diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-11-12 14:12:23 -0800 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-11-12 14:12:23 -0800 |
commit | c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5 (patch) | |
tree | 990d376c8fb8017389acf41d252e4ab29b4e72a2 /hosts/common/optional/services/dhcp.nix | |
parent | 1f53bf0a51605f58b9c8c459b2e723606e6da96b (diff) | |
download | nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.gz nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.bz2 nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.lz nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.xz nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.zst nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.zip |
Deobfuscate kea data
Diffstat (limited to 'hosts/common/optional/services/dhcp.nix')
-rw-r--r-- | hosts/common/optional/services/dhcp.nix | 103 |
1 files changed, 91 insertions, 12 deletions
diff --git a/hosts/common/optional/services/dhcp.nix b/hosts/common/optional/services/dhcp.nix index 6a9ee72..0c9aa37 100644 --- a/hosts/common/optional/services/dhcp.nix +++ b/hosts/common/optional/services/dhcp.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ pkgs, ... }: { environment = { @@ -16,8 +16,97 @@ services = { kea.dhcp4 = { - configFile = config.sops.secrets.kea-dhcp4_conf.path; enable = true; + settings = { + interfaces-config.interfaces = [ "enp116s0" ]; + + lease-database = { + name = "/var/lib/kea/dhcp4.leases"; + persist = true; + type = "memfile"; + }; + + renew-timer = 900; + rebind-timer = 1800; + valid-lifetime = 3600; + + option-data = [ + { + name = "domain-name-servers"; + data = "192.168.1.1"; + always-send = true; + } + + { + name = "domain-name"; + data = "bitgnome.net"; + always-send = true; + } + + { + name = "ntp-servers"; + data = "192.168.1.1"; + always-send = true; + } + ]; + + client-classes = [ + { + name = "XClient_iPXE"; + test = "substring(option[77].hex,0,4) == 'iPXE'"; + boot-file-name = "http://arrakis.bitgnome.net/boot/netboot.ipxe"; + } + + { + name = "UEFI-64-1"; + test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007'"; + next-server = "192.168.1.1"; + boot-file-name = "/etc/tftp/ipxe.efi"; + } + + { + name = "UEFI-64-2"; + test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00008'"; + next-server = "192.168.1.1"; + boot-file-name = "/etc/tftp/ipxe.efi"; + } + + { + name = "UEFI-64-3"; + test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'"; + next-server = "192.168.1.1"; + boot-file-name = "/etc/tftp/ipxe.efi"; + } + + { + name = "Legacy"; + test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'"; + next-server = "192.168.1.1"; + boot-file-name = "/etc/tftp/undionly.kpxe"; + } + ]; + + subnet4 = [ + { + subnet = "192.168.1.0/24"; + pools = [ { pool = "192.168.1.100 - 192.168.1.199"; } ]; + + option-data = [ + { + name = "routers"; + data = "192.168.1.1"; + } + ]; + + reservations = [ + ({ hw-address = "7c:b5:66:65:e2:9e"; ip-address = "192.168.1.17"; }) # ginaz + ({ hw-address = "00:05:cd:72:92:b0"; ip-address = "192.168.1.19"; }) # onkyo + ({ hw-address = "74:29:af:6f:20:ed"; ip-address = "192.168.1.20"; }) # brother + ({ hw-address = "ec:08:6b:6a:4a:ac"; ip-address = "192.168.1.252"; }) # ac2600 + ]; + } + ]; + }; }; xinetd = { @@ -33,16 +122,6 @@ }; systemd.services = { - kea-dhcp4-server = { - restartTriggers = [ config.sops.secrets.kea-dhcp4_conf.sopsFile ]; - serviceConfig = { - ExecStart = lib.mkForce '' - ${pkgs.kea}/bin/kea-dhcp4 -c ''${CREDENTIALS_DIRECTORY}/kea-dhcp4_conf - ''; - LoadCredential = [ "kea-dhcp4_conf:${config.sops.secrets.kea-dhcp4_conf.path}" ]; - }; - }; - tftpd = { after = [ "nftables.service" ]; description = "TFTP server"; |