nix-config/hosts/nucnix/kea.nix

{
  lib,
  utils,
  ...
}:
let
  inherit (lib)
    net
    flip
    mapAttrsToList
    ;
  vlans = {
    home = 10;
    services = 20;
    devices = 30;
    iot = 40;
    guests = 50;
  };
in
{
  environment.persistence."/persist".directories = [
    {
      directory = "/var/lib/private/kea";
      mode = "0700";
    }
  ];

  services.kea.dhcp4 = {
    enable = true;
    settings = {
      lease-database = {
        name = "/var/lib/kea/dhcp4.leases";
        persist = true;
        type = "memfile";
      };
      valid-lifetime = 86400;
      renew-timer = 3600;
      interfaces-config = {
        interfaces = flip mapAttrsToList vlans (x: _: "lan-${x}");
      };
      subnet4 = flip mapAttrsToList vlans (
        name: id: rec {
          inherit id;
          interface = "lan-${name}";
          subnet = "10.99.${toString id}.0/24";
          pools = [
            {
              pool = "${net.cidr.host 50 subnet} - ${net.cidr.host (-6) subnet}";
            }
          ];
          option-data = [
            {
              name = "routers";
              data = "${net.cidr.host 1 subnet}";
            }
            {
              name = "domain-name-servers";
              data = "${net.cidr.host 10 subnet}";
            }
          ];
          reservations = [
            #FIXME
            # {
            #   hw-address = nodes.ward-adguardhome.config.lib.microvm.mac;
            #   ip-address = globals.net.home-lan.hosts.ward-adguardhome.ipv4;
            # }
            # {
            #   hw-address = nodes.ward-web-proxy.config.lib.microvm.mac;
            #   ip-address = globals.net.home-lan.hosts.ward-web-proxy.ipv4;
            # }
            # {
            #   hw-address = nodes.sire-samba.config.lib.microvm.mac;
            #   ip-address = globals.net.home-lan.hosts.sire-samba.ipv4;
            # }
          ];
        }
      );
    };
  };

  systemd.services.kea-dhcp4-server.after = [
    "sys-subsystem-net-devices-${utils.escapeSystemdPath "lan-self"}.device"
  ];
}
feat: finish firewall network config feat: kea configuration 2024-12-19 20:25:01 +01:00			`{`
			`lib,`
			`utils,`
			`...`
			`}:`
			`let`
			`inherit (lib)`
			`net`
			`flip`
			`mapAttrsToList`
			`;`
			`vlans = {`
			`home = 10;`
			`services = 20;`
			`devices = 30;`
			`iot = 40;`
			`guests = 50;`
			`};`
			`in`
			`{`
			`environment.persistence."/persist".directories = [`
			`{`
			`directory = "/var/lib/private/kea";`
			`mode = "0700";`
			`}`
			`];`

			`services.kea.dhcp4 = {`
			`enable = true;`
			`settings = {`
			`lease-database = {`
			`name = "/var/lib/kea/dhcp4.leases";`
			`persist = true;`
			`type = "memfile";`
			`};`
			`valid-lifetime = 86400;`
			`renew-timer = 3600;`
			`interfaces-config = {`
			`interfaces = flip mapAttrsToList vlans (x: _: "lan-${x}");`
			`};`
			`subnet4 = flip mapAttrsToList vlans (`
			`name: id: rec {`
			`inherit id;`
			`interface = "lan-${name}";`
			`subnet = "10.99.${toString id}.0/24";`
			`pools = [`
			`{`
			`pool = "${net.cidr.host 50 subnet} - ${net.cidr.host (-6) subnet}";`
			`}`
			`];`
			`option-data = [`
			`{`
			`name = "routers";`
			`data = "${net.cidr.host 1 subnet}";`
			`}`
			`{`
			`name = "domain-name-servers";`
			`data = "${net.cidr.host 10 subnet}";`
			`}`
			`];`
			`reservations = [`
			`#FIXME`
			`# {`
			`# hw-address = nodes.ward-adguardhome.config.lib.microvm.mac;`
			`# ip-address = globals.net.home-lan.hosts.ward-adguardhome.ipv4;`
			`# }`
			`# {`
			`# hw-address = nodes.ward-web-proxy.config.lib.microvm.mac;`
			`# ip-address = globals.net.home-lan.hosts.ward-web-proxy.ipv4;`
			`# }`
			`# {`
			`# hw-address = nodes.sire-samba.config.lib.microvm.mac;`
			`# ip-address = globals.net.home-lan.hosts.sire-samba.ipv4;`
			`# }`
			`];`
			`}`
			`);`
			`};`
			`};`

			`systemd.services.kea-dhcp4-server.after = [`
			`"sys-subsystem-net-devices-${utils.escapeSystemdPath "lan-self"}.device"`
			`];`
			`}`