#Dynamic DNS security settings
key "key-internal" {
        algorithm HMAC-MD5;
        secret "{{ salt['pillar.get']("model:dns:tsig:keys:internal") }}";
};

{% for zone in (salt['pillar.get']("model:dhcp:dns:additionalDomains", []) + [salt['pillar.get']("model:dhcp:dns:dynIpsDomain"), salt['pillar.get']("model:dhcp:dns:siteDomain")]) %}
zone {{ zone }} {
    primary {{ salt['pillar.get']("model:dhcp:dns:master") }};
    key "key-internal";
}
{% endfor %}


# Custom routes classes
option classless-routes code 121 = array of unsigned integer 8;
option classless-routes-win code 249 = array of unsigned integer 8;

# UniFi classes
option space ubnt;
option ubnt.unifi-address code 1 = ip-address;

class "ubnt" {
  match if substring (option vendor-class-identifier, 0, 4) = "ubnt";
  option vendor-class-identifier "ubnt";
  vendor-option-space ubnt;
}

# Leases settings
default-lease-time 600;
max-lease-time 7200;

# Dynamic DNS update
ddns-updates on;
ddns-update-style interim;
update-static-leases on;
#allow client-updates;

# Misc settings
use-host-decl-names on;
authoritative;
log-facility local7;

subnet {{ salt['pillar.get']("model:dhcp:subnet") }} netmask {{ salt['pillar.get']("model:dhcp:netmask") }} {

  # Dynamic DNS update
  ddns-domainname "{{ salt['pillar.get']("model:dhcp:dns:dynIpsDomain") }}";
  update-conflict-detection false;

  # IP settings
  range {{ salt['pillar.get']("model:dhcp:ipFirst") }} {{ salt['pillar.get']("model:dhcp:ipLast") }};
  option subnet-mask {{ salt['pillar.get']("model:dhcp:netmask") }};
  option broadcast-address {{ salt['pillar.get']("model:dhcp:broadcast") }};
  option routers {{ salt['pillar.get']("model:dhcp:routers:ips") | join(", ") }};

  # UniFi settings
  option ubnt.unifi-address {{ salt['pillar.get']("model:dhcp:unifiController:ip") }};

  # DNS settings
  option domain-name "{{ salt['pillar.get']("model:dhcp:dns:siteDomain") }}";
  option domain-search "{{ salt['pillar.get']("model:dhcp:dns:siteDomain") }}", "{{ salt['pillar.get']("model:dhcp:dns:domain") }}", "{{ salt['pillar.get']("model:dhcp:dns:dynIpsDomain") }}";
  option domain-name-servers {{ salt['pillar.get']("model:dhcp:dns:servers") | join(", ") }};

  # Push custom routes to clients
  #option classless-routes 24, 10,15,42, 10.15.12,2;
  #option classless-routes-win 24, 10,15,42, 10.15.12,2;

  # Netboot settings
  next-server {{ salt['pillar.get']("model:dhcp:tftp:server") }};
  #option root-path "10.15.100.1:/pxeroot/ubuntu";
  if exists user-class and ( option user-class = "iPXE-rthoni" ) {
    option domain-search "{{ salt['pillar.get']("model:dhcp:dns:siteDomain") }}";
    filename "http://netboot/boot.ipxe";
  }
  else {
    filename "ipxe-rthoni.kpxe";
  }

  # Static IP hosts
  group {
    include "/etc/dhcp/config/static_ips.conf";
    ddns-domainname "{{ salt['pillar.get']("model:dhcp:dns:siteDomain") }}";
    option host-name = host-decl-name;
    ddns-hostname = config-option host-name;
  }

  # Force a default hostname if not present
  if option dhcp-message-type = 3 and not exists host-name and config-option host-name = null {
    option host-name = concat("dyn-", binary-to-ascii(10, 8, "-", leased-address));
    ddns-hostname = config-option host-name;
  }
}