os/hosts/giggles/network-dhcp.nix

{...}:

let
  vlan101Hosts = [
    # switches
    {mac = "28:80:88:72:ae:60"; ip = "10.0.42.15"; hostname = "sw-wohnung";}    # statically configured
    {mac = "28:87:ba:24:6a:2b"; ip = "10.0.42.16"; hostname = "sw-wohnzimmer";} # statically configured

    # access points
    {mac = "18:e8:29:c6:29:84"; ip = "10.0.42.21"; hostname = "ap-caro";}
    {mac = "e4:38:83:e7:00:10"; ip = "10.0.42.22"; hostname = "ap-hendrik";}
    {mac = "e4:38:83:e7:0a:c4"; ip = "10.0.42.23"; hostname = "ap-wohnzimmer";}

    # security devices
    {mac = "e0:ca:3c:7d:37:5b"; ip = "10.0.42.31"; hostname = "cam-wohnzimmer";}
  ];

  vlan102Hosts = [
    {mac = "38:1a:52:04:37:d8"; ip = "172.16.0.15"; hostname = "printer";}

    {mac = "3c:e9:0e:87:d2:1c"; ip = "172.16.0.21"; hostname = "nspanel-hendrik";}
    {mac = "3c:e9:0e:87:ef:d0"; ip = "172.16.0.22"; hostname = "nspanel-schlafzimmer";}
    {mac = "98:0c:33:fe:3d:a8"; ip = "172.16.0.23"; hostname = "nuki-wohnung";}
    {mac = "c8:5c:cc:5c:54:06"; ip = "172.16.0.24"; hostname = "presence-wohnzimmer";}
    {mac = "c8:5c:cc:5c:28:7b"; ip = "172.16.0.25"; hostname = "presence-hendrik";}
    {mac = "04:78:63:7f:0e:bb"; ip = "172.16.0.26"; hostname = "airpurifier-wohnzimmer";}
    {mac = "48:e7:29:c1:a3:f0"; ip = "172.16.0.27"; hostname = "nspanel-caro";}
    {mac = "5c:c5:63:eb:e8:b8"; ip = "172.16.0.28"; hostname = "poffertjes";}
    {mac = "d0:ba:e4:e7:7d:d5"; ip = "172.16.0.29"; hostname = "airpurifier-hendrik";}
    {mac = "98:f4:ab:f2:43:98"; ip = "172.16.0.30"; hostname = "shelly1-flur-deckenlicht";}
    {mac = "a4:cf:12:ba:72:c1"; ip = "172.16.0.31"; hostname = "shelly25-abstellraum";}
    {mac = "c8:2b:96:11:10:46"; ip = "172.16.0.32"; hostname = "shelly25-badezimmer";}
    {mac = "24:62:ab:41:06:f2"; ip = "172.16.0.33"; hostname = "tasmota-tv-steckdosenleiste";}
    {mac = "c8:db:26:0d:4f:f4"; ip = "172.16.0.34"; hostname = "harmonyhub-tv";}
  ];

  vlan104Hosts = [
    {mac = "30:58:90:1a:3b:ef"; ip = "10.42.0.21"; hostname = "box-hendrik";}
    {mac = "30:58:90:19:b5:03"; ip = "10.42.0.22"; hostname = "box-schlafzimmer";}
    {mac = "30:58:90:28:7e:30"; ip = "10.42.0.23"; hostname = "box-esstisch";}

    {mac = "1c:53:f9:23:d7:c4"; ip = "10.42.0.31"; hostname = "nh-hendrik";}
    {mac = "1c:53:f9:14:7b:65"; ip = "10.42.0.32"; hostname = "nh-kueche";}
    {mac = "1c:53:f9:1c:9e:22"; ip = "10.42.0.33"; hostname = "nh-wohnzimmer";}
    {mac = "20:1f:3b:96:9f:29"; ip = "10.42.0.34"; hostname = "nm-schlafzimmer";}
    {mac = "6c:ad:f8:73:a0:94"; ip = "10.42.0.35"; hostname = "cc-wohnzimmer";}
    {mac = "ec:66:d1:8a:79:71"; ip = "10.42.0.36"; hostname = "zeppelin-wohnzimmer";}
    {mac = "c0:91:b9:1e:2b:80"; ip = "10.42.0.37"; hostname = "firetv-wohnzimmer";}
    {mac = "cc:60:c8:14:26:2c"; ip = "10.42.0.38"; hostname = "xbox-wohnzimmer";}
  ];

  mkDnsmasqHosts = hosts : map (h : "${h.mac},${h.hostname},${h.ip}") hosts;

  mkKeaHosts = hosts : map (h : { hw-address = h.mac; ip-address = h.ip; }) hosts;
  mkKeaOptions = router: dns: mtu:
    [
      {
        name = "routers";
        data = "${router}";
      }
      {
        name = "domain-name-servers";
        data = "${dns}";
      }
      {
        name = "interface-mtu";
        data = "${toString mtu}";
      }
  ];
  mkKeaSubnet = interface : subnet : pool : options : hosts : {
    subnet = subnet;
    interface = interface;
    pools = [{ pool = pool; }];
    option-data = mkKeaOptions options.router options.dns options.mtu;
    reservations = mkKeaHosts hosts;
  };

  enableKea = true;
  enableDnsmasq = false;

  mtu = 1500;
in
{
  networking.firewall.checkReversePath = false;
  networking.firewall.allowedUDPPorts = [67]; # allow dhcp request

  services.kea.dhcp4 = {
    enable = enableKea;
    settings = {
      authoritative = true;
      interfaces-config = {
        interfaces = ["vlan101" "vlan102" "vlan104"];
        dhcp-socket-type = "raw";
      };
      valid-lifetime = 3600;
      host-reservation-identifiers = [ "hw-address" ];

      subnet4 = [
        (mkKeaSubnet "vlan101" "10.0.42.0/24" "10.0.42.100 - 10.0.42.200" {router = "10.0.42.1"; dns = "10.0.42.1"; mtu = mtu;} vlan101Hosts)
        (mkKeaSubnet "vlan102" "172.16.0.0/24" "172.16.0.100 - 172.16.0.200" {router = "172.16.0.1"; dns = "172.16.0.1"; mtu = mtu;} vlan102Hosts)
        (mkKeaSubnet "vlan104" "10.42.0.0/24" "10.42.0.100 - 10.42.0.200" {router = "10.42.0.1"; dns = "10.42.0.1"; mtu = mtu;} vlan104Hosts)
      ];
    };
  };

  services.dnsmasq = {
    enable = enableDnsmasq;
    settings = {
      interface = [
        "vlan101" # network
        "vlan102" # iot
        "vlan104" # media
      ];

      no-resolv = true;
      no-poll = true;

      server = [
        "1.1.1.1"
        "9.9.9.9"
      ];

      dhcp-authoritative = true;

      dhcp-host = (mkDnsmasqHosts vlan101Hosts) ++
        (mkDnsmasqHosts vlan102Hosts) ++
        (mkDnsmasqHosts vlan104Hosts);

      dhcp-range = [
        "vlan101,10.0.42.51,10.0.42.100"
        "vlan102,172.16.0.101,172.16.0.150"
        "vlan104,10.42.0.51,10.42.0.100"
      ];

      dhcp-option = [
        "option:dns-server,1.1.1.1"
        "option:mtu,${mtu}"

        # vlan101
        "vlan101,option:router,10.0.42.1"

        # vlan102
        "vlan102,option:router,172.16.0.1"

        # vlan104
        "vlan104,option:router,10.42.0.1"
      ];
    };
  };
}