about summary refs log tree commit diff
path: root/profiles
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-05-10 17:48:26 -0700
committerFranck Cuny <franck@fcuny.net>2023-05-10 17:48:26 -0700
commit90c41f7edb323e13e78d8ec976ee6467b0c807aa (patch)
tree3effb8452331b742cd3081ed657de57439e677d5 /profiles
parentmodules/unifi: fix the configuration (diff)
downloadworld-90c41f7edb323e13e78d8ec976ee6467b0c807aa.tar.gz
profiles/unifi: move the module to a profile
Get rid of configuration that was duplicated (a lot of things are
already handled by the upstream module).
Diffstat (limited to 'profiles')
-rw-r--r--profiles/unifi.nix38
1 files changed, 38 insertions, 0 deletions
diff --git a/profiles/unifi.nix b/profiles/unifi.nix
new file mode 100644
index 0000000..9307acd
--- /dev/null
+++ b/profiles/unifi.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+
+let
+  secrets = config.age.secrets;
+  vhostName = "unifi.${config.homelab.domain}";
+in
+{
+  # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/unifi.nix
+  services.unifi = {
+    enable = true;
+    openFirewall = true;
+    unifiPackage = pkgs.unifi7;
+    mongodbPackage = pkgs.mongodb-4_2;
+  };
+
+  services.nginx.virtualHosts."${cfg.vhostName}" = {
+    forceSSL = true;
+    useACMEHost = config.homelab.domain;
+    listen = [
+      {
+        addr = "192.168.6.40";
+        port = 443;
+        ssl = true;
+      }
+      {
+        addr = "192.168.6.40";
+        port = 80;
+        ssl = false;
+      }
+    ];
+    locations."/" = {
+      proxyPass = "https://127.0.0.1:8443";
+      proxyWebsockets = true;
+    };
+  };
+
+  my.services.backup = { paths = [ "/var/lib/unifi/data/backup" ]; };
+}