enable ipv6 networking on DMZ

nixos/default.nix

@@ -113,6 +113,7 @@
     tcpdump
     lsof
     parted
+    radvd
   ];
 
   hardware.cpu.intel.updateMicrocode =

nixos/modules/networking/default.nix

@@ -124,9 +124,9 @@ in {
           linkConfig.RequiredForOnline = "carrier";
 
           networkConfig = {
-            IPv6AcceptRA = false;
+            IPv6AcceptRA = cfg.allowDMZConnectivity;
-            LinkLocalAddressing = "no";
+            LinkLocalAddressing = if cfg.allowDMZConnectivity then "ipv6" else "no";
-            DHCP = lib.mkIf cfg.allowDMZConnectivity "yes";
+            DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIpv4Address != "") "yes";
             Address = lib.mkIf (cfg.staticDMZIpv4Address != "") cfg.staticDMZIpv4Address;
           };
         };

nixos/modules/networking/dmz/default.nix

@@ -21,6 +21,8 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    lab.networking.allowDMZConnectivity = true;
+
     networking.firewall.interfaces.${config.lab.networking.dmzBridgeName} = {
       allowedTCPPorts = [ 53 5353 ];
       allowedUDPPorts = [ 53 67 5353 ];
@@ -30,8 +32,6 @@ in
       bind = {
         enable = true;
         forwarders = [ ];
-        # TODO: disable ipv6 for now, as the hosts themselves lack routes it seems.
-        ipv4Only = true;
 
         extraOptions = ''
           allow-transfer { none; }; 

nixos/modules/networking/dmz/dnsmasq.nix

@@ -24,6 +24,7 @@ in
 
   dhcp-range = [
     "192.168.30.50,192.168.30.127,15m"
+    "2a0d:6e00:1a77:30::,ra-stateless,ra-names"
   ];
 
   dhcp-host = [
@@ -34,9 +35,11 @@ in
   dhcp-option = [
     "3,${dmzRouterIPv4}"
     "option:dns-server,${dmzRouterIPv4}"
+    "option6:dns-server,[2a02:58:19a:30::1]"
   ];
 
   address = [
     "/ns.pizzapim.nl/ns.geokunis2.nl/${dmzDHCPIPv4}"
+    # "/ns.pizzapim.nl/ns.geokunis2.nl/TODOIPV6"
   ];
 }