nixos/hosts/fw/modules/dnsmasq.nix

{ config, ... }: {
  services.resolved.enable = false;

  services.dnsmasq = {
    enable = true;
    settings = {
      port = "53";
      bind-interfaces  = true;      # force dnsmasq to bind immediately
      expand-hosts = true;

      log-dhcp = true;

      server = [
        "/epicenter.works/10.50.60.1"
        "/akvorrat.at/10.50.60.1"
        "9.9.9.9"
        "149.112.112.11"
      ];

      interface = [
        "lan"
        "server"
        "infrastructure"
        "multimedia"
        "guest"
        "smart"
      ];

      domain = [
        "cloonar.com,lan"
        "cloonar.com,server"
        "cloonar.com,infrastructure"
        "cloonar.multimedia,multimedia"
        "cloonar.smart,smart"
        "cloonar.guest,guest"
      ];

      dhcp-option = [
        "lan,15,cloonar.com" # domain name
        "lan,3,${config.networkPrefix}.96.1" # Gateway
        "lan,6,${config.networkPrefix}.96.1" # DNS
        "server,15,cloonar.com"
        "server,3,${config.networkPrefix}.97.1"
        "server,6,${config.networkPrefix}.97.1"
        "infrastructure,15,cloonar.com"
        "infrastructure,3,${config.networkPrefix}.101.1"
        "infrastructure,6,${config.networkPrefix}.101.1"
        "multimedia,15,cloonar.multimedia"
        "multimedia,3,${config.networkPrefix}.99.1"
        "multimedia,6,${config.networkPrefix}.99.1"
        "smart,15,cloonar.smart"
        "smart,3,${config.networkPrefix}.100.1"
        "smart,6,${config.networkPrefix}.100.1"
        "guest,15,cloonar.guest"
        "guest,3,${config.networkPrefix}.254.1"
        "guest,6,9.9.9.9"
      ];

      dhcp-range = [
        "lan,${config.networkPrefix}.96.100,${config.networkPrefix}.96.200,24h"
        "server,${config.networkPrefix}.97.100,${config.networkPrefix}.97.200,24h"
        "infrastructure,${config.networkPrefix}.101.100,${config.networkPrefix}.101.200,24h"
        "multimedia,${config.networkPrefix}.99.100,${config.networkPrefix}.99.200,24h"
        "smart,${config.networkPrefix}.100.100,${config.networkPrefix}.100.200,24h"
        "guest,${config.networkPrefix}.254.100,${config.networkPrefix}.254.200,24h"
      ];

      dhcp-host = [
        "30:05:5c:56:62:37,${config.networkPrefix}.96.100,brn30055c566237"
        "24:df:a7:b1:1b:74,${config.networkPrefix}.96.101,rmproplus-b1-1b-74"
        
        "1a:c4:04:6e:29:bd,${config.networkPrefix}.97.2,omada"
        "02:00:00:00:00:03,${config.networkPrefix}.97.5,web-02"
        "02:00:00:00:00:04,${config.networkPrefix}.97.6,matrix"
        "ea:db:d4:c1:18:ba,${config.networkPrefix}.97.50,git"
        "c2:4f:64:dd:13:0c,${config.networkPrefix}.97.20,home-assistant"
        "1a:c4:04:6e:29:02,${config.networkPrefix}.101.25,deconz"

        "c4:a7:2b:c7:ea:30,${config.networkPrefix}.99.10,metz"
        "f0:2f:9e:d4:3b:21,${config.networkPrefix}.99.11,firetv-living"
        "e4:2a:ac:32:3f:79,${config.networkPrefix}.99.13,xbox"
        "f0:2f:9e:c1:74:72,${config.networkPrefix}.99.21,firetv-bedroom"
        "30:05:5c:56:62:37,${config.networkPrefix}.99.100,brn30055c566237"

