about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--hosts/common/server/unifi.nix23
-rw-r--r--secrets.nix2
-rw-r--r--secrets/unifi/unifi-poller.age13
3 files changed, 33 insertions, 5 deletions
diff --git a/hosts/common/server/unifi.nix b/hosts/common/server/unifi.nix
index 1da8709..52635f0 100644
--- a/hosts/common/server/unifi.nix
+++ b/hosts/common/server/unifi.nix
@@ -16,7 +16,6 @@ let
   };
 in {
   config = {
-    networking.firewall.allowedTCPPorts = [ 8443 ];
     networking.firewall = allowedRules;
     users.users.unifi.group = "unifi";
     users.users.unifi.isSystemUser = true;
@@ -25,14 +24,28 @@ in {
     services.unifi = {
       enable = true;
       openPorts = true;
-      openFirewall = true;
+      unifiPackage = pkgs.unifiStable;
     };
 
-    services.prometheus.exporters.unifi = {
+    age.secrets.unifi-read-only = {
+      file = ../../../secrets/unifi/unifi-poller.age;
+      mode = "0400";
+      owner = "unifi-poller";
+    };
+
+    services.unifi-poller = {
       enable = true;
-      unifiAddress = "https://localhost:8443/";
-      unifiInsecure = true;
+
+      unifi.defaults = {
+        url = "https://127.0.0.1:8443";
+        user = "unifipoller";
+        pass = config.age.secrets.unifi-read-only.path;
+
+        verify_ssl = false;
+      };
+
       influxdb.disable = true;
+
       prometheus = { http_listen = ":9130"; };
     };
 
diff --git a/secrets.nix b/secrets.nix
index 3d50744..3d39048 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -18,4 +18,6 @@ in {
 
   "secrets/traefik/gcp_service_account.json.age".publicKeys =
     [ fcuny_aptos aptos tahoe ];
+
+  "secrets/unifi/unifi-poller.age".publicKeys = [ fcuny_aptos aptos tahoe ];
 }
diff --git a/secrets/unifi/unifi-poller.age b/secrets/unifi/unifi-poller.age
new file mode 100644
index 0000000..bd71926
--- /dev/null
+++ b/secrets/unifi/unifi-poller.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 wtownA 0VcUc7jKvTUSaSN8mj5DavrRh5OOu9tmlESZTZM1vy0
+YLbthCfZpcqKlUj0SKEvaczL1bWepXo6pTpurP4pyRU
+-> ssh-ed25519 +LF+iw L+QyJtlQS7KGsWafQRTSfWbX13pb8Vl0skQsX+yVNjo
+7hhNe1E3ctyLCfYjSHH9RuB220x368Ut312Ql+0E8MM
+-> ssh-ed25519 dtgBNg h0M/tnUsWja+Y+06eBnKJYcLBX5RSRn19B+idfnTtGs
+To6JQ/h7ag1H+xLkC4/tWnWGf0cjvq6NGBPqNeqExAU
+-> #qx-grease ie.h
+gEn12esIeUQ7g/SwgEiw3TH1Mqd3IZ/iyn+OJt16UIIUCi3ox7MgDLyS8ngicmOj
+idBj8DS72toie9iG5rt9IDzV
+--- 9jnTt5KR/MIJfT9s6gLP4cgqFZD2W0UQf4FF8HOBPX4
+n,0cC]KfNYpRnuIj
+_{/k
\ No newline at end of file
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-26 17:22:47 +0000