CaZzzer/nix-conf
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP: router: refactor dhcp configs

Browse Source
This commit is contained in:
Yuri Tatishchev 2025-02-17 22:54:40 -08:00
parent b1bc0c3923
commit ba48dd8706
Signed by: CaZzzer
GPG Key ID: E0EBF441EA424369
1 changed files with 82 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
hosts/router/default.nix
View File

@ -5,12 +5,14 @@ let
mkIfConfig = { mkIfConfig = {
name_, name_,
domain_,
p4_, # /24 p4_, # /24
p6_, # /64 p6_, # /64
ulaPrefix_, # /64 ulaPrefix_, # /64
token? 1, token? 1,
}: rec { }: rec {
name = name_; name = name_;
domain = domain_;
p4 = p4_; p4 = p4_;
p4Size = 24; p4Size = 24;
net4 = "${p4}.0/${toString p4Size}"; net4 = "${p4}.0/${toString p4Size}";
@ -41,40 +43,43 @@ let
}; };
lan = mkIfConfig { lan = mkIfConfig {
name_ = "lan"; name_ = "lan";
domain_ = "lan.${ldomain}";
p4_ = "${p4}.1"; # .0/24 p4_ = "${p4}.1"; # .0/24
p6_ = "${pdFromWan}9"; # ::/64 p6_ = "${pdFromWan}9"; # ::/64
ulaPrefix_ = "${ulaPrefix}:0001"; # ::/64 ulaPrefix_ = "${ulaPrefix}:0001"; # ::/64
}; };
lan10 = mkIfConfig { lan10 = mkIfConfig {
name_ = "${lan.name}.10"; name_ = "${lan.name}.10";
domain_ = "lab.${ldomain}";
p4_ = "${p4}.10"; # .0/24 p4_ = "${p4}.10"; # .0/24
p6_ = "${pdFromWan}a"; # ::/64 p6_ = "${pdFromWan}a"; # ::/64
ulaPrefix_ = "${ulaPrefix}:0010"; # ::/64 ulaPrefix_ = "${ulaPrefix}:0010"; # ::/64
}; };
lan20 = mkIfConfig { lan20 = mkIfConfig {
name_ = "${lan.name}.20"; name_ = "${lan.name}.20";
domain_ = "life.${ldomain}";
p4_ = "${p4}.20"; # .0/24 p4_ = "${p4}.20"; # .0/24
p6_ = "${pdFromWan}2"; # ::/64 p6_ = "${pdFromWan}2"; # ::/64
ulaPrefix_ = "${ulaPrefix}:0020"; # ::/64 ulaPrefix_ = "${ulaPrefix}:0020"; # ::/64
}; };
lan50 = mkIfConfig { lan50 = mkIfConfig {
name_ = "${lan.name}.50"; name_ = "${lan.name}.50";
domain_ = "prox.${ldomain}";
p4_ = "10.17.50"; # .0/24 TODO: change to p4 later p4_ = "10.17.50"; # .0/24 TODO: change to p4 later
p6_ = "${pdFromWan}a"; # ::/64 p6_ = "${pdFromWan}a"; # ::/64
ulaPrefix_ = "${ulaPrefix}:0050"; # ::/64 ulaPrefix_ = "${ulaPrefix}:0050"; # ::/64
}; };
}; };
mkVlanDev = { id, name }: mkVlanDev = { id, name }: {
{
netdevConfig = { netdevConfig = {
Kind = "vlan"; Kind = "vlan";
Name = name; Name = name;
}; };
vlanConfig.Id = id; vlanConfig.Id = id;
}; };
mkLanConfig = ifObj:
{ mkLanConfig = ifObj: {
matchConfig.Name = ifObj.name; matchConfig.Name = ifObj.name;
networkConfig = { networkConfig = {
IPv4Forwarding = true; IPv4Forwarding = true;
@ -101,6 +106,30 @@ let
DNS = [ ifObj.ulaAddr ]; DNS = [ ifObj.ulaAddr ];
}; };
}; };
mkDhcp4Subnet = id: ifObj: {
id = id;
subnet = ifObj.net4;
pools = [ { pool = "${ifObj.p4}.100 - ${ifObj.p4}.199"; } ];
ddns-qualifying-suffix = "4.${ifObj.domain}";
option-data = [
{ name = "routers"; data = ifObj.addr4; }
{ name = "domain-name-servers"; data = ifObj.addr4; }
{ name = "domain-name"; data = "4.${ifObj.domain}"; }
];
};
mkDhcp6Subnet = id: ifObj: {
id = id;
interface = ifObj.name;
subnet = ifObj.net6;
rapid-commit = true;
pools = [ { pool = "${ifObj.p6}::1:1000/116"; } ];
ddns-qualifying-suffix = "6.${ifObj.domain}";
option-data = [
{ name = "domain-search"; data = "6.${ifObj.domain}"; }
];
};
in in
{ {
imports = imports =
@ -202,7 +231,9 @@ in
