100755
--- a/system/hosts/router/image.sh
+++ b/system/hardware/bpi_r3/image.sh
@@ -78,6 +78,9 @@ run cp -rv "$boot"/* "$tmp/out/@boot/"
 run umount "$tmp/out"
 Mount btrfs "$template" "$tmp/out" "compress=zstd:15"
 run cp -v "$rootfs/nix-path-registration" "$tmp/out/@/"
+# those two are the only dirs needed for impermanence in boot stage 1
+sudo -A mkdir -p "$tmp/out/@/var/lib/nixos"
+sudo -A mkdir -p "$tmp/out/@/var/log"
 run ls "$boot"
 cpr "$boot" "$tmp/out/@boot"
 cpr "$rootfs/nix" "$tmp/out/@nix"
diff --git a/system/hardware/bpi_r3/sd.nix b/system/hardware/bpi_r3/sd.nix
new file mode 100644
index 0000000..5bb1528
--- /dev/null
+++ b/system/hardware/bpi_r3/sd.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+
+{
+  imports = [ ./. ];
+  hardware.deviceTree.overlays = [
+    {
+      name = "mt7986a-bananapi-bpi-r3-sd.dtbo";
+      dtboFile = "${config.boot.kernelPackages.kernel}/dtbs/mediatek/mt7986a-bananapi-bpi-r3-sd.dtbo";
+    }
+  ];
+}
diff --git a/system/hosts/router/default.nix b/system/hosts/router/default.nix
index 1b8fc50..ac34ce2 100644
--- a/system/hosts/router/default.nix
+++ b/system/hosts/router/default.nix
@@ -1,20 +1,11 @@
 { config
-, pkgs
 , ... }:
 
-# EMMC size: 7818182656
-
 let
   rootUuid = "44444444-4444-4444-8888-888888888888";
   rootPart = "/dev/disk/by-uuid/${rootUuid}";
-  rootfsImage = pkgs.callPackage "${pkgs.path}/nixos/lib/make-ext4-fs.nix" {
-    storePaths = config.system.build.toplevel;
-    compressImage = false;
-    volumeLabel = "NIX_ROOTFS";
-  };
 in {
   system.stateVersion = "22.11";
-  # TODO
   fileSystems = {
     # mount root on tmpfs
     "/" =     { device = "none"; fsType = "tmpfs"; neededForBoot = true;
@@ -38,24 +29,4 @@ in {
       { directory = /root; mode = "0700"; }
     ];
   };
-  hardware.wirelessRegulatoryDatabase = true;
-  system.build.emmcImage = pkgs.callPackage ./image.nix {
-    inherit config rootfsImage;
-    bpiR3Stuff = pkgs.bpiR3StuffEmmc;
-  };
-  system.build.sdImage = pkgs.callPackage ./image.nix {
-    inherit config rootfsImage;
-    bpiR3Stuff = pkgs.bpiR3StuffSd;
-  };
-  system.build.rootfs = rootfsImage;
-  boot.postBootCommands = ''
-    if [ -f ${toString config.impermanence.path}/nix-path-registration ]; then
-      ${config.nix.package.out}/bin/nix-store --load-db < ${toString config.impermanence.path}/nix-path-registration
-      mkdir -p /etc
-      touch /etc/NIXOS
-      ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
-      rm -f ${toString config.impermanence.path}/nix-path-registration
-    fi
-  '';
-  boot.kernelParams = [ "boot.shell_on_fail" ];
 }