Compare commits
2 Commits
5bf28d9326
...
07963d1b61
Author | SHA1 | Date | |
---|---|---|---|
07963d1b61 | |||
7149638ef0 |
|
@ -20,6 +20,11 @@ rec {
|
|||
"78.20.172.in-addr.arpa"
|
||||
"79.20.172.in-addr.arpa"
|
||||
"99.22.172.in-addr.arpa"
|
||||
"99.22.172.in-addr.arpa"
|
||||
"2.0.0.0.c.2.0.8.1.8.0.0.a.2.ip6.arpa"
|
||||
"4.1.b.a.c.a.2.8.3.5.f.0.a.2.ip6.arpa"
|
||||
"5.0.2.d.3.c.2.4.0.0.2.4.d.f.ip6.arpa"
|
||||
"5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa"
|
||||
];
|
||||
|
||||
mapI = start: end: f:
|
||||
|
|
|
@ -112,6 +112,14 @@ in
|
|||
min ra interval 10;
|
||||
max ra interval 60;
|
||||
solicited ra unicast yes;
|
||||
${if config.site.net.${net}.dhcp.server == null
|
||||
then ''
|
||||
# Do not use DHCP6.
|
||||
managed no;
|
||||
'' else ''
|
||||
# Use DHCP6 for DynDNS.
|
||||
managed yes;
|
||||
''}
|
||||
|
||||
${builtins.concatStringsSep "\n" (
|
||||
map (subnet6: ''
|
||||
|
|
|
@ -25,6 +25,7 @@ in
|
|||
settings = {
|
||||
interfaces-config.interfaces = builtins.attrNames dhcpNets;
|
||||
dhcp-ddns.enable-updates = true;
|
||||
ddns-send-updates = true;
|
||||
|
||||
subnet4 = concatMapDhcpNets (net: { vlan, subnet4, dhcp, domainName, ... }: {
|
||||
id = vlan;
|
||||
|
@ -32,6 +33,7 @@ in
|
|||
pools = [ {
|
||||
pool = "${dhcp.start} - ${dhcp.end}";
|
||||
} ];
|
||||
renew-timer = dhcp.time / 2;
|
||||
rebind-timer = dhcp.time;
|
||||
valid-lifetime = dhcp.max-time;
|
||||
option-data = [ {
|
||||
|
@ -56,13 +58,25 @@ in
|
|||
match-client-id = false;
|
||||
host-reservation-identifiers = [ "hw-address" ];
|
||||
reservations = concatMapDhcpNets (net: { hosts4, dhcp, ... }:
|
||||
builtins.attrValues (
|
||||
builtins.mapAttrs (name: hwaddr: {
|
||||
hostname = "${name}.${net}.zentralwerk.org";
|
||||
hw-address = hwaddr;
|
||||
ip-address = hosts4.${name};
|
||||
}) dhcp.fixed-hosts
|
||||
));
|
||||
builtins.filter (r: r != null) (
|
||||
builtins.attrValues (
|
||||
builtins.mapAttrs (addr: hwaddr:
|
||||
let
|
||||
names = builtins.attrNames (
|
||||
lib.filterAttrs (_: hostAddr:
|
||||
hostAddr == addr
|
||||
) hosts4);
|
||||
name = builtins.head names;
|
||||
in
|
||||
if builtins.length names > 0
|
||||
then {
|
||||
hostname = "${name}.${net}.zentralwerk.org";
|
||||
hw-address = hwaddr;
|
||||
ip-address = hosts4.${name};
|
||||
}
|
||||
else null
|
||||
) dhcp.fixed-hosts
|
||||
)));
|
||||
|
||||
# Netbooting
|
||||
option-def = [ {
|
||||
|
@ -141,6 +155,73 @@ in
|
|||
);
|
||||
};
|
||||
};
|
||||
services.kea.dhcp6 = lib.optionalAttrs enabled {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
interfaces-config.interfaces = builtins.attrNames dhcpNets;
|
||||
dhcp-ddns.enable-updates = true;
|
||||
ddns-override-no-update = true;
|
||||
ddns-override-client-update = true;
|
||||
ddns-replace-client-name = "when-not-present";
|
||||
|
||||
subnet6 = concatMapDhcpNets (net: { vlan, subnets6, dhcp, domainName, ... }:
|
||||
let
|
||||
subnet = subnets6.up4 or subnets6.flpk or null;
|
||||
prefix = builtins.head (builtins.split "::/" subnet);
|
||||
in
|
||||
if subnet != null
|
||||
then {
|
||||
id = vlan;
|
||||
interface = net;
|
||||
inherit subnet;
|
||||
pools = [ {
|
||||
pool = "${prefix}:c3d2:c3d2:c3d2:1000 - ${prefix}:c3d2:c3d2:c3d2:ffff";
|
||||
#pool = subnet;
|
||||
} ];
|
||||
renew-timer = dhcp.time / 2;
|
||||
rebind-timer = dhcp.time;
|
||||
valid-lifetime = dhcp.max-time;
|
||||
#option-data = [ {
|
||||
# space = "dhcp6";
|
||||
# name = "domain-search";
|
