# ISC DHCP/IPv4 server configuration
{ hostName, config, lib, ... }:

let
  dhcpNets =
    lib.filterAttrs (_: { dhcp, ... }:
      dhcp != null &&
      dhcp.server == hostName
    ) config.site.net;

  enabled = builtins.length (builtins.attrNames dhcpNets) > 0;
in
{
  services.dhcpd4 = lib.optionalAttrs enabled {
    enable = true;

    interfaces = builtins.attrNames dhcpNets;

    extraConfig = ''
      ${builtins.concatStringsSep "\n" (
        builtins.attrValues (
          builtins.mapAttrs (net: { dhcp, subnet4Net, subnet4Len, domainName, ...}:
            ''
              ddns-update-style standard;
              key dyndns {
                algorithm hmac-sha256;
                secret ${config.site.dyndnsKey};
              };
              zone ${domainName}. {
                primary ${config.site.net.serv.hosts4.dns};
                primary6 ${config.site.net.serv.hosts6.dn42.dns};
                key dyndns;
              }
              ${lib.concatMapStrings ({ name, dynamic, ... }:
                lib.optionalString (
                  dynamic &&
                  lib.hasSuffix ".in-addr.arpa" name
                ) ''
                  zone ${name}. {
                    primary ${config.site.net.serv.hosts4.dns};
                    primary6 ${config.site.net.serv.hosts6.dn42.dns};
                    key dyndns;
                  }
                ''
              ) config.site.dns.localZones}

              option guid code 97 = text;
              group {
                default-lease-time ${toString dhcp.time};
                max-lease-time ${toString dhcp.max-time};
                option routers ${config.site.net.${net}.hosts4.${dhcp.router}};
                option domain-name "${domainName}";
                option domain-name-servers 172.20.73.8, 9.9.9.9;
                ddns-domainname "${domainName}";

                class "pxeclients" {
                  match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";

                  next-server ${config.site.net.serv.hosts4.nfsroot};
                  option tftp-server-address ${config.site.net.serv.hosts4.nfsroot};
                  if suffix(reverse(1, option guid), 5) = 34:69:50:52:00 {
                    # RPi4
                    option vendor-class-identifier "PXEClient";
                    option vendor-encapsulated-options "Raspberry Pi Boot";
                    option tftp-server-name "${config.site.net.serv.hosts4.nfsroot}";
                  } elsif option pxe-system-type = 00:00 {
                    filename "netboot.xyz.kpxe"; # BIOS
                  } elsif option pxe-system-type = 00:07 {
                    filename "netboot.xyz.efi"; # EFI
                    option bootfile-name "netboot.xyz.efi";
                  } elsif option pxe-system-type = 00:06 {
                    filename "netboot.xyz.efi"; # ia32_EFI
                  }
                }

                subnet ${subnet4Net} netmask ${lib.netmasks.${toString subnet4Len}} {
                  range ${dhcp.start} ${dhcp.end};

                  # always assign the same IP to the same MAC address.
                  # fixes changing IP for PXE clients.
                  ignore-client-uids true;
                }

                update-static-leases on;

                ${builtins.concatStringsSep "\n" (
                  builtins.attrValues (
                    builtins.mapAttrs (addr: hwaddr:
                      ''
                        host ${addr} {
                          hardware ethernet ${hwaddr};
                          fixed-address ${addr};
                        }
                      ''
                    ) dhcp.fixed-hosts
                  )
                )}
              }
            ''
          ) dhcpNets
        )
      )}
    '';
  };
}