From 5e36c91ef657010c41749b1271d774b3803c3f53 Mon Sep 17 00:00:00 2001
From: Daniel Poelzleithner <git@poelzi.org>
Date: Thu, 18 Apr 2024 13:46:33 +0200
Subject: [PATCH] Add ddns-update-on-renew option and higher lease time

Update DDNS entries on renew of lease. Automatically
fixes stale and missing DNS entries.

increase lease time to 15 minutes on priv networks
---
 config/net/priv.nix                        | 3 ++-
 nix/lib/config/options.nix                 | 5 +++++
 nix/nixos-module/container/dhcp-server.nix | 8 ++++++--
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/config/net/priv.nix b/config/net/priv.nix
index 4831cc6..84850a8 100644
--- a/config/net/priv.nix
+++ b/config/net/priv.nix
@@ -16,9 +16,10 @@ lib.mkMerge (
       site.net."priv${toString n}" = {
         dhcp = {
           server = "priv${toString n}-gw";
-          time = 300;
+          time = 900;
           max-time = 60 * 24 * 3600;
           router = "priv${toString n}-gw";
+          updateOnRenewal = true;
         };
         domainName = "priv${toString n}.zentralwerk.org";
         dynamicDomain = true;
diff --git a/nix/lib/config/options.nix b/nix/lib/config/options.nix
index de776c2..fe04e86 100644
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@@ -96,6 +96,11 @@ let
       type = with types; attrsOf str;
       default = {};
     };
+    updateOnRenewal = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Update DNS entry on renewal";
+    };
   };
 
   netOpts = { name, ... }: {
diff --git a/nix/nixos-module/container/dhcp-server.nix b/nix/nixos-module/container/dhcp-server.nix
index 79518c0..64883d8 100644
--- a/nix/nixos-module/container/dhcp-server.nix
+++ b/nix/nixos-module/container/dhcp-server.nix
@@ -29,6 +29,10 @@ in
       # TODO: use with kea >= 2.5.0
       # ddns-conflict-resolution-mode = "check-exists-with-dhcid";
       ddns-use-conflict-resolution = false;
+      ddns-replace-client-name = "when-not-present";
+      # fix old, wrong or lost dns entries on renewal
+      ddns-update-on-renew = builtins.any (a: a)
+        (concatMapDhcpNets (net: { dhcp, ... }: dhcp.updateOnRenewal));
       expired-leases-processing.hold-reclaimed-time = builtins.foldl' lib.max
         3600 (concatMapDhcpNets (net: { dhcp, ... }: dhcp.max-time));
 
@@ -38,8 +42,8 @@ in
         pools = [ {
             pool = "${dhcp.start} - ${dhcp.end}";
         } ];
-        renew-timer = builtins.ceil (.5 * dhcp.time);
-        rebind-timer = builtins.ceil (.85 * dhcp.time);
+        renew-timer = builtins.ceil (0.5 * dhcp.time);
+        rebind-timer = builtins.ceil (0.85 * dhcp.time);
         valid-lifetime = dhcp.time;
         option-data = [ {
           space = "dhcp4";