# make routing on this interface a dependency for network-online.target # make routing on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
}; };
"20-lan" = (mkLanConfig ifs.lan) // { # "20-lan" = (mkLanConfig ifs.lan) // {
"20-lan" = {
matchConfig.Name = ifs.lan.name;
vlan = [ vlan = [
ifs.lan10.name ifs.lan10.name
ifs.lan20.name ifs.lan20.name
@ -351,23 +382,9 @@ in
ifs.lan50.name ifs.lan50.name
]; ];
dhcp-ddns.enable-updates = true; dhcp-ddns.enable-updates = true;
ddns-qualifying-suffix = "default.${ldomain}"; ddns-qualifying-suffix = "4.default.${ldomain}";
subnet4 = [ subnet4 = [
{ ((mkDhcp4Subnet 1 ifs.lan) // {
id = 1;
subnet = ifs.lan.net4;
ddns-qualifying-suffix = "lan.${ldomain}";
pools = [ { pool = "${ifs.lan.p4}.100 - ${ifs.lan.p4}.199"; } ];
option-data = [
{
name = "routers";
data = ifs.lan.addr4;
}
{
name = "domain-name-servers";
data = ifs.lan.addr4;
}
];
reservations = [ reservations = [
{ {
hw-address = "bc:24:11:b7:27:4d"; hw-address = "bc:24:11:b7:27:4d";
@ -375,23 +392,8 @@ in
ip-address = "${ifs.lan.p4}.69"; ip-address = "${ifs.lan.p4}.69";
} }
]; ];
} })
{ (mkDhcp4Subnet 50 ifs.lan50)
id = 50;
subnet = ifs.lan50.net4;
ddns-qualifying-suffix = "prox.${ldomain}";
pools = [ { pool = "${ifs.lan50.p4}.100 - ${ifs.lan50.p4}.199"; } ];
option-data = [
{
name = "routers";
data = ifs.lan50.addr4;
}
{
name = "domain-name-servers";
data = ifs.lan50.addr4;
}
];
}
]; ];
}; };
@ -405,15 +407,9 @@ in
]; ];
# TODO: https://kea.readthedocs.io/en/latest/arm/ddns.html#dual-stack-environments # TODO: https://kea.readthedocs.io/en/latest/arm/ddns.html#dual-stack-environments
dhcp-ddns.enable-updates = true; dhcp-ddns.enable-updates = true;
ddns-qualifying-suffix = "default6.${ldomain}"; ddns-qualifying-suffix = "6.default.${ldomain}";
subnet6 = [ subnet6 = [
{ ((mkDhcp6Subnet 1 ifs.lan) // {
id = 1;
interface = ifs.lan.name;
subnet = ifs.lan.net6;
ddns-qualifying-suffix = "lan6.${ldomain}";
rapid-commit = true;
pools = [ { pool = "${ifs.lan.p6}::1:1000/116"; } ];
reservations = [ reservations = [
{ {
duid = "00:04:59:c3:ce:9a:08:cf:fb:b7:fe:74:9c:e3:b7:44:bf:01"; duid = "00:04:59:c3:ce:9a:08:cf:fb:b7:fe:74:9c:e3:b7:44:bf:01";
@ -421,33 +417,19 @@ in
ip-addresses = [ "${ifs.lan.p6}::69" ]; ip-addresses = [ "${ifs.lan.p6}::69" ];
} }
]; ];
} })
{ (mkDhcp6Subnet 50 ifs.lan50)
id = 50;
interface = ifs.lan50.name;
subnet = ifs.lan50.net6;
ddns-qualifying-suffix = "prox6.${ldomain}";
rapid-commit = true;
pools = [ { pool = "${ifs.lan50.p6}::1:1000/116"; } ];
}
]; ];
}; };
services.kea.dhcp-ddns.enable = true; services.kea.dhcp-ddns.enable = true;
services.kea.dhcp-ddns.settings = { services.kea.dhcp-ddns.settings = {
forward-ddns = { forward-ddns.ddns-domains = [
ddns-domains = [
{ {
name = "${ldomain}."; name = "${ldomain}.";
dns-servers = [ dns-servers = [ { ip-address = "::1"; port = 1053; } ];
{
ip-address = "::1";
port = 1053;
} }
]; ];
}
];
};
}; };
services.resolved.enable = false; services.resolved.enable = false;
@ -476,10 +458,8 @@ in
services.knot.enable = true; services.knot.enable = true;
services.knot.settings = { services.knot.settings = {
server = { # server.listen = "0.0.0.0@1053";
# listen = "0.0.0.0@1053"; server.listen = "::1@1053";
listen = "::1@1053";
};
# TODO: templates # TODO: templates
zone = [ zone = [
{ {