infrastructure/machines/vault01/k-radius/site-dhcp.nix

let
  listen = vlan: ''
    listen {
      type = dhcp
      ipaddr = 10.0.0.1
      src_ipaddr = 10.0.0.1
      port = 67
      interface = vlan-user-${vlan}
      broadcast = no #?
      performance {
        skip_duplicate_checks = no
      }
      # we store servIP so that latter modules can know with wich IP reply
      update control {
        &Client-Vlan = ${vlan}
      }
    }
  '';
  dhcpCommon = ''
    update reply {
      &DHCP-Domain-Name-Server = 10.0.0.1
      &DHCP-Subnet-Mask = 255.255.128.0 # /17 ?????????
      &DHCP-Router-Address = &control:Server-IP
      &DHCP-Broadcast-Address = 10.0.127.255 # ???????
      &DHCP-IP-Address-Lease-Time = 7200
      &DHCP-DHCP-Server-Identifier = 10.0.0.1
    }
  '';
  dhcpDiscover = ''
    dhcp DHCP-Discover {
      ${dhcpCommon}
      update control {
        &Pool-Name := "pool-%{&control:Client-Vlan}"
      }
      dhcp_sqlippool
      if (notfound) {
        do_not_respond #TODO not silent
      }
      ok
    }
  '';
  dhcpRequest = ''
    dhcp DHCP-Request {
      if (&request:DHCP-DHCP-Server-Identifier && \
          &request:DHCP-DHCP-Server-Identifier != &control:Server-IP) {
        do_not_respond
      }
      ${dhcpCommon}
      update control {
        &Pool-Name := "pool-%{&control:Client-Vlan}"
      }
      dhcp_sqlippool_request
      if (notfound) {
        do_not_respond #TODO not silent
      }
      ok
    }
  '';
in
''
  server dhcp {

    ${builtins.concatStringsSep "\n\n" (map listen [ ])}

    ${dhcpDiscover}

    ${dhcpRequest}

  }
''