From 4e947d4b1e3aac913abe161b19aaffb83912a8ea Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Sun, 30 Jun 2024 12:21:21 +0100 Subject: [PATCH] nixos/unifi: Set up UniFi controller --- .../home/palace/vms/sfh/containers/unifi.nix | 14 ++++++++++++-- nixos/boxes/home/routing-common/dns.nix | 2 +- nixos/modules/tmproot.nix | 16 ++++++++++++++++ 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix b/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix index 27f7db5..1f1492d 100644 --- a/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix +++ b/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix @@ -26,7 +26,7 @@ in }; }; - configuration = { lib, config, assignments, ... }: + configuration = { lib, config, pkgs, assignments, ... }: let inherit (lib) mkMerge mkIf mkForce; inherit (lib.my) networkdAssignment; @@ -41,13 +41,23 @@ in key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdgcziQki/RH7E+NH2bYnzSVKaJ27905Yo5TcOjSh/U"; files = { }; }; + + firewall = { + tcp.allowed = [ 8443 ]; + }; }; systemd = { network.networks."80-container-host0" = networkdAssignment "host0" assignments.hi; }; - services = { }; + services = { + unifi = { + enable = true; + openFirewall = true; + unifiPackage = pkgs.unifi8; + }; + }; }; }; }; diff --git a/nixos/boxes/home/routing-common/dns.nix b/nixos/boxes/home/routing-common/dns.nix index a334fd0..84b1a3e 100644 --- a/nixos/boxes/home/routing-common/dns.nix +++ b/nixos/boxes/home/routing-common/dns.nix @@ -199,7 +199,7 @@ in shytzel IN A ${net.cidr.host 12 prefixes.core.v4} wave IN A ${net.cidr.host 12 prefixes.hi.v4} - wave IN AAAA ${net.cidr.host (65536+3) prefixes.hi.v6} + ; wave IN AAAA ${net.cidr.host (65536+3) prefixes.hi.v6} vibe IN A ${net.cidr.host 13 prefixes.hi.v4} vibe IN AAAA ${net.cidr.host (65536+4) prefixes.hi.v6} diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index 707b632..e8a5c8a 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -523,6 +523,22 @@ in group = "mautrix-meta"; }) (filterAttrs (_: i: i.enable) config.services.mautrix-meta.instances); } + (mkIf config.services.unifi.enable { + my.tmproot.persistence.config.directories = [ + { + directory = "/var/lib/unifi"; + mode = "0750"; + user = "unifi"; + group = "unifi"; + } + { + directory = "/var/cache/unifi"; + mode = "0750"; + user = "unifi"; + group = "unifi"; + } + ]; + }) ])) ]);