feat[server]: add home proxy

2026-04-15 05:39:11 +02:00 · 2026-01-04 17:45:53 +01:00 · 2026-01-04 17:45:53 +01:00 · c1c7431891
commit c1c7431891
parent 75891c3103
84 changed files with 2961 additions and 1601 deletions
--- a/modules/nixos/server/kea.nix
+++ b/modules/nixos/server/kea.nix
@ -1,6 +1,6 @@
-{ lib, config, globals, confLib, ... }:
+{ self, lib, config, globals, confLib, ... }:
 let
-  inherit (confLib.gen { name = "kea"; dir = "/var/lib/private/kea"; }) serviceName serviceDir;
+  inherit (confLib.gen { name = "kea"; dir = "/var/lib/private/kea"; }) serviceName serviceDir homeDnsServer;
  dhcpX = intX:
    let
      x = builtins.toString intX;
@ -8,6 +8,7 @@ let
    {
      enable = true;
      settings = {
+        reservations-out-of-pool = true;
        lease-database = {
          name = "/var/lib/kea/dhcp${x}.leases";
          persist = true;
@ -24,37 +25,44 @@ let
            inherit (vlanCfg) id;
            interface = "me-${vlanName}";
            subnet = vlanCfg."cidrv${x}";
+            rapid-commit = lib.mkIf (intX == 6) true;
            pools = [
              {
                pool = "${lib.net.cidr.host 20 vlanCfg."cidrv${x}"} - ${lib.net.cidr.host (-6) vlanCfg."cidrv${x}"}";
              }
            ];
+            pd-pools = lib.mkIf (intX == 6) [
+              {
+                prefix = builtins.replaceStrings [ "::" ] [ ":0:0:100::" ] (lib.head (lib.splitString "/" vlanCfg.cidrv6));
+                prefix-len = 56;
+                delegated-len = 64;
+              }
+            ];
            option-data =
              lib.optional (intX == 4)
                {
                  name = "routers";
-                  data = vlanCfg.hosts.hintbooth."ipv${x}"; # FIXME: how to advertise v6 address also?
+                  data = vlanCfg.hosts.hintbooth."ipv${x}";
+                }
+              # Advertise DNS server for VLANS that have internet access
+              ++
+              lib.optional
+                (lib.elem vlanName globals.general.internetVLANs)
+                {
+                  name = if (intX == 4) then "domain-name-servers" else "dns-servers";
+                  data = globals.networks.home-lan.vlans.services.hosts.${homeDnsServer}."ipv${x}";
                };
-            # Advertise DNS server for VLANS that have internet access
-            # ++
-            # lib.optional
-            #   (lib.elem vlanName [
-            #     "services"
-            #     "home"
-            #     "devices"
-            #     "guests"
-            #   ])
-            #   {
-            #     name = "domain-name-servers";
-            #     data = globals.networks.home-lan.vlans.services.hosts.hintbooth-adguardhome.ipv4;
-            #   };
            reservations = lib.concatLists (
              lib.forEach (builtins.attrValues vlanCfg.hosts) (
                hostCfg:
                lib.optional (hostCfg.mac != null) {
-                  hw-address = hostCfg.mac;
+                  hw-address = lib.mkIf (intX == 4) hostCfg.mac;
+                  duid = lib.mkIf (intX == 6) "00:03:00:01:${hostCfg.mac}"; # 00:03 = duid type 3; 00:01 = ethernet
                  ip-address = lib.mkIf (intX == 4) hostCfg."ipv${x}";
                  ip-addresses = lib.mkIf (intX == 6) [ hostCfg."ipv${x}" ];
+                  prefixes = lib.mkIf (intX == 6) [
+                    "${builtins.replaceStrings ["::"] [":0:0:${builtins.toString (256 + hostCfg.id)}::"] (lib.head (lib.splitString "/" vlanCfg.cidrv6))}/64"
+                  ];
                }
              )
            );
@ -73,6 +81,14 @@ in
      { directory = serviceDir; mode = "0700"; }
    ];

+    topology = {
+      extractors.kea.enable = false;
+      self.services.${serviceName} = {
+        name = lib.swarselsystems.toCapitalized serviceName;
+        icon = "${self}/files/topology-images/${serviceName}.png";
+      };
+    };
+
    services.kea = {
      dhcp4 = dhcpX 4;
      dhcp6 = dhcpX 6;