From 8cf4762a6560cffb5e169f7e94d5fe103e163d83 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Thu, 1 May 2025 21:28:58 +0200 Subject: [PATCH] feat: kea unbound sync remove old leases --- hosts/fw/modules/unbound.nix | 38 ++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/hosts/fw/modules/unbound.nix b/hosts/fw/modules/unbound.nix index d4f9012..c5f21c5 100644 --- a/hosts/fw/modules/unbound.nix +++ b/hosts/fw/modules/unbound.nix @@ -261,6 +261,10 @@ in { enable = true; path = with pkgs; [ unbound inotify-tools ]; script = '' + #!/usr/bin/env bash + set -euo pipefail + + # readFile and readFileUnique as beforeā€¦ function readFile() { if [[ "''\$2" == "A" ]] ; then cat "''\$1" | tail -n +2 | while IFS=, read -r address hwaddr client_id valid_lifetime expire subnet_id fqdn_fwd fqdn_rev hostname state user_context @@ -273,8 +277,8 @@ in { echo "''\${address},''\${hostname}" done fi - } - + } + function readFileUnique() { readFile "''\$1" ''\$2 | uniq | while IFS=, read -r address hostname do @@ -313,19 +317,27 @@ in { fi fi done - } - - function syncFile() { - # readFileUnique "''\$1" "''\$2" - while true; do - readFileUnique "''\$1" "''\$2" - sleep 10 - done } - syncFile "/var/lib/kea/dhcp4.leases" A & - # syncFile "/var/lib/kea/dhcp6.leases" AAAA & - wait + function syncLeases() { + # 1) nuke all of our old lease records from unbound + unbound-control list_local_data \ + | grep -E 'cloonar\.(com|multimedia|smart)|ip4\.arpa|in-addr\.arpa' \ + | while read -r name type data; do + unbound-control local_data_remove "$name" "$type" "$data" \ + > /dev/null 2>&1 + done + + # 2) re-push every current lease + readFileUnique "/var/lib/kea/dhcp4.leases" A + # if you need IPv6: + # readFileUnique "/var/lib/kea/dhcp6.leases" AAAA + } + + while true; do + syncLeases + sleep 10 + done ''; wants = [ "network-online.target" "unbound.service" ]; after = [ "network-online.target" "unbound.service" ];