        "fc:ee:28:03:63:e9,${config.networkPrefix}.100.148,k1c"
        "cc:50:e3:bc:27:64,${config.networkPrefix}.100.112,Nuki_Bridge_1A753F72"
        "34:6f:24:f3:af:ad,${config.networkPrefix}.100.137,daikin86604"
        "34:6f:24:c1:f8:54,${config.networkPrefix}.100.139,daikin53800"
      ];

      address = [
        "/fw.cloonar.com/${config.networkPrefix}.97.1"
        "/omada.cloonar.com/${config.networkPrefix}.97.2"
        "/pc.cloonar.com/${config.networkPrefix}.96.5"
        "/home-assistant.cloonar.com/${config.networkPrefix}.97.20"
        "/mopidy.cloonar.com/${config.networkPrefix}.97.21"
        "/snapcast.cloonar.com/${config.networkPrefix}.97.21"
        "/lms.cloonar.com/${config.networkPrefix}.97.21"
        "/git.cloonar.com/${config.networkPrefix}.97.50"
        "/feeds.cloonar.com/188.34.191.144"
        "/nukibridge1a753f72.cloonar.smart/${config.networkPrefix}.100.112"
        "/allywatch.cloonar.com/${config.networkPrefix}.97.5"

        "/stage.wsw.at/10.254.235.22"
        "/prod.wsw.at/10.254.217.23"
        "/piwik.wohnservice-wien.at/10.254.240.109"
        "/wohnberatung-wien.at/10.254.240.109"
        "/wohnpartner-wien.at/10.254.240.109"
        "/wohnservice-wien.at/10.254.240.109"
        "/mieterhilfe.at/10.254.240.109"
        "/wienbautvor.at/10.254.240.109"
        "/wienwohntbesser.at/10.254.240.109"
        "/a.stage.wohnberatung-wien.at/10.254.240.110"
        "/a.stage.wohnpartner-wien.at/10.254.240.110"
        "/a.stage.wohnservice-wien.at/10.254.240.110"
        "/a.stage.mieterhilfe.at/10.254.240.110"
        "/a.stage.wienbautvor.at/10.254.240.110"
        "/a.stage.wienwohntbesser.at/10.254.240.110"
        "/b.stage.wohnberatung-wien.at/10.254.240.110"
        "/b.stage.wohnpartner-wien.at/10.254.240.110"
        "/b.stage.wohnservice-wien.at/10.254.240.110"
        "/b.stage.mieterhilfe.at/10.254.240.110"
        "/b.stage.wienbautvor.at/10.254.240.110"
        "/b.stage.wienwohntbesser.at/10.254.240.110"

        "/web.hilgenberg-gmbh.de/91.107.197.169"
        # gaming
        "/foundry-vtt.cloonar.com/${config.networkPrefix}.97.5"

        "/deconz.cloonar.multimedia/${config.networkPrefix}.97.22"

        "/ddl-warez.to/172.67.184.30"
        "/cdnjs.cloudflare.com/104.17.24.14"

        # esphome devices
        "/livingroom-bulb-1.cloonar.smart/${config.networkPrefix}.100.11"
        "/livingroom-bulb-2.cloonar.smart/${config.networkPrefix}.100.12"
        "/livingroom-bulb-3.cloonar.smart/${config.networkPrefix}.100.13"
        "/livingroom-bulb-4.cloonar.smart/${config.networkPrefix}.100.14"
        "/livingroom-bulb-5.cloonar.smart/${config.networkPrefix}.100.15"
        "/livingroom-bulb-6.cloonar.smart/${config.networkPrefix}.100.16"

        "/bedroom-bulb-0.cloonar.smart/${config.networkPrefix}.100.21"
        "/bedroom-bulb-0.cloonar.smart/${config.networkPrefix}.100.22"
        "/bedroom-bulb-0.cloonar.smart/${config.networkPrefix}.100.23"
        "/bedroom-bulb-0.cloonar.smart/${config.networkPrefix}.100.24"

        "/hallway-bulb-0.cloonar.smart/${config.networkPrefix}.100.31"
        "/hallway-bulb-0.cloonar.smart/${config.networkPrefix}.100.32"

        "/bath-bulb-0.cloonar.smart/${config.networkPrefix}.100.41"
        "/bath-bulb-0.cloonar.smart/${config.networkPrefix}.100.42"

        "/paraclub.at/188.34.191.144"
      ];
    };
  };

  systemd.services.dnsmasq = {
    requires = [ "network-online.target" ];
    after    = [ "network-online.target" ];
  };

  networking.firewall.allowedUDPPorts = [ 53 67 ];
}