configure sketchy-router (dhcp + non-working NAT)

switch_remote.sh

@@ -9,6 +9,6 @@ exec nixos-rebuild $ACTION \
   --use-substitutes \
   --no-build-nix \
   --use-remote-sudo \
-  --build-host "$HOST" \
-  --target-host "$HOST" \
+  --build-host "noc@10.20.25.2" \
+  --target-host "noc@10.20.25.2" \
   --flake ".#$HOST" \

systems/sketchy-router.noc.eh22.intern.nix

@@ -22,11 +22,60 @@
       };
       "10-ethMgmt" = {
         matchConfig.MACAddress = "BC:24:11:A3:38:4E";
-        address = [ "10.20.24.1/24" ];
+        address = [ "10.20.25.2/24" ];
       };
     };
   };
 
+  networking.nat = {
+    enable = true;
+    externalInterface = "ens19";
+    internalIPs = [ "10.20.25.0/24" ];
+  };
+
+  services.kea.dhcp4 = {
+    enable = true;
+    settings = {
+      interfaces-config = {
+        interfaces = [
+          "ens19"
+        ];
+      };
+      lease-database = {
+        name = "/var/lib/kea/dhcp4.leases";
+        persist = true;
+        type = "memfile";
+      };
+      rebind-timer = 2000;
+      renew-timer = 1000;
+      valid-lifetime = 4000;
+      authoritative = true;
+      option-data = [
+        {
+          name = "domain-name-servers";
+          data = "9.9.9.9";
+        }
+        {
+          name = "routers";
+          data = "10.20.25.2";
+        }
+      ];
+      shared-networks = [
+        {
+          name = "mgmtNet";
+          interface = "ens19";
+          subnet4 = [
+            {
+              id = 300;
+              subnet = "10.20.25.0/24";
+              pools = [ { pool = "10.20.25.100 - 10.20.25.254"; } ];
+            }
+          ];
+        }
+      ];
+    };
+  };
+
   # DO NOT CHANGE
   # this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
   home-manager.users.noc.home.stateVersion = "24.11";