feat: refactor du plan IP

2024-04-18 11:41:37 +02:00 · 2024-04-18 11:41:37 +02:00 · 93bf6f8baa
parent 2329799c87
commit 93bf6f8baa
2 changed files with 83 additions and 4 deletions
--- a/machines/vault01/k-radius/site-dhcp.nix
+++ b/machines/vault01/k-radius/site-dhcp.nix
@ -0,0 +1,70 @@
+let
+  listen = vlan: ''
+    listen {
+      type = dhcp
+      ipaddr = 10.0.0.1
+      src_ipaddr = 10.0.0.1
+      port = 67
+      interface = vlan-user-${vlan}
+      broadcast = no #?
+      performance {
+        skip_duplicate_checks = no
+      }
+      # we store servIP so that latter modules can know with wich IP reply
+      update control {
+        &Client-Vlan = ${vlan}
+      }
+    }
+  '';
+  dhcpCommon = ''
+    update reply {
+      &DHCP-Domain-Name-Server = 10.0.0.1
+      &DHCP-Subnet-Mask = 255.255.128.0 # /17 ?????????
+      &DHCP-Router-Address = &control:Server-IP
+      &DHCP-Broadcast-Address = 10.0.127.255 # ???????
+      &DHCP-IP-Address-Lease-Time = 7200
+      &DHCP-DHCP-Server-Identifier = 10.0.0.1
+    }
+  '';
+  dhcpDiscover = ''
+    dhcp DHCP-Discover {
+      ${dhcpCommon}
+      update control {
+        &Pool-Name := "pool-%{&control:Client-Vlan}"
+      }
+      dhcp_sqlippool
+      if (notfound) {
+        do_not_respond #TODO not silent
+      }
+      ok
+    }
+  '';
+  dhcpRequest = ''
+    dhcp DHCP-Request {
+      if (&request:DHCP-DHCP-Server-Identifier && \
+          &request:DHCP-DHCP-Server-Identifier != &control:Server-IP) {
+        do_not_respond
+      }
+      ${dhcpCommon}
+      update control {
+        &Pool-Name := "pool-%{&control:Client-Vlan}"
+      }
+      dhcp_sqlippool_request
+      if (notfound) {
+        do_not_respond #TODO not silent
+      }
+      ok
+    }
+  '';
+in
+''
+  server dhcp {
+
+    ${builtins.concatStringsSep "\n\n" (map listen [ ])}
+
+    ${dhcpDiscover}
+
+    ${dhcpRequest}
+
+  }
+''
--- a/machines/vault01/networking.nix
+++ b/machines/vault01/networking.nix
@ -38,15 +38,24 @@ let
  mkUserVlan =
    id:
    let
-      vlan = 3245 + id;
-      prefix24nb = id / 32;
-      prefix29nb = (id - prefix24nb * 32) * 8;
+      # on alloue 10.0.0.0/17 aux thurnés, avec un /27 chacun, on garde 10.0.0.0/27 pour nous (routeur et autres)
+      vlan = 4094 - id;
+      prefix24nb = (id + 1) / 8;
+      prefix27nb = (id + 1 - prefix24nb * 8) * 32;
    in
    {
      name = "vlan-user-${builtins.toString vlan}";
      value = {
        Id = vlan;
-        address = [ "10.0.${builtins.toString prefix24nb}.${builtins.toString (prefix29nb + 1)}/29" ];
+        extraNetwork.routes = [
+          {
+            routeConfig = {
+              Destination = "10.0.${builtins.toString prefix24nb}.${builtins.toString prefix27nb}/27";
+              Source = "10.0.0.1/17";
+            };
+          }
+        ];
+        address = [ "10.0.0.1/17" ];
      };
    };