# xlab-gateway DHCP + DDNS + radvd
# Kea DHCPv4/v6 on bond.lan254, DDNS forwarding to BIND9 at 10.0.0.1:5353
{ config, pkgs, ... }:
{
# ===========================================================================
# Kea DHCPv4
# ===========================================================================
services.kea.dhcp4 = {
enable = true;
settings = {
interfaces-config.interfaces = [ "bond.lan254" ];
lease-database = {
type = "memfile";
name = "/var/lib/kea/kea-leases4.csv";
persist = true;
lfc-interval = 3600;
};
expired-leases-processing = {
reclaim-timer-wait-time = 10;
flush-reclaimed-timer-wait-time = 25;
hold-reclaimed-time = 3600;
max-reclaim-leases = 100;
max-reclaim-time = 250;
};
valid-lifetime = 86400;
renew-timer = 21600;
rebind-timer = 43200;
option-data = [
{ name = "routers"; data = "10.253.254.1"; }
{ name = "domain-name-servers"; data = "10.0.0.1"; }
{ name = "domain-name"; data = "dev.skyw.top"; }
{ name = "domain-search"; data = "dev.skyw.top"; }
];
subnet4 = [
{
id = 1;
subnet = "10.253.254.0/24";
pools = [
{ pool = "10.253.254.100 - 10.253.254.240"; }
];
option-data = [
{ name = "subnet-mask"; data = "255.255.255.0"; }
{ name = "routers"; data = "10.253.254.1"; }
{ name = "domain-name-servers"; data = "10.0.0.1"; }
# Classless static routes: 10.0.0.0/16 via 10.253.254.1, default via 10.253.254.1
{ code = 121; csv-format = false; data = "100A000AFDFE01000AFDFE01"; }
# MS classless static routes (same)
{ code = 249; csv-format = false; data = "100A000AFDFE01000AFDFE01"; }
];
reservations = [];
}
];
ddns-send-updates = true;
ddns-qualifying-suffix = "dev.skyw.top.";
dhcp-ddns = {
enable-updates = true;
max-queue-size = 1024;
ncr-protocol = "UDP";
ncr-format = "JSON";
sender-ip = "127.0.0.1";
sender-port = 0;
server-ip = "127.0.0.1";
server-port = 53001;
};
};
# 延迟启动,确保网络接口已初始化
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
};
};
# ===========================================================================
# Kea DHCPv6
# ===========================================================================
services.kea.dhcp6 = {
enable = true;
settings = {
interfaces-config.interfaces = [ "bond.lan254" ];
lease-database = {
type = "memfile";
name = "/var/lib/kea/kea-leases6.csv";
persist = true;
lfc-interval = 3600;
};
expired-leases-processing = {
reclaim-timer-wait-time = 10;
flush-reclaimed-timer-wait-time = 25;
hold-reclaimed-time = 3600;
max-reclaim-leases = 100;
max-reclaim-time = 250;
};
valid-lifetime = 86400;
preferred-lifetime = 72000;
renew-timer = 21600;
rebind-timer = 43200;
subnet6 = [
{
id = 1;
subnet = "fd99:23eb:1682:1::/64";
pools = [
{ pool = "fd99:23eb:1682:1::100 - fd99:23eb:1682:1::ffff"; }
];
option-data = [
{ name = "dns-servers"; data = "fd99:23eb:1682::1"; }
{ name = "domain-search"; data = "dev.skyw.top"; }
];
}
];
ddns-send-updates = true;
ddns-qualifying-suffix = "dev.skyw.top.";
dhcp-ddns = {
enable-updates = true;
max-queue-size = 1024;
ncr-protocol = "UDP";
ncr-format = "JSON";
sender-ip = "::1";
sender-port = 0;
server-ip = "::1";
server-port = 53001;
};
};
# 延迟启动,确保网络接口已初始化
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
};
# ===========================================================================
# Kea DHCP-DDNS (D2) - Forwards DNS updates to BIND9
# ===========================================================================
services.kea.dhcp-ddns = {
enable = true;
settings = {
ip-address = "127.0.0.1";
port = 53001;
tsig-keys = [
{
name = "edge-ddns-key";
algorithm = "HMAC-SHA256";
# TODO: Move TSIG secret to agenix
secret = "qq+zsTGsWG4ENW9mazyE3/JFKhsUiUR1ex4geYv8OIo=";
}
];
forward-ddns.ddns-domains = [
{
name = "dev.skyw.top.";
key-name = "edge-ddns-key";
dns-servers = [{ ip-address = "10.0.0.1"; port = 5353; }];
}
];
reverse-ddns.ddns-domains = [
{
name = "10.in-addr.arpa.";
key-name = "edge-ddns-key";
dns-servers = [{ ip-address = "10.0.0.1"; port = 5353; }];
}
{
name = "2.8.6.1.b.e.3.2.9.9.d.f.ip6.arpa.";
key-name = "edge-ddns-key";
dns-servers = [{ ip-address = "10.0.0.1"; port = 5353; }];
}
];
};
};
# ===========================================================================
# radvd - IPv6 Router Advertisements
# ===========================================================================
services.radvd = {
enable = true;
config = ''
interface bond.lan254 {
AdvSendAdvert on;
AdvManagedFlag off;
AdvOtherConfigFlag on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix fd99:23eb:1682:1::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
RDNSS fd99:23eb:1682::1 {
AdvRDNSSLifetime 3600;
};
};
'';
};
}
