vcp-bula-nixfiles/hosts/router/201-net-ikt.nix

{ config, pkgs, ...}:

{
  networking.vlans."net-ikt" = {
    id = 201;
    interface = "ens18";
  };

  networking.interfaces.net-ikt.ipv6.addresses = [
    { address = "fe80::1"; prefixLength = 64; }
    { address = "fd00:10:42:201::1"; prefixLength = 64; }
  ];
  networking.interfaces.net-ikt.ipv4.addresses = [
    { address = "10.42.201.1"; prefixLength = 24; }
  ];

  services.radvd.config = ''
    interface net-ikt {
      AdvSendAdvert on;
      MaxRtrAdvInterval 30;
      prefix ::/64 {
        AdvValidLifetime 60;
        AdvPreferredLifetime 30;
      };
      RDNSS 2a01:4f8:1c0c:8221::8 {};
      DNSSL bula22.de {};
    };
  '';

  services.kea.dhcp4 = {
    settings = {
      interfaces-config = {
        interfaces = [ "net-ikt" ];
      };
      subnet4 = [
        {
          id = 201;
          subnet = "10.42.201.1/24";
          pools = [
            {
              pool = "10.42.201.100 - 10.42.201.240";
            }
          ];
          option-data = [
            {
              name = "routers";
              data = "10.42.201.1";
            }
          ];
        }
      ];
    };
  };

  clerie.forward-filter.interfaces.net-ikt.rules = [
    # Allow infrastructure devices to access ikt user devices for downloading software etc
    { incomingInterface = "net-management"; }
  ];

  clerie.uplink-selector.interfaces.net-ikt.uplink = "uplink-b";
}