||||
# code = 24;
|
||||
# data = domainName;
|
||||
#} {
|
||||
# space = "dhcp6";
|
||||
# name = "dns-servers";
|
||||
# code = 23;
|
||||
# data = "172.20.73.8, 9.9.9.9";
|
||||
#} ];
|
||||
ddns-generated-prefix = "d";
|
||||
ddns-qualifying-suffix = domainName;
|
||||
}
|
||||
else []
|
||||
);
|
||||
|
||||
host-reservation-identifiers = [ "hw-address" ];
|
||||
#reservations = concatMapDhcpNets (net: { hosts6, dhcp, ... }:
|
||||
# builtins.filter (r: r != null) (
|
||||
# builtins.attrValues (
|
||||
# builtins.mapAttrs (name: hwaddr:
|
||||
# let
|
||||
# ip-addresses = lib.pipe hosts6 [
|
||||
# (builtins.mapAttrs (_: hosts6: hosts6.${name} or null))
|
||||
# builtins.attrValues
|
||||
# (builtins.filter (a: a != null))
|
||||
# ];
|
||||
# in
|
||||
# if builtins.trace (lib.generators.toPretty {} ip-addresses) (builtins.length ip-addresses) > 0
|
||||
# then {
|
||||
# hostname = "${name}.${net}.zentralwerk.org";
|
||||
# hw-address = hwaddr;
|
||||
# inherit ip-addresses;
|
||||
# }
|
||||
# else null
|
||||
# ) dhcp.fixed-hosts
|
||||
# )));
|
||||
};
|
||||
};
|
||||
services.kea.dhcp-ddns = lib.optionalAttrs enabled {
|
||||
enable = true;
|
||||
|
||||
|
@ -171,9 +252,16 @@ in
|
|||
}) (
|
||||
builtins.filter ({ name, dynamic, ... }:
|
||||
dynamic &&
|
||||
lib.hasSuffix ".in-addr.arpa" name
|
||||
(lib.hasSuffix ".in-addr.arpa" name ||
|
||||
lib.hasSuffix ".ip6.arpa" name)
|
||||
) config.site.dns.localZones
|
||||
);
|
||||
};
|
||||
};
|
||||
|
||||
# Hotfix weird ddns service behaviour
|
||||
systemd.services.kea-dhcp-ddns-server.after = [
|
||||
"systemd.services.kea-dhcp4-server.service"
|
||||
"systemd.services.kea-dhcp6-server.service"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -132,6 +132,13 @@ let
|
|||
)
|
||||
);
|
||||
|
||||
mgmtInterface =
|
||||
let
|
||||
mgmtInterfaces = networkInterfaces "mgmt";
|
||||
in if builtins.length mgmtInterfaces == 1
|
||||
then builtins.head mgmtInterfaces
|
||||
else "br-mgmt";
|
||||
|
||||
in
|
||||
''
|
||||
# Set root password
|
||||
|
@ -306,6 +313,11 @@ in
|
|||
uci set wireless.@wifi-iface[-1].ieee80211k=1
|
||||
uci set wireless.@wifi-iface[-1].rrm_neighbor_report=1
|
||||
uci set wireless.@wifi-iface[-1].rrm_beacon_report=1
|
||||
uci set wireless.@wifi-iface[-1].ieee80211r=1
|
||||
uci set wireless.@wifi-iface[-1].ft_over_ds=1
|
||||
uci set wireless.@wifi-iface[-1].ft_psk_generate_local=1
|
||||
uci set wireless.@wifi-iface[-1].ieee80211v=1
|
||||
uci set wireless.@wifi-iface[-1].ft_bridge=${mgmtInterface}
|
||||
''
|
||||
) (builtins.attrNames radioConfig.ssids)}
|
||||
'') (builtins.attrNames hostConfig.wifi))}
|
||||
|
@ -314,7 +326,11 @@ in
|
|||
uci set usteer.@usteer[0].assoc_steering=1
|
||||
uci set usteer.@usteer[0].initial_connect_delay=200
|
||||
uci set usteer.@usteer[0].load_kick_enabled=1
|
||||
uci set usteer.@usteer[0].signal_diff_threshold=10
|
||||
uci set usteer.@usteer[0].load_kick_threshold=67
|
||||
uci set usteer.@usteer[0].signal_diff_threshold=15
|
||||
uci set usteer.@usteer[0].load_balancing_threshold=8
|
||||
uci set usteer.@usteer[0].band_steering_threshold=16
|
||||
# uci add_list usteer.@usteer[0].event_log_types probe_req_accept probe_req_deny auth_req_accept auth_req_deny assoc_req_accept assoc_req_deny load_kick_trigger load_kick_reset load_kick_min_clients load_kick_no_client load_kick_client signal_kick
|
||||
|
||||
uci commit
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user