diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix index fba412b..b6d57ce 100644 --- a/hosts/lily/default.nix +++ b/hosts/lily/default.nix @@ -11,6 +11,24 @@ let # internalIPs = lib.mapAttrsToList ( # _: val: lib.strings.removeSuffix ".1" val.cidr + ".0/24" # ) networks; + commonDhcpOptions = [ + { + name = "domain-name-servers"; + data = "9.9.9.9"; + } + { + name = "time-servers"; + data = "172.16.1.1"; + } + { + name = "domain-name"; + data = "beeping.local"; + } + { + name = "domain-search"; + data = "beeping.local"; + } + ]; in { imports = [ @@ -51,7 +69,26 @@ in }; }; + # label network interfaces + services.udev.extraRules = '' + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0" + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0" + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1" + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2" + ''; + networking = { + nameservers = [ + "9.9.9.9" + "149.112.112.112" + ]; + interfaces = { + wan0.useDHCP = true; + lan0.useDHCP = false; + lan1.useDHCP = false; + lan2.useDHCP = false; + }; + firewall = { enable = false; allowPing = true; @@ -101,56 +138,108 @@ in }; services = { - udev.extraRules = '' - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0" - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0" - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1" - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2" - ''; - dhcpd4 = { + kea.dhcp4 = { enable = true; - interfaces = [ - "lan" - "servers" - "management" - "iot" - "guest" - ]; - extraConfig = '' - option domain-name-servers 9.9.9.9, 149.112.112.112; - option subnet-mask 255.255.255.0; + settings = { + lease-database = { + name = "/var/lib/kea/dhcp4.leases"; + persist = true; + type = "memfile"; + }; + interfaces-config = { + interfaces = [ + "lan" + "servers" + "management" + "iot" + "guest" + ]; + }; + option-data = [ + { + name = "domain-name-servers"; + data = ""; + always-send = true; + } + { + name = "routers"; + data = ""; + } + { + name = "domain-name"; + data = "beeping.local"; + } + ]; - subnet 172.16.1.0 netmask 255.255.255.0 { - option broadcast-address 172.16.1.255; - option routers 172.16.1.1; - interface lan; - range 172.16.1.50 172.16.1.254; - } - subnet 172.16.10.0 netmask 255.255.255.0 { - option broadcast-address 172.16.10.255; - option routers 172.16.10.1; - interface servers; - range 172.16.10.50 172.16.10.254; - } - subnet 172.16.21.0 netmask 255.255.255.0 { - option broadcast-address 172.16.21.255; - option routers 172.16.21.1; - interface management; - range 172.16.21.50 172.16.21.254; - } - subnet 172.16.100.0 netmask 255.255.255.0 { - option broadcast-address 172.16.100.255; - option routers 172.16.100.1; - interface iot; - range 172.16.100.50 172.16.100.254; - } - subnet 172.16.110.0 netmask 255.255.255.0 { - option broadcast-address 172.16.110.255; - option routers 172.16.110.1; - interface guest; - range 172.16.110.50 172.16.110.254; - } - ''; + rebind-timer = 2000; + renew-timer = 1000; + valid-lifetime = 43200; + + # option domain-name-servers 9.9.9.9, 149.112.112.112; + # TODO: these should be dynamically generated based on ${config.networking.vlans} + subnet4 = [ + ({ + id = 1; + interface = "lan"; + subnet = "172.16.1.0/24"; + pools = [ { pool = "172.16.1.50 - 172.16.1.254"; } ]; + option-data = [ + { + name = "routers"; + data = "172.16.1.1"; + } + ] ++ commonDhcpOptions; + }) + ({ + id = 10; + interface = "servers"; + subnet = "172.16.10.0/24"; + pools = [ { pool = "172.16.10.50 - 172.16.10.254"; } ]; + option-data = [ + { + name = "routers"; + data = "172.16.10.1"; + } + ] ++ commonDhcpOptions; + }) + ({ + id = 21; + interface = "management"; + subnet = "172.16.21.0/24"; + pools = [ { pool = "172.16.21.50 - 172.16.21.254"; } ]; + option-data = [ + { + name = "routers"; + data = "172.16.21.1"; + } + ] ++ commonDhcpOptions; + }) + ({ + id = 100; + interface = "iot"; + subnet = "172.16.100.0/24"; + pools = [ { pool = "172.16.100.50 - 172.16.100.254"; } ]; + option-data = [ + { + name = "routers"; + data = "172.16.100.1"; + } + ] ++ commonDhcpOptions; + }) + ({ + id = 110; + interface = "guest"; + subnet = "172.16.110.0/24"; + pools = [ { pool = "172.16.110.50 - 172.16.110.254"; } ]; + option-data = [ + { + name = "routers"; + data = "172.16.110.1"; + } + ] ++ commonDhcpOptions; + }) + ]; + }; }; avahi = { enable = true; diff --git a/hosts/lily/dns.nix b/hosts/lily/dns.nix index b754a51..e92df27 100644 --- a/hosts/lily/dns.nix +++ b/hosts/lily/dns.nix @@ -2,7 +2,7 @@ { services = { dnsmasq = { - enable = true; + enable = false; # try some other options first settings = { cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains. server = [