{ config, pkgs, ... }:

let
  net = import ../config/network.nix;
  dhcpModel = import ../intermediate/dhcp.nix;

  routerIp =
    if net ? devices && builtins.isAttrs net.devices && net.devices ? router && net.devices.router ? ip && builtins.isString net.devices.router.ip then
      net.devices.router.ip
    else
      throw "config/network.nix must define devices.router.ip as string.";

  dnsServerIp =
    if net ? devices && builtins.isAttrs net.devices && net.devices ? self && net.devices.self ? ip && builtins.isString net.devices.self.ip then
      net.devices.self.ip
    else
      throw "config/network.nix must define devices.self.ip as string.";
in
{
  services.kea.dhcp4 = {
    enable = true;
    settings = {
      interfaces-config = {
        interfaces = [ "eth0" ];
      };
      lease-database = {
        name = "/var/lib/kea/dhcp4.leases";
        type = "memfile";
      };
      subnet4 = [{
        id = 1;
        subnet = net.network.subnet;
        pools = [{
          pool = "${net.dhcp.pool_start} - ${net.dhcp.pool_end}";
        }];
        option-data = [
          {
            name = "routers";
            data = routerIp;
          }
          {
            name = "domain-name-servers";
            data = builtins.concatStringsSep ", " ([dnsServerIp] ++ net.fallback_dns_servers);
          }
          {
            name = "domain-name";
            data = net.local_domain;
          }
          {
            name = "domain-search";
            data = net.local_domain;
          }
        ];

        reservations = dhcpModel.reservations;
      }];

      valid-lifetime = net.dhcp.default_lease;
      renew-timer = net.dhcp.default_lease / 2;
      rebind-timer = net.dhcp.default_lease * 3 / 4;
    };  
  };

  networking.firewall = {
    allowedUDPPorts = [ 67 68 ];
    checkReversePath = false;
  };
}