From 4ec59a64ce8c26d6beedff37c552aea27f6ecc13 Mon Sep 17 00:00:00 2001
From: Jack O'Sullivan <jackos1998@gmail.com>
Date: Tue, 3 Mar 2026 20:15:45 +0000
Subject: [PATCH] nixos/home/routing-common: Add DHCP pool for untrusted LAN

---
 nixos/boxes/home/routing-common/kea.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/nixos/boxes/home/routing-common/kea.nix b/nixos/boxes/home/routing-common/kea.nix
index 306a8e2..7aa6438 100644
--- a/nixos/boxes/home/routing-common/kea.nix
+++ b/nixos/boxes/home/routing-common/kea.nix
@@ -165,6 +165,28 @@ in
                 }
               ];
             }
+            {
+              id = 3;
+              subnet = prefixes.untrusted.v4;
+              interface = "lan-untrusted";
+              option-data = [
+                {
+                  name = "routers";
+                  data = vips.untrusted.v4;
+                }
+                {
+                  name = "domain-name-servers";
+                  data = "1.1.1.1, 1.0.0.1";
+                }
+              ];
+              pools = [
+                {
+                  pool = if index == 0
+                    then "192.168.80.10 - 192.168.80.127"
+                    else "192.168.80.128 - 192.168.80.250";
+                }
+              ];
+            }
           ];
           ddns-send-updates = true;
           ddns-replace-client-name = "when-not-present";