nixos/routing-common: Working DHCP
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 18m48s
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 18m48s
This commit is contained in:
@@ -109,6 +109,7 @@ in
|
||||
./keepalived.nix
|
||||
./dns.nix
|
||||
./radvd.nix
|
||||
./kea.nix
|
||||
];
|
||||
|
||||
config = {
|
||||
|
||||
@@ -47,13 +47,8 @@ in
|
||||
|
||||
settings = {
|
||||
query-local-address = [
|
||||
# TODO: IPv6
|
||||
"0.0.0.0"
|
||||
"::"
|
||||
# TODO: Dynamic IPv4 WAN address?
|
||||
# assignments.internal.ipv4.address
|
||||
# assignments.internal.ipv6.address
|
||||
# assignments.hi.ipv6.address
|
||||
];
|
||||
forward-zones = map (z: "${z}=127.0.0.1:5353") authZones;
|
||||
|
||||
@@ -73,9 +68,10 @@ in
|
||||
pdns.serviceConfig.RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
|
||||
};
|
||||
|
||||
# For rec_control
|
||||
environment.systemPackages = with pkgs; [
|
||||
# For rec_control
|
||||
pdns-recursor
|
||||
sqlite
|
||||
];
|
||||
|
||||
my.pdns.auth = {
|
||||
@@ -98,6 +94,10 @@ in
|
||||
webserver = true;
|
||||
webserver-address = "::";
|
||||
webserver-allow-from = [ "127.0.0.1" "::1" ];
|
||||
|
||||
dnsupdate = true;
|
||||
launch = [ "gsqlite3" ];
|
||||
gsqlite3-database = "/var/lib/pdns/dynamic.sqlite3";
|
||||
};
|
||||
|
||||
bind.zones =
|
||||
@@ -136,6 +136,11 @@ in
|
||||
ns1 IN ALIAS ${elemAt routers 0}.${config.networking.domain}.
|
||||
ns2 IN ALIAS ${elemAt routers 1}.${config.networking.domain}.
|
||||
|
||||
dyn IN NS ns1.dyn.h.nul.ie.
|
||||
dyn IN NS ns2.dyn.h.nul.ie.
|
||||
ns1.dyn.h.nul.ie. IN ALIAS ${elemAt routers 0}.${config.networking.domain}.
|
||||
ns2.dyn.h.nul.ie. IN ALIAS ${elemAt routers 1}.${config.networking.domain}.
|
||||
|
||||
jim-core IN A ${net.cidr.host 10 prefixes.core.v4}
|
||||
jim IN A ${net.cidr.host 10 prefixes.hi.v4}
|
||||
jim IN AAAA ${net.cidr.host (65536+1) prefixes.hi.v6}
|
||||
|
||||
141
nixos/boxes/home/routing-common/kea.nix
Normal file
141
nixos/boxes/home/routing-common/kea.nix
Normal file
@@ -0,0 +1,141 @@
|
||||
index: { lib, pkgs, assignments, ... }:
|
||||
let
|
||||
inherit (lib) mkForce;
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.c.home) domain prefixes vips;
|
||||
|
||||
dns-servers = [
|
||||
{
|
||||
ip-address = net.cidr.host 1 prefixes.core.v4;
|
||||
port = 5353;
|
||||
}
|
||||
{
|
||||
ip-address = net.cidr.host 2 prefixes.core.v4;
|
||||
port = 5353;
|
||||
}
|
||||
];
|
||||
in
|
||||
{
|
||||
users = with lib.my.c.ids; {
|
||||
users.kea= {
|
||||
isSystemUser = true;
|
||||
uid = uids.kea;
|
||||
group = "kea";
|
||||
};
|
||||
groups.kea.gid = gids.kea;
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
kea-dhcp4-server.serviceConfig.DynamicUser = mkForce false;
|
||||
kea-dhcp-ddns-server.serviceConfig.DynamicUser = mkForce false;
|
||||
};
|
||||
|
||||
services = {
|
||||
kea = {
|
||||
dhcp4 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interfaces-config = {
|
||||
interfaces = [
|
||||
"lan-hi/${assignments.hi.ipv4.address}"
|
||||
"lan-lo/${assignments.lo.ipv4.address}"
|
||||
"lan-untrusted/${assignments.untrusted.ipv4.address}"
|
||||
];
|
||||
};
|
||||
lease-database = {
|
||||
type = "memfile";
|
||||
persist = true;
|
||||
name = "/var/lib/kea/dhcp.leases";
|
||||
};
|
||||
|
||||
option-data = [
|
||||
{
|
||||
name = "domain-name";
|
||||
data = domain;
|
||||
}
|
||||
{
|
||||
name = "domain-search";
|
||||
data = "${domain}, dyn.${domain}";
|
||||
always-send = true;
|
||||
}
|
||||
];
|
||||
subnet4 = [
|
||||
{
|
||||
id = 1;
|
||||
subnet = prefixes.hi.v4;
|
||||
interface = "lan-hi";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = vips.hi.v4;
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "${net.cidr.host 1 prefixes.hi.v4}, ${net.cidr.host 2 prefixes.hi.v4}";
|
||||
}
|
||||
];
|
||||
pools = [
|
||||
{
|
||||
pool = "192.168.68.120 - 192.168.71.240";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
{
|
||||
# castle
|
||||
hw-address = "24:8a:07:a8:fe:3a";
|
||||
ip-address = net.cidr.host 40 prefixes.hi.v4;
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
id = 2;
|
||||
subnet = prefixes.lo.v4;
|
||||
interface = "lan-lo";
|
||||
option-data = [
|
||||
{
|
||||
name = "routers";
|
||||
data = vips.lo.v4;
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "${net.cidr.host 1 prefixes.lo.v4}, ${net.cidr.host 2 prefixes.lo.v4}";
|
||||
}
|
||||
];
|
||||
pools = [
|
||||
{
|
||||
pool = "192.168.72.120 - 192.168.79.240";
|
||||
}
|
||||
];
|
||||
reservations = [
|
||||
{
|
||||
# castle
|
||||
hw-address = "24:8a:07:a8:fe:3a";
|
||||
ip-address = net.cidr.host 40 prefixes.lo.v4;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
ddns-send-updates = true;
|
||||
ddns-replace-client-name = "when-not-present";
|
||||
ddns-qualifying-suffix = "dyn.${domain}";
|
||||
ddns-generated-prefix = "ip";
|
||||
ddns-update-on-renew = true;
|
||||
|
||||
dhcp-ddns.enable-updates = true;
|
||||
};
|
||||
};
|
||||
|
||||
dhcp-ddns = {
|
||||
enable = true;
|
||||
settings = {
|
||||
forward-ddns.ddns-domains = [
|
||||
{
|
||||
name = "dyn.${domain}.";
|
||||
inherit dns-servers;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user