{ config, pkgs, ... }:

let
  net = import ../data/network.nix;
in
{
  services.kea.dhcp4 = {
    enable = true;
    settings = {
      interfaces-config = {
        interfaces = [ "eth0" ];
      };
      lease-database = {
        name = "/var/lib/kea/dhcp4.leases";
        type = "memfile";
      };
      subnet4 = [{
        id = 1;
        subnet = net.network.subnet;
        pools = [{
          pool = "${net.dhcp.pool_start} - ${net.dhcp.pool_end}";
        }];
        option-data = [
          {
            name = "routers";
            data = net.ips.router;
          }
          {
            name = "domain-name-servers";
            data = builtins.concatStringsSep ", " ([net.ips.pi] ++ net.fallback_dns_servers);
          }
          {
            name = "domain-name";
            data = net.local_domain;
          }
          {
            name = "domain-search";
            data = net.local_domain;
          }
        ];

        reservations = net.dhcp.reservations;
      }];

      valid-lifetime = net.dhcp.default_lease;
      renew-timer = net.dhcp.default_lease / 2;
      rebind-timer = net.dhcp.default_lease * 3 / 4;
    };  
  };

  # Firewall rules for DHCP
  networking.firewall = {
    allowedUDPPorts = [ 67 68 ];  # DHCP ports
    checkReversePath = false;      # Sometimes needed for DHCP
  };
}