chore(os/kay/dns): refactor

3 files changed, 76 insertions, 73 deletions

diff --git a/os/kay/modules/network/headscale/default.nix b/os/kay/modules/network/headscale/default.nix
index 6f35c5d..b6766c5 100644
--- a/os/kay/modules/network/headscale/default.nix
+++ b/os/kay/modules/network/headscale/default.nix
@@ -118,14 +118,9 @@ in
     "headscale/pre_auth_key".sopsFile = ./secrets.yaml;
   };
 
-  networking = {
-    nameservers = [ "100.100.100.100" ];
-    search = [ config.services.headscale.settings.dns.base_domain ];
-
-    firewall = {
-      interfaces.ppp0.allowedUDPPorts = [ stunPort ];
-      trustedInterfaces = [ config.services.tailscale.interfaceName ];
-    };
+  networking.firewall = {
+    interfaces.ppp0.allowedUDPPorts = [ stunPort ];
+    trustedInterfaces = [ config.services.tailscale.interfaceName ];
   };
   # for exit node only
   boot.kernel.sysctl = {
@@ -189,7 +184,6 @@ in
 
     tailscale = {
       enable = true;
-      interfaceName = "headscale";
       openFirewall = true;
 
       authKeyFile = config.sops.secrets."headscale/pre_auth_key".path;
diff --git a/os/kay/modules/network/ppp/default.nix b/os/kay/modules/network/ppp/default.nix
index 43059b6..a1f0461 100644
--- a/os/kay/modules/network/ppp/default.nix
+++ b/os/kay/modules/network/ppp/default.nix
@@ -3,10 +3,6 @@
 let
   inetVlan = 1003;
   wanInterface = "enp3s0";
-  nameServer = [
-    "1.0.0.1"
-    "1.1.1.1"
-  ];
 in
 {
   sops.secrets = {
@@ -23,52 +19,42 @@ in
     };
   };
 
-  services = {
-    dnsmasq = {
-      enable = true;
-      settings = {
-        server = nameServer;
-        bind-interfaces = true;
-      };
-    };
+  services.pppd = {
+    enable = true;
 
-    pppd = {
-      enable = true;
+    config = ''
+      plugin pppoe.so
+      debug
 
-      config = ''
-        plugin pppoe.so
-        debug
+      nic-wan
+      defaultroute
+      ipv6 ::1337,
+      noauth
 
-        nic-wan
-        defaultroute
-        ipv6 ::1337,
-        noauth
-
-        persist
-        lcp-echo-adaptive
-        lcp-echo-interval 1
-        lcp-echo-failure 5
-      '';
+      persist
+      lcp-echo-adaptive
+      lcp-echo-interval 1
+      lcp-echo-failure 5
+    '';
 
-      script."01-ipv6-ra" = {
-        type = "ip-up";
-        runtimeInputs = [ pkgs.procps ];
+    script."01-ipv6-ra" = {
+      type = "ip-up";
+      runtimeInputs = [ pkgs.procps ];
 
-        text = ''
-          sysctl net.ipv6.conf.ppp0.accept_ra=2
-        '';
-      };
+      text = ''
+        sysctl net.ipv6.conf.ppp0.accept_ra=2
+      '';
+    };
 
-      peers.keralavision = {
-        enable = true;
-        autostart = true;
-        configFile = config.sops.secrets."ppp/username".path;
-      };
+    peers.keralavision = {
+      enable = true;
+      autostart = true;
+      configFile = config.sops.secrets."ppp/username".path;
+    };
 
-      secret = {
-        chap = config.sops.secrets."ppp/chap-secrets".path;
-        pap = config.sops.secrets."ppp/pap-secrets".path;
-      };
+    secret = {
+      chap = config.sops.secrets."ppp/chap-secrets".path;
+      pap = config.sops.secrets."ppp/pap-secrets".path;
     };
   };
 }
diff --git a/os/kay/modules/network/router.nix b/os/kay/modules/network/router.nix
index aeb008c..dc2e9eb 100644
--- a/os/kay/modules/network/router.nix
+++ b/os/kay/modules/network/router.nix
@@ -7,30 +7,29 @@ let
   gponPrefix = 24;
 
   lanInterface = "enp8s0f3u1c2";
-  bridgeInterface = "lan";
-  subnet = "192.168.43.0";
-  prefix = 24;
-  host = "192.168.43.1";
-  leaseRangeStart = "192.168.43.100";
-  leaseRangeEnd = "192.168.43.254";
+  lanBridgeInterface = "lan";
+  lanPrefix = 24;
+  lanHost = "192.168.43.1";
 
-  wapMac = "40:86:cb:d7:40:49";
-  wapIp = "192.168.43.2";
+  lanLeaseRangeStart = "192.168.43.100";
+  lanLeaseRangeEnd = "192.168.43.254";
+  # lanWapMac = "40:86:cb:d7:40:49";
+  # lanWapIp = "192.168.43.2";
 in
 {
   networking = {
-    bridges.${bridgeInterface}.interfaces = [ lanInterface ];
+    bridges.${lanBridgeInterface}.interfaces = [ lanInterface ];
 
     nat = {
       enable = true;
       externalInterface = wanInterface;
-      internalInterfaces = [ bridgeInterface ];
+      internalInterfaces = [ lanBridgeInterface ];
     };
     interfaces = {
-      ${bridgeInterface}.ipv4.addresses = [
+      ${lanBridgeInterface}.ipv4.addresses = [
         {
-          address = host;
-          prefixLength = prefix;
+          address = lanHost;
+          prefixLength = lanPrefix;
         }
       ];
       ${gponInterface}.ipv4.addresses = [
@@ -59,14 +58,38 @@ in
     };
   };
 
-  services.dnsmasq.settings = {
-    dhcp-range = [ "${leaseRangeStart},${leaseRangeEnd}" ];
-    dhcp-host = "${wapMac},${wapIp}";
-    interface = [ bridgeInterface ];
-  };
+  services = {
+    kea.dhcp4 = {
+      enable = true;
+      settings = {
+        interfaces-config.interfaces = [ lanBridgeInterface ];
+        lease-database = {
+          persist = true;
+          type = "memfile";
+          name = "/var/lib/kea/dhcp4.leases";
+        };
+        subnet4 = [
+          {
+            id = 1;
+            pools = [
+              {
+                pool = "${lanLeaseRangeStart} - ${lanLeaseRangeEnd}";
+              }
+            ];
+            subnet = "${lanHost}/${toString lanPrefix}";
+          }
+        ];
+        rebind-timer = 2000;
+        renew-timer = 1000;
+        valid-lifetime = 4000;
+      };
+    };
 
-  services.prometheus.exporters.dnsmasq = {
-    enable = true;
-    listenAddress = "127.0.0.1";
+    resolved = {
+      enable = true;
+      extraConfig = ''
+        DNSStubListenerExtra=${lanHost}
+      '';
+    };
   };
 }