feat(zackbiene): start clean; add kea instead of dhcpcd

chore: switch to hosts.toml
2025-10-11 07:10:39 +02:00 · 2023-07-25 18:48:42 +02:00 · 2023-07-25 18:48:42 +02:00 · b2b2e60725
commit b2b2e60725
parent 82d757059f
19 changed files with 195 additions and 142 deletions
--- a/hosts/ward/kea.nix
+++ b/hosts/ward/kea.nix
@ -1,77 +1,60 @@
 {
-  config,
  lib,
  utils,
  nodes,
  ...
 }: let
-  inherit
-    (lib)
-    flip
-    mapAttrsToList
-    mkOption
-    net
-    types
-    ;
-
+  inherit (lib) net;
  lanCidrv4 = "192.168.100.0/24";
  dnsIp = net.cidr.host 2 lanCidrv4;
 in {
  # TODO make meta.kea module?
  # TODO reserve by default using assignIps algo?
-  options.networking.dhcp4Reservations = mkOption {
-    default = {};
-    type = types.attrsOf (types.net.ipv4-in lanCidrv4);
-    description = "Maps MAC addresses to their reserved ipv4 address.";
-  };
-
-  config = {
-    services.kea.dhcp4 = {
-      enable = true;
-      settings = {
-        lease-database = {
-          name = "/var/lib/kea/dhcp4.leases";
-          persist = true;
-          type = "memfile";
-        };
-        valid-lifetime = 4000;
-        renew-timer = 1000;
-        rebind-timer = 2000;
-        interfaces-config = {
-          # XXX: why does this bind other macvtaps?
-          interfaces = ["lan-self"];
-          service-sockets-max-retries = -1;
-        };
-        option-data = [
-          {
-            name = "domain-name-servers";
-            data = dnsIp;
-          }
-        ];
-        subnet4 = [
-          {
-            interface = "lan-self";
-            subnet = lanCidrv4;
-            pools = [
-              {pool = "${net.cidr.host 20 lanCidrv4} - ${net.cidr.host (-6) lanCidrv4}";}
-            ];
-            option-data = [
-              {
-                name = "routers";
-                data = net.cidr.host 1 lanCidrv4;
-              }
-            ];
-            reservations = [
-              {
-                hw-address = nodes.ward-adguardhome.config.lib.microvm.mac;
-                ip-address = dnsIp;
-              }
-            ];
-          }
-        ];
+  services.kea.dhcp4 = {
+    enable = true;
+    settings = {
+      lease-database = {
+        name = "/var/lib/kea/dhcp4.leases";
+        persist = true;
+        type = "memfile";
      };
+      valid-lifetime = 4000;
+      renew-timer = 1000;
+      rebind-timer = 2000;
+      interfaces-config = {
+        # XXX: why does this bind other macvtaps?
+        interfaces = ["lan-self"];
+        service-sockets-max-retries = -1;
+      };
+      option-data = [
+        {
+          name = "domain-name-servers";
+          data = dnsIp;
+        }
+      ];
+      subnet4 = [
+        {
+          interface = "lan-self";
+          subnet = lanCidrv4;
+          pools = [
+            {pool = "${net.cidr.host 20 lanCidrv4} - ${net.cidr.host (-6) lanCidrv4}";}
+          ];
+          option-data = [
+            {
+              name = "routers";
+              data = net.cidr.host 1 lanCidrv4;
+            }
+          ];
+          reservations = [
+            {
+              hw-address = nodes.ward-adguardhome.config.lib.microvm.mac;
+              ip-address = dnsIp;
+            }
+          ];
+        }
+      ];
    };
-
-    systemd.services.kea-dhcp4-server.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "lan-self"}.device"];
  };
+
+  systemd.services.kea-dhcp4-server.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "lan-self"}.device"];
 }
--- a/hosts/ward/microvms/common.nix
+++ b/hosts/ward/microvms/common.nix
@ -7,7 +7,7 @@ in {
    proxy = "sentinel";
  };

-  # Connect safely via wireguard to skip authentication
+  # Connect safely via wireguard to skip http authentication
  networking.hosts.${sentinelCfg.meta.wireguard.proxy-sentinel.ipv4} = [sentinelCfg.networking.providedDomains.influxdb];
  meta.telegraf = {
    enable = true;
--- a/hosts/ward/secrets/loki/loki-basic-auth-hashes.age
+++ b/hosts/ward/secrets/loki/loki-basic-auth-hashes.age