feat: kea unbound sync remove old leases

2025-05-01 21:28:58 +02:00
parent 6f9b384caa
commit 8cf4762a65
1 changed files with 25 additions and 13 deletions
--- a/hosts/fw/modules/unbound.nix
+++ b/hosts/fw/modules/unbound.nix
@@ -261,6 +261,10 @@ in {
    enable = true;
    path = with pkgs; [ unbound inotify-tools ];
    script = ''
+      #!/usr/bin/env bash
+      set -euo pipefail
+
+      # readFile and readFileUnique as before…
      function readFile() {
        if [[ "''\$2" == "A" ]] ; then
          cat "''\$1" | tail -n +2 | while IFS=, read -r address hwaddr client_id valid_lifetime expire subnet_id fqdn_fwd fqdn_rev hostname state user_context
@@ -315,17 +319,25 @@ in {
        done
      }

-      function syncFile() {
-        # readFileUnique "''\$1" "''\$2"
-        while true; do
-          readFileUnique "''\$1" "''\$2"
-          sleep 10
-        done 
+      function syncLeases() {
+        # 1) nuke all of our old lease records from unbound
+        unbound-control list_local_data \
+          | grep -E 'cloonar\.(com|multimedia|smart)|ip4\.arpa|in-addr\.arpa' \
+          | while read -r name type data; do
+              unbound-control local_data_remove "$name" "$type" "$data" \
+                > /dev/null 2>&1
+            done
+
+        # 2) re-push every current lease
+        readFileUnique "/var/lib/kea/dhcp4.leases" A
+        # if you need IPv6:
+        # readFileUnique "/var/lib/kea/dhcp6.leases" AAAA
      }

-      syncFile "/var/lib/kea/dhcp4.leases" A &
-      # syncFile "/var/lib/kea/dhcp6.leases" AAAA &
-      wait
+      while true; do
+        syncLeases
+        sleep 10
+      done
    '';
    wants = [ "network-online.target" "unbound.service" ];
    after = [ "network-online.target" "unbound.service" ];