infra/roles/name-resolution/templates/dhcpd/dhcpd.conf.j2

# {{ ansible_managed }}
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#

authoritative;

default-lease-time 43200; # 12 hours
max-lease-time 86400;     # 24 hours

option rfc3442-classless-static-routes code 121 = array of integer 8;
option ms-classless-static-routes code 249 = array of integer 8;
option rfc3442-classless-static-routes 24, 192, 168, 1, 10, 0, 0, 8, 0, 10, 0, 0, 1;
option ms-classless-static-routes 24, 192, 168, 1, 10, 0, 0, 8, 0, 10, 0, 0, 1;

subnet {{ dhcp_cidr }} netmask {{ dhcp_netmask }} {

  option routers {{ dhcp_default_gateway }};

  option domain-name-servers {{ dhcp_secure_gateway }}, {{ dns_primary }}, {{ dns_secondary }};
  option domain-name "home.arpa";

  ## WINS info for Windows capability
  #option netbios-name-servers 10.0.0.4;
  #option netbios-node-type 8; 

  # Dynamic IPs
  range {{ dhcp_range_start }} {{ dhcp_range_end }};

  class "secured" {
    option routers {{ dhcp_secure_gateway }};

    # 192.168.1.0/24 thru 10.0.0.8, 10.0.0.2 as default route
    #option rfc3442-classless-static-routes 24, 192, 168, 1, 10, 0, 0, 8, 0, 10, 0, 0, 2;
    option rfc3442-classless-static-routes 24, 192, 168, 1, 10, 0, 0, 8, 0, 10, 0, 0, 2;
    option ms-classless-static-routes 24, 192, 168, 1, 10, 0, 0, 8, 0, 10, 0, 0, 2;

    match hardware;
  }

  class "cloudflare" {
    option domain-name-servers 1.1.1.3, 1.0.0.3; # cloudflare block malware + porn
    
    match hardware;
  }

  class "devnull" {
    option domain-name-servers 127.0.0.1;

    match hardware;
  }

  # nothing in here (yet)
  class "default" {
    match hardware;
  }

{% for node in reservations %}
  subclass "{{ node.type }}" 1:{{ node.mac }}; # {{ node.name }}
{% endfor %}

{% for node in reservations %}
  host {{ node.name }}
  {
    hardware ethernet {{ node.mac }};
    fixed-address {{ node.ip }};
  }

{% endfor %}
}