hswaw/machines/customs.hackerspace.pl/kea.nix

{ config, pkgs, lib, ... }:
let
  keaReservationsPreformat = lib.attrsets.mapAttrsToList (name: val: {
    hostname = val.hostname;
    hw-address = name;
    ip-address = val.ip;
  });
in {
  services.kea = {
    dhcp4 = {
      enable = true;
      settings = {
        interfaces-config = { interfaces = [ "lan" "bms" ]; };

        lease-database = {
          name = "/var/lib/kea/dhcp4.leases";
          persist = true;
          type = "memfile";
        };

        rebind-timer = 300;
        renew-timer = 150;
        valid-lifetime = 600;

        # yanked from https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#setting-fixed-fields-in-classification
        # if i understand correctly, the logic is reversed to what isc-dhcp
        # config did, but result should be the same
        client-classes = [{
          name = "ipxe_efi_x64";
          test = "option[93].hex == 0x0009";
          boot-file-name = "netboot.xyz.efi";
        }];

        subnet4 = [
          { # general members area lan
            subnet = "10.8.0.0/16";
            pools = [{ pool = "10.8.0.20 - 10.8.0.199"; }];
            reservations-out-of-pool = false;
            reservations-in-subnet = true;
            authoritative = true;

            next-server = "10.8.1.2";

            option-data = [
              {
                name = "routers";
                data = "10.8.1.2";
              }
              {
                name = "domain-name-servers";
                data = "10.8.1.2";
              }
              {
                name = "boot-file-name";
                data = "netboot.xyz.kpxe";
              }
            ];

            reservations = keaReservationsPreformat {
              # cat old-dhcpd.conf | sed -e 's/;//g' | awk '
              #   $1 == "host" { hostname = $2; pp = "yes"; }
              #   $1 == "hardware" { hwaddr = $3; }
              #   $1 == "fixed-address" { ip = $2; }
              #   $1 == "}" && pp == "yes" {
              #       print "\"" hwaddr "\" = { ip = \"" ip "\"; hostname = \"" hostname "\"; };"
              #       pp = "no"
              #   }'
              "00:0e:35:1d:a1:a4" = { ip = "10.8.1.18"; hostname = "laser"; };
              "00:1b:a9:24:96:e2" = { ip = "10.8.1.21"; hostname = "brother"; };
              "00:07:4d:4d:71:e4" = { ip = "10.8.1.22"; hostname = "zebra"; };
              "00:30:C1:62:61:23" = { ip = "10.8.1.23"; hostname = "lj2100"; };
              "5c:cf:7f:06:9a:3e" = { ip = "10.8.1.25"; hostname = "dht21"; };
              "00:0A:35:00:01:22" = { ip = "10.8.1.26"; hostname = "ledpanel"; };
              "b8:27:eb:ed:df:f9" = { ip = "10.8.1.17"; hostname = "printmaster"; };
              "90:1b:0e:1d:23:09" = { ip = "10.8.1.29"; hostname = "bridgeport"; };
              "02:20:f5:20:6a:2d" = { ip = "10.8.1.30"; hostname = "3printers1cups"; };
              "fe:77:d6:83:26:b1" = { ip = "10.8.1.31"; hostname = "telelele"; };
              "b8:27:eb:03:69:01" = { ip = "10.8.1.32"; hostname = "vending"; };
              "b0:38:29:2e:5d:c9" = { ip = "10.8.1.33"; hostname = "transcend"; };
              "b8:27:eb:37:9e:6e" = { ip = "10.8.1.34"; hostname = "welcomer"; };
              "00:23:ae:6f:8e:a7" = { ip = "10.8.1.35"; hostname = "arcade"; };
              "90:e6:ba:84:b6:e0" = { ip = "10.8.1.38"; hostname = "inventory"; };
              "52:54:00:1f:63:1b" = { ip = "10.8.1.39"; hostname = "camera"; };
              # RIPE Atlas Probe
              "c0:25:e9:99:fb:e8" = { ip = "10.8.1.43"; hostname = "ripeatlas"; };
              "6c:ad:f8:52:4c:a7" = { ip = "10.8.1.47"; hostname = "chromecast"; };
              # craptrap VM
              "52:54:00:D9:DB:42" = { ip = "10.8.1.48"; hostname = "winbox"; };
              "02:42:24:75:eb:19" = { ip = "10.8.1.49"; hostname = "staszkecoin"; };
              "00:23:14:b0:ec:c8" = { ip = "10.8.1.51"; hostname = "blitzloop"; };
              "00:1f:16:1c:47:df" = { ip = "10.8.1.52"; hostname = "tronxy"; };
              "dc:a6:32:b1:68:d7" = { ip = "10.8.1.53"; hostname = "tv1"; };
              "dc:a6:32:b1:68:83" = { ip = "10.8.1.54"; hostname = "tv2"; };
              # kodak
              "d8:3a:dd:bb:6f:f2" = { ip = "10.8.1.55"; hostname = "akamanto"; };
              # voron
              "b8:27:eb:55:ad:a0" = { ip = "10.8.1.56"; hostname = "karasutengu"; };
              # czechu's prusa mini
              "10:9c:70:08:84:89" = { ip = "10.8.1.57"; hostname = "prusamini"; };
              "00:17:c8:d9:2e:08" = { ip = "10.8.1.58"; hostname = "kyocera"; };
            };
          }
          { # bms
            subnet = "10.11.1.0/24";
            pools = [{ pool = "10.11.1.100 - 10.11.1.200"; }];
            reservations-out-of-pool = false;
            reservations-in-subnet = true;
            authoritative = true;

            option-data = [
              {
                name = "routers";
                data = "10.11.1.1";
              }
              {
                name = "domain-name-servers";
                data = "10.11.1.1";
              }
            ];
          }
        ];
      };
    };
  };

  users.users.kea = {
    group = "kea";
    isSystemUser = true;
  };
  users.groups.kea = {};

  systemd.services.kea-dhcp4-server.serviceConfig = {
    UMask = lib.mkForce "0033";
    DynamicUser = lib.mkForce false;
  };
}