valkyrie: Switch from AdGuard Home to blocky (DNS) + kea (DHCP)

machines/valkyrie/blocky/default.nix

@@ -0,0 +1,59 @@
+{
+  services = {
+    blocky = {
+      enable = true;
+      settings = {
+        ports = {
+          dns = 53;
+          http = 4000;
+        };
+        upstreams = {
+          groups = {
+            default = [ "127.0.0.1:5335" ];
+          };
+        };
+
+        blocking = {
+          blacklists = {
+            ads = [
+              "https://big.oisd.nl/domainswild"
+              "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts"
+            ];
+          };
+
+          clientGroupsBlock = {
+            default = [ "ads" ];
+          };
+        };
+
+        customDNS = {
+          mapping = {
+            "ci.datarift.nl" = "10.0.0.251";
+            "home.datarift.nl" = "10.0.0.251";
+            "frigate.datarift.nl" = "10.0.0.251";
+            "git.datarift.nl" = "10.0.0.203";
+            "loki.datarift.nl" = "10.0.0.4";
+            "minio.datarift.nl" = "10.0.0.251";
+            "minio-admin.datarift.nl" = "10.0.0.251";
+            "mqtt.datarift.nl" = "10.0.0.254";
+            "nix-cache.datarift.nl" = "10.0.0.209";
+            "saga.datarift.nl" = "10.0.0.251";
+            "track.datarift.nl" = "10.0.0.254";
+            "vaultserver.horus.nu" = "192.168.4.32";
+            "vidz.datarift.nl" = "10.0.0.211";
+          };
+        };
+
+        prometheus = {
+          enable = true;
+        };
+
+        queryLog = {
+          type = "csv";
+          target = "/var/lib/blocky/querylog";
+          logRetentionDays = 7;
+        };
+      };
+    };
+  };
+}

machines/valkyrie/configuration.nix

@@ -7,7 +7,8 @@
     ../../users/root
     ../../users/erwin
 
-    ./adguard
+    ./kea
+    ./blocky
     ./unbound
   ];
 
@@ -16,9 +17,9 @@
       enable = true;
       server = true;
     };
-    adguard = {
+    # adguard = {
-      upstreams = [ "127.0.0.1:5335" ];
+    #   upstreams = [ "127.0.0.1:5335" ];
-    };
+    # };
     nix-common = {
       enable = true;
       remote-builders = true;

machines/valkyrie/kea/default.nix

@@ -0,0 +1,174 @@
+{ config, ... }:
+{
+  services = {
+    kea = {
+      dhcp4 = {
+        enable = true;
+        settings = {
+          # rebind-timer = config.services.kea.dhcp4.settings.valid-lifetime * 0.875;
+          # renew-timer = config.services.kea.dhcp4.settings.valid-lifetime * 0.5;
+          calculate-tee-times = true; # This makes kea do the same calculation as above
+          valid-lifetime = 3600;
+
+          control-socket = {
+            socket-type = "unix";
+            socket-name = "/run/kea/kea-dhcp4.socket";
+          };
+
+          option-def = [
+            {
+              space = "ubnt";
+              name = "unifi-address";
+              code = 1;
+              type = "ipv4-address";
+            }
+          ];
+
+          client-classes = [
+            {
+              name = "ubnt";
+              test = "substring(option[60].hex,0,4) == 'ubnt'";
+              option-data = [
+                {
+                  space = "ubnt";
+                  name = "vendor-class-identifier";
+                  code = 60;
+                  data = "ubnt";
+                }
+                {
+                  name = "vendor-encapsulated-options";
+                  code = 43;
+                }
+              ];
+              option-def = [
+                {
+                  name = "vendor-encapsulated-options";
+                  code = 43;
+                  type = "empty";
+                  encapsulate = "ubnt";
+                }
+              ];
+            }
+          ];
+
+          interfaces-config = {
+            interfaces = [ "eth0" ];
+          };
+
+          lease-database = {
+            name = "/var/lib/kea/dhcp4.leases";
+            persist = true;
+            type = "memfile";
+          };
+
+          subnet4 = [
+            {
+              pools = [ { pool = "10.0.0.150 - 10.0.0.200"; } ];
+              subnet = "10.0.0.0/24";
+              option-data = [
+                {
+                  name = "domain-name-servers";
+                  data = "10.0.0.206";
+                }
+                {
+                  space = "ubnt";
+                  name = "unifi-address";
+                  code = 1;
+                  data = "10.0.0.207";
+                }
+              ];
+
+              reservations = [
+                {
+                  hostname = "loki";
+                  hw-address = "04:d9:f5:f9:c2:c5";
+                  ip-address = "10.0.0.4";
+                }
+                {
+                  hostname = "usw-mini-woonkamer";
+                  hw-address = "d0:21:f9:e7:fd:c8";
+                  ip-address = "10.0.0.20";
+                }
+                {
+                  hostname = "reolink-deurbel";
+                  hw-address = "ec:71:db:5a:e3:21";
+                  ip-address = "10.0.0.31";
+                }
+                {
+                  hostname = "shelly-schuur";
+                  hw-address = "dc:4f:22:76:4e:3e";
+                  ip-address = "10.0.0.40";
+                }
+                {
+                  hostname = "shelly-oven";
+                  hw-address = "c4:5b:be:49:fb:e7";
+                  ip-address = "10.0.0.41";
+                }
+                {
+                  hostname = "shelly-voordeur";
+                  hw-address = "dc:4f:22:76:9d:ee";
+                  ip-address = "10.0.0.42";
+                }
+                {
+                  hostname = "iphone-erwin";
+                  hw-address = "60:57:c8:0b:6b:ac";
+                  ip-address = "10.0.0.70";
+                }
+                {
+                  hostname = "ipad-erwin";
+                  hw-address = "14:99:e2:cb:38:78";
+                  ip-address = "10.0.0.71";
+                }
+                {
+                  hostname = "appletv-woonkamer";
+                  hw-address = "f0:b3:ec:52:23:51";
+                  ip-address = "10.0.0.80";
+                }
+                {
+                  hostname = "sonos-woonkamer";
+                  hw-address = "34:7e:5c:dc:f4:34";
+                  ip-address = "10.0.0.81";
+                }
+                {
+                  hostname = "smile033188";
+                  hw-address = "c4:93:00:03:31:89";
+                  ip-address = "10.0.0.82";
+                }
+                {
+                  hostname = "sonos-hobbykamer";
+                  hw-address = "00:0e:58:5f:a9:06";
+                  ip-address = "10.0.0.83";
+                }
+                {
+                  hostname = "3dprinter-wlan";
+                  hw-address = "b8:27:eb:51:ec:4e";
+                  ip-address = "10.0.0.120";
+                }
+                {
+                  hostname = "3dprinter";
+                  hw-address = "b8:27:eb:04:b9:1b";
+                  ip-address = "10.0.0.121";
+                }
+                {
+                  hostname = "thor";
+                  hw-address = "d8:3a:dd:17:9b:d0";
+                  ip-address = "10.0.0.122";
+                }
+                {
+                  hostname = "thor-wlan";
+                  hw-address = "d8:3a:dd:17:9b:d1";
+                  ip-address = "10.0.0.123";
+                }
+              ];
+            }
+          ];
+        };
+      };
+    };
+
+    prometheus.exporters.kea = {
+      enable = true;
+      controlSocketPaths = [ config.services.kea.dhcp4.settings.control-socket.socket-name ];
+    };
+  };
+}