nixos-module/container/dhcp-server: enable dhcp6-server just for dyndns

2023-10-27 23:45:36 +02:00 · 2023-10-27 23:45:36 +02:00 · 07963d1b61
parent 7149638ef0
commit 07963d1b61
3 changed files with 109 additions and 8 deletions
--- a/nix/lib/dns.nix
+++ b/nix/lib/dns.nix
@ -20,6 +20,11 @@ rec {
    "78.20.172.in-addr.arpa"
    "79.20.172.in-addr.arpa"
    "99.22.172.in-addr.arpa"
+    "99.22.172.in-addr.arpa"
+    "2.0.0.0.c.2.0.8.1.8.0.0.a.2.ip6.arpa"
+    "4.1.b.a.c.a.2.8.3.5.f.0.a.2.ip6.arpa"
+    "5.0.2.d.3.c.2.4.0.0.2.4.d.f.ip6.arpa"
+    "5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa"
  ];

  mapI = start: end: f:
--- a/nix/nixos-module/container/bird.nix
+++ b/nix/nixos-module/container/bird.nix
@ -112,6 +112,14 @@ in
              min ra interval 10;
              max ra interval 60;
              solicited ra unicast yes;
+              ${if config.site.net.${net}.dhcp.server == null
+                then ''
+                  # Do not use DHCP6.
+                  managed no;
+                '' else ''
+                  # Use DHCP6 for DynDNS.
+                  managed yes;
+                ''}

              ${builtins.concatStringsSep "\n" (
                map (subnet6: ''
--- a/nix/nixos-module/container/dhcp-server.nix
+++ b/nix/nixos-module/container/dhcp-server.nix
@ -25,6 +25,7 @@ in
    settings = {
      interfaces-config.interfaces = builtins.attrNames dhcpNets;
      dhcp-ddns.enable-updates = true;
+      ddns-send-updates = true;

      subnet4 = concatMapDhcpNets (net: { vlan, subnet4, dhcp, domainName, ... }: {
        id = vlan;
@ -32,6 +33,7 @@ in
        pools = [ {
            pool = "${dhcp.start} - ${dhcp.end}";
        } ];
+        renew-timer = dhcp.time / 2;
        rebind-timer = dhcp.time;
        valid-lifetime = dhcp.max-time;
        option-data = [ {
@ -56,13 +58,25 @@ in
      match-client-id = false;
      host-reservation-identifiers = [ "hw-address" ];
      reservations = concatMapDhcpNets (net: { hosts4, dhcp, ... }:
-        builtins.attrValues (
-          builtins.mapAttrs (name: hwaddr: {
-            hostname = "${name}.${net}.zentralwerk.org";
-            hw-address = hwaddr;
-            ip-address = hosts4.${name};
-          }) dhcp.fixed-hosts
-        ));
+        builtins.filter (r: r != null) (
+          builtins.attrValues (
+            builtins.mapAttrs (addr: hwaddr:
+              let
+                names = builtins.attrNames (
+                  lib.filterAttrs (_: hostAddr:
+                    hostAddr == addr
+                  ) hosts4);
+                name = builtins.head names;
+              in
+              if builtins.length names > 0
+              then {
+                hostname = "${name}.${net}.zentralwerk.org";
+                hw-address = hwaddr;
+                ip-address = hosts4.${name};
+              }
+              else null
+            ) dhcp.fixed-hosts
+          )));

      # Netbooting
      option-def = [ {
@ -141,6 +155,73 @@ in
          );
    };
  };
+  services.kea.dhcp6 = lib.optionalAttrs enabled {
+    enable = true;
+
+    settings = {
+      interfaces-config.interfaces = builtins.attrNames dhcpNets;
+      dhcp-ddns.enable-updates = true;
+      ddns-override-no-update = true;
+      ddns-override-client-update = true;
+      ddns-replace-client-name = "when-not-present";
+
+      subnet6 = concatMapDhcpNets (net: { vlan, subnets6, dhcp, domainName, ... }:
+        let
+          subnet = subnets6.up4 or subnets6.flpk or null;
+          prefix = builtins.head (builtins.split "::/" subnet);
+        in
+          if subnet != null
+          then {
+            id = vlan;
+            interface = net;
+            inherit subnet;
+            pools = [ {
+              pool = "${prefix}:c3d2:c3d2:c3d2:1000 - ${prefix}:c3d2:c3d2:c3d2:ffff";
+              #pool = subnet;
+            } ];
+            renew-timer = dhcp.time / 2;
+            rebind-timer = dhcp.time;
+            valid-lifetime = dhcp.max-time;
+            #option-data = [ {
+            #  space = "dhcp6";
+            #  name = "domain-search";
+            #  code = 24;
+            #  data = domainName;
+            #} {
+            #  space = "dhcp6";
+            #  name = "dns-servers";
+            #  code = 23;
+            #  data = "172.20.73.8, 9.9.9.9";
+            #} ];
+            ddns-generated-prefix = "d";
+            ddns-qualifying-suffix = domainName;
+          }
+          else []
+      );
+
+      host-reservation-identifiers = [ "hw-address" ];
+      #reservations = concatMapDhcpNets (net: { hosts6, dhcp, ... }:
+      #  builtins.filter (r: r != null) (
+      #    builtins.attrValues (
+      #      builtins.mapAttrs (name: hwaddr:
+      #        let
+      #          ip-addresses = lib.pipe hosts6 [
+      #            (builtins.mapAttrs (_: hosts6: hosts6.${name} or null))
+      #            builtins.attrValues
+      #            (builtins.filter (a: a != null))
+      #         ];
+      #       in
+      #         if builtins.trace (lib.generators.toPretty {} ip-addresses) (builtins.length ip-addresses) > 0
+      #         then {
+      #            hostname = "${name}.${net}.zentralwerk.org";
+      #            hw-address = hwaddr;
+      #            inherit ip-addresses;
+      #          }
+      #        else null
+      #      ) dhcp.fixed-hosts
+      #    )));
+    };
+  };
  services.kea.dhcp-ddns = lib.optionalAttrs enabled {
    enable = true;

@ -171,9 +252,16 @@ in
      }) (
        builtins.filter ({ name, dynamic, ... }:
          dynamic &&
-          lib.hasSuffix ".in-addr.arpa" name
+          (lib.hasSuffix ".in-addr.arpa" name ||
+           lib.hasSuffix ".ip6.arpa" name)
        ) config.site.dns.localZones
      );
    };
  };
+
+  # Hotfix weird ddns service behaviour
+  systemd.services.kea-dhcp-ddns-server.after = [
+    "systemd.services.kea-dhcp4-server.service"
+    "systemd.services.kea-dhcp6-server.service"
+  ];
 }