aboutsummaryrefslogtreecommitdiffstats
path: root/hosts/common/optional/services/dhcp.nix
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-11-12 14:12:23 -0800
committerMark Nipper <nipsy@bitgnome.net>2024-11-12 14:12:23 -0800
commitc29684f7dc485777fcca9e2cc7b58b0d7a4b51e5 (patch)
tree990d376c8fb8017389acf41d252e4ab29b4e72a2 /hosts/common/optional/services/dhcp.nix
parent1f53bf0a51605f58b9c8c459b2e723606e6da96b (diff)
downloadnix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar
nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.gz
nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.bz2
nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.lz
nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.xz
nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.tar.zst
nix-c29684f7dc485777fcca9e2cc7b58b0d7a4b51e5.zip
Deobfuscate kea data
Diffstat (limited to 'hosts/common/optional/services/dhcp.nix')
-rw-r--r--hosts/common/optional/services/dhcp.nix103
1 files changed, 91 insertions, 12 deletions
diff --git a/hosts/common/optional/services/dhcp.nix b/hosts/common/optional/services/dhcp.nix
index 6a9ee72..0c9aa37 100644
--- a/hosts/common/optional/services/dhcp.nix
+++ b/hosts/common/optional/services/dhcp.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ pkgs, ... }:
{
environment = {
@@ -16,8 +16,97 @@
services = {
kea.dhcp4 = {
- configFile = config.sops.secrets.kea-dhcp4_conf.path;
enable = true;
+ settings = {
+ interfaces-config.interfaces = [ "enp116s0" ];
+
+ lease-database = {
+ name = "/var/lib/kea/dhcp4.leases";
+ persist = true;
+ type = "memfile";
+ };
+
+ renew-timer = 900;
+ rebind-timer = 1800;
+ valid-lifetime = 3600;
+
+ option-data = [
+ {
+ name = "domain-name-servers";
+ data = "192.168.1.1";
+ always-send = true;
+ }
+
+ {
+ name = "domain-name";
+ data = "bitgnome.net";
+ always-send = true;
+ }
+
+ {
+ name = "ntp-servers";
+ data = "192.168.1.1";
+ always-send = true;
+ }
+ ];
+
+ client-classes = [
+ {
+ name = "XClient_iPXE";
+ test = "substring(option[77].hex,0,4) == 'iPXE'";
+ boot-file-name = "http://arrakis.bitgnome.net/boot/netboot.ipxe";
+ }
+
+ {
+ name = "UEFI-64-1";
+ test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007'";
+ next-server = "192.168.1.1";
+ boot-file-name = "/etc/tftp/ipxe.efi";
+ }
+
+ {
+ name = "UEFI-64-2";
+ test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00008'";
+ next-server = "192.168.1.1";
+ boot-file-name = "/etc/tftp/ipxe.efi";
+ }
+
+ {
+ name = "UEFI-64-3";
+ test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'";
+ next-server = "192.168.1.1";
+ boot-file-name = "/etc/tftp/ipxe.efi";
+ }
+
+ {
+ name = "Legacy";
+ test = "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'";
+ next-server = "192.168.1.1";
+ boot-file-name = "/etc/tftp/undionly.kpxe";
+ }
+ ];
+
+ subnet4 = [
+ {
+ subnet = "192.168.1.0/24";
+ pools = [ { pool = "192.168.1.100 - 192.168.1.199"; } ];
+
+ option-data = [
+ {
+ name = "routers";
+ data = "192.168.1.1";
+ }
+ ];
+
+ reservations = [
+ ({ hw-address = "7c:b5:66:65:e2:9e"; ip-address = "192.168.1.17"; }) # ginaz
+ ({ hw-address = "00:05:cd:72:92:b0"; ip-address = "192.168.1.19"; }) # onkyo
+ ({ hw-address = "74:29:af:6f:20:ed"; ip-address = "192.168.1.20"; }) # brother
+ ({ hw-address = "ec:08:6b:6a:4a:ac"; ip-address = "192.168.1.252"; }) # ac2600
+ ];
+ }
+ ];
+ };
};
xinetd = {
@@ -33,16 +122,6 @@
};
systemd.services = {
- kea-dhcp4-server = {
- restartTriggers = [ config.sops.secrets.kea-dhcp4_conf.sopsFile ];
- serviceConfig = {
- ExecStart = lib.mkForce ''
- ${pkgs.kea}/bin/kea-dhcp4 -c ''${CREDENTIALS_DIRECTORY}/kea-dhcp4_conf
- '';
- LoadCredential = [ "kea-dhcp4_conf:${config.sops.secrets.kea-dhcp4_conf.path}" ];
- };
- };
-
tftpd = {
after = [ "nftables.service" ];
description = "TFTP server";