infrastructure/machines/vault01/k-radius/site-dhcp.nix

{ pkgs, vlans }:
let
  listen =
    {
      vlan,
      servIP,
      broadIP,
      interfaceName,
      ...
    }:
    ''
      listen {
        type = dhcp
        ipaddr = ${servIP}
        src_ipaddr = ${servIP}
        port = 67
        interface = ${interfaceName}
        broadcast = no #?
        performance {
          skip_duplicate_checks = no
        }
        # we store servIP so that latter modules can know with wich IP reply
        update control {
          &Client-Vlan = ${toString vlan}
          &Server-IP = ${servIP}
          &Broadcast-IP = ${broadIP}
        }
      }
    '';
  dhcpCommon = ''
    update reply {
      &DHCP-Domain-Name-Server = 10.0.0.1
      &DHCP-Subnet-Mask = 255.255.255.224
      &DHCP-Router-Address = &control:Server-IP
      &DHCP-Broadcast-Address = &control:Broadcast-IP
      &DHCP-DHCP-Server-Identifier = 10.0.0.1
    }
  '';
  dhcpDiscover = ''
    dhcp DHCP-Discover {
      ${dhcpCommon}
      update control {
        &Pool-Name := "pool-%{&control:Client-Vlan}"
      }
      dhcp_sqlippool
      if (notfound) {
        do_not_respond #TODO not silent
      }
      ok
    }
  '';
  dhcpRequest = ''
    dhcp DHCP-Request {
      if (&request:DHCP-DHCP-Server-Identifier && \
          &request:DHCP-DHCP-Server-Identifier != &control:Server-IP) {
        do_not_respond
      }
      ${dhcpCommon}
      update control {
        &Pool-Name := "pool-%{&control:Client-Vlan}"
      }
      dhcp_sqlippool_request
      if (notfound) {
        do_not_respond #TODO not silent
      }
      ok
    }
  '';
in
pkgs.writeText "site-dhcp" ''
  server dhcp {

    ${builtins.concatStringsSep "\n\n" (map listen vlans)}

    ${dhcpDiscover}

    ${dhcpRequest}

  }
''