diff options
-rw-r--r-- | hosts/common/server/unifi.nix | 23 | ||||
-rw-r--r-- | secrets.nix | 2 | ||||
-rw-r--r-- | secrets/unifi/unifi-poller.age | 13 |
3 files changed, 33 insertions, 5 deletions
diff --git a/hosts/common/server/unifi.nix b/hosts/common/server/unifi.nix index 1da8709..52635f0 100644 --- a/hosts/common/server/unifi.nix +++ b/hosts/common/server/unifi.nix @@ -16,7 +16,6 @@ let }; in { config = { - networking.firewall.allowedTCPPorts = [ 8443 ]; networking.firewall = allowedRules; users.users.unifi.group = "unifi"; users.users.unifi.isSystemUser = true; @@ -25,14 +24,28 @@ in { services.unifi = { enable = true; openPorts = true; - openFirewall = true; + unifiPackage = pkgs.unifiStable; }; - services.prometheus.exporters.unifi = { + age.secrets.unifi-read-only = { + file = ../../../secrets/unifi/unifi-poller.age; + mode = "0400"; + owner = "unifi-poller"; + }; + + services.unifi-poller = { enable = true; - unifiAddress = "https://localhost:8443/"; - unifiInsecure = true; + + unifi.defaults = { + url = "https://127.0.0.1:8443"; + user = "unifipoller"; + pass = config.age.secrets.unifi-read-only.path; + + verify_ssl = false; + }; + influxdb.disable = true; + prometheus = { http_listen = ":9130"; }; }; diff --git a/secrets.nix b/secrets.nix index 3d50744..3d39048 100644 --- a/secrets.nix +++ b/secrets.nix @@ -18,4 +18,6 @@ in { "secrets/traefik/gcp_service_account.json.age".publicKeys = [ fcuny_aptos aptos tahoe ]; + + "secrets/unifi/unifi-poller.age".publicKeys = [ fcuny_aptos aptos tahoe ]; } diff --git a/secrets/unifi/unifi-poller.age b/secrets/unifi/unifi-poller.age new file mode 100644 index 0000000..bd71926 --- /dev/null +++ b/secrets/unifi/unifi-poller.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 wtownA 0VcUc7jKvTUSaSN8mj5DavrRh5OOu9tmlESZTZM1vy0 +YLbthCfZpcqKlUj0SKEvaczL1bWepXo6pTpurP4pyRU +-> ssh-ed25519 +LF+iw L+QyJtlQS7KGsWafQRTSfWbX13pb8Vl0skQsX+yVNjo +7hhNe1E3ctyLCfYjSHH9RuB220x368Ut312Ql+0E8MM +-> ssh-ed25519 dtgBNg h0M/tnUsWja+Y+06eBnKJYcLBX5RSRn19B+idfnTtGs +To6JQ/h7ag1H+xLkC4/tWnWGf0cjvq6NGBPqNeqExAU +-> #qx-grease ie.h +gEn12esIeUQ7g/SwgEiw3TH1Mqd3IZ/iyn+OJt16UIIUCi3ox7MgDLyS8ngicmOj +idBj8DS72toie9iG5rt9IDzV +--- 9jnTt5KR/MIJfT9s6gLP4cgqFZD2W0UQf4FF8HOBPX4 +n,0cC]KfNYpRnuIj +_{/k \ No newline at end of file |