diff options
author | Franck Cuny <franck@fcuny.net> | 2023-05-10 17:48:26 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-05-10 17:48:26 -0700 |
commit | 90c41f7edb323e13e78d8ec976ee6467b0c807aa (patch) | |
tree | 3effb8452331b742cd3081ed657de57439e677d5 /modules/services | |
parent | modules/unifi: fix the configuration (diff) | |
download | world-90c41f7edb323e13e78d8ec976ee6467b0c807aa.tar.gz |
profiles/unifi: move the module to a profile
Get rid of configuration that was duplicated (a lot of things are already handled by the upstream module).
Diffstat (limited to '')
-rw-r--r-- | modules/services/unifi/default.nix | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix deleted file mode 100644 index 6ac45bc..0000000 --- a/modules/services/unifi/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.my.services.unifi; - secrets = config.age.secrets; - allowedRules = { - # https://help.ubnt.com/hc/en-us/articles/218506997 - allowedTCPPorts = [ - 8080 # Port for UAP to inform controller. - 8880 # Port for HTTP portal redirect, if guest portal is enabled. - 8843 # Port for HTTPS portal redirect, ditto. - 6789 # Port for UniFi mobile speed test. - 9130 # Port for the prometheus exporter - ]; - allowedUDPPorts = [ - 3478 # UDP port used for STUN. - 10001 # UDP port used for device discovery. - ]; - }; -in -{ - options.my.services.unifi = with lib; { - enable = mkEnableOption "Unifi controller"; - vhostName = mkOption { - type = types.str; - example = "music.fcuny.net"; - description = "Name for the virtual host"; - }; - }; - - config = lib.mkIf cfg.enable { - networking.firewall = allowedRules; - users.users.unifi.group = "unifi"; - users.users.unifi.isSystemUser = true; - users.groups.unifi = { }; - - services.unifi = { - enable = true; - openFirewall = true; - unifiPackage = pkgs.unifi7; - mongodbPackage = pkgs.mongodb-4_2; - }; - - services.nginx.virtualHosts."${cfg.vhostName}" = { - forceSSL = true; - useACMEHost = config.homelab.domain; - listen = [ - { - addr = "192.168.6.40"; - port = 443; - ssl = true; - } - { - addr = "192.168.6.40"; - port = 80; - ssl = false; - } - ]; - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - proxyWebsockets = true; - }; - }; - - my.services.backup = { paths = [ "/var/lib/unifi/data/backup" ]; }; - }; -} |