nixos/unifi: Set up UniFi controller

nixos/boxes/home/palace/vms/sfh/containers/unifi.nix

@@ -26,7 +26,7 @@ in
       };
     };
 
-    configuration = { lib, config, assignments, ... }:
+    configuration = { lib, config, pkgs, assignments, ... }:
     let
       inherit (lib) mkMerge mkIf mkForce;
       inherit (lib.my) networkdAssignment;
@@ -41,13 +41,23 @@ in
             key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdgcziQki/RH7E+NH2bYnzSVKaJ27905Yo5TcOjSh/U";
             files = { };
           };
+
+          firewall = {
+            tcp.allowed = [ 8443 ];
+          };
         };
 
         systemd = {
           network.networks."80-container-host0" = networkdAssignment "host0" assignments.hi;
         };
 
-        services = { };
+        services = {
+          unifi = {
+            enable = true;
+            openFirewall = true;
+            unifiPackage = pkgs.unifi8;
+          };
+        };
       };
     };
   };

nixos/boxes/home/routing-common/dns.nix

@@ -199,7 +199,7 @@ in
             shytzel IN A ${net.cidr.host 12 prefixes.core.v4}
 
             wave IN A ${net.cidr.host 12 prefixes.hi.v4}
-            wave IN AAAA ${net.cidr.host (65536+3) prefixes.hi.v6}
+            ; wave IN AAAA ${net.cidr.host (65536+3) prefixes.hi.v6}
             vibe IN A ${net.cidr.host 13 prefixes.hi.v4}
             vibe IN AAAA ${net.cidr.host (65536+4) prefixes.hi.v6}
 

nixos/modules/tmproot.nix

@@ -523,6 +523,22 @@ in
           group = "mautrix-meta";
         }) (filterAttrs (_: i: i.enable) config.services.mautrix-meta.instances);
       }
+      (mkIf config.services.unifi.enable {
+        my.tmproot.persistence.config.directories = [
+          {
+            directory = "/var/lib/unifi";
+            mode = "0750";
+            user = "unifi";
+            group = "unifi";
+          }
+          {
+            directory = "/var/cache/unifi";
+            mode = "0750";
+            user = "unifi";
+            group = "unifi";
+          }
+        ];
+      })
     ]))
   ]);