# /etc/dhcp/dhcpd.conf
# Globale Einstellungen
default-lease-time 600;
max-lease-time 7200;
authoritative;

# ----------- Subnetze -------------

# Subnetz 192.168.1.0/24 -> Registrierte Geräte (LAN/WAN)
subnet 192.168.1.0 netmask 255.255.255.0 {
    option routers 192.168.1.1;
    option subnet-mask 255.255.255.0;    
    option domain-name-servers 86.54.11.13, 86.54.11.213;
    pool {
        range 192.168.1.100 192.168.1.200;
        deny unknown-clients;
    }
}

# Subnetz 192.168.2.0/24 -> Kindergeräte
subnet 192.168.2.0 netmask 255.255.255.0 {
    option routers 192.168.2.1;
    option subnet-mask 255.255.255.0;    
    option domain-name-servers 86.54.11.11, 86.54.11.211;
    pool {
        range 192.168.2.100 192.168.2.200;
        deny unknown-clients;
    }
}

# Subnetz 192.168.3.0/24 -> The Onion Routing
subnet 192.168.3.0 netmask 255.255.255.0 {
    option routers 192.168.3.1;
    option subnet-mask 255.255.255.0;    
    option domain-name-servers 192.168.3.1;
    pool {
        range 192.168.3.100 192.168.3.200;
        deny unknown-clients;
    }
}

# Subnetz 192.168.4.0/24 -> IoT Geräte (nur LAN)
subnet 192.168.4.0 netmask 255.255.255.0 {
    option routers 192.168.4.1;
    option subnet-mask 255.255.255.0;    
    option domain-name-servers 192.168.4.1;
    pool {
        range 192.168.4.100 192.168.4.200;
        deny unknown-clients;
    }
}

# Subnetz 192.168.5.0/24 -> Gäste (default)
subnet 192.168.5.0 netmask 255.255.255.0 {
    option routers 192.168.5.1;
    option subnet-mask 255.255.255.0;    
    option domain-name-servers 86.54.11.1, 86.54.11.201;
    pool {
        range 192.168.5.100 192.168.5.200;
        allow unknown-clients;
    }
}

# Subnetz 192.168.6.0/24 -> WAN Subnet (keine Leases)
subnet 192.168.6.0 netmask 255.255.255.0 {
    option routers 192.168.6.1;
    option subnet-mask 255.255.255.0;   
}

# ----------- Host-spezifische Zuweisungen -------------

# Registrierte Geräte LAN/WAN
host device_A {
    hardware ethernet FF:FF:FF:FF:FF:0A;
    option routers 192.168.1.1;
    option domain-name-servers 86.54.11.13, 86.54.11.213;
}

host device_B {
    hardware ethernet FF:FF:FF:FF:FF:0B;
    option routers 192.168.1.1;
    option domain-name-servers 86.54.11.13, 86.54.11.213;
}

# Kindergeräte
host device_C {
    hardware ethernet FF:FF:FF:FF:FF:0C;
    option routers 192.168.2.1;
    option domain-name-servers 86.54.11.11, 86.54.11.211;
}

host device_D {
    hardware ethernet FF:FF:FF:FF:FF:0D;
    option routers 192.168.2.1;
    option domain-name-servers 86.54.11.11, 86.54.11.211;
}

# Proxy Zone
host device_E {
    hardware ethernet FF:FF:FF:FF:FF:0E;
    fixed-address 192.168.3.10;
    option routers 192.168.3.1;
    option domain-name-servers 192.168.3.1;
}

# Gerät mit statischer IP
host device_F {
    hardware ethernet FF:FF:FF:FF:FF:0F;
    fixed-address 192.168.4.10;
    option routers 192.168.4.1;
    option domain-name-servers 192.168.4.1;
}

# ----------- Dynamic Hooks -------------

on commit {
    execute ("/usr/local/bin/dhcp-nft.sh", "add", binary-to-ascii(10, 8, ".", leased-address));
}
on release {
    execute ("/usr/local/bin/dhcp-nft.sh", "del", binary-to-ascii(10, 8, ".", leased-address));
}
on expiry {
    execute ("/usr/local/bin/dhcp-nft.sh", "del", binary-to-ascii(10, 8, ".", leased-address));
}