From 6c0211bba56c18c9c88bb139b30c3f6ee2e16286 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 8 Jan 2023 14:38:03 -0800
Subject: fix(modules/unifi): proper monitoring and latest version

They've recently removed from nixpkgs the version of mongodb that was
used by unifi. I updated to the latest version (7) and did the migration
of the DB manually (see https://github.com/NixOS/nixpkgs/pull/207382):

```
nix-shell -p mongodb-3_4 mongodb-tools
mongod --dbpath /var/lib/unifi/data/db  --logpath /var/log/unifi/repair.log --repair
mongod --dbpath /var/lib/unifi/data/db  --logpath /var/log/unifi/repair.log --journal --fork
mongodump --out=/root/mongodump
pkill mongod
exit
nix-shell -p mongodb-4_2 mongodb-tools
mv /var/lib/unifi/data/db /var/lib/unifi/data/db_bak
mkdir /var/lib/unifi/data/db
mongod --dbpath /var/lib/unifi/data/db  --logpath /var/log/unifi/repair.log --journal --fork
mongorestore /root/mongodump
pkill mongod
```

Once this was done, the exporter was also broken, has it has been
renamed. There are two different services for it in nixpkgs:
`services.unpoller` and `services.prometheus.exporters.unpoller`. Only
the last one works.

From what I can tell, everything is working now.
---
 hosts/tahoe/secrets/secrets.nix    |  5 ++++-
 modules/services/unifi/default.nix | 16 ++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 38bb1b0..2d23fda 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -29,7 +29,10 @@ in
     owner = "fcuny";
   };
 
-  "unifi/unifi-poller.age".publicKeys = all;
+  "unifi/unifi-poller.age" = {
+    publicKeys = all;
+    owner = "unpoller-exporter";
+  };
 
   "restic/repo-systems.age".publicKeys = all;
   "rclone/config.ini.age".publicKeys = all;
diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix
index e5fc1fa..cc5ab69 100644
--- a/modules/services/unifi/default.nix
+++ b/modules/services/unifi/default.nix
@@ -37,7 +37,19 @@ in
     services.unifi = {
       enable = true;
       openFirewall = true;
-      unifiPackage = pkgs.unifiStable;
+      unifiPackage = pkgs.unifi7;
+    };
+
+    services.prometheus.exporters.unpoller = {
+      enable = true;
+      controllers = [
+        {
+          user = "unifipoller";
+          pass = secrets."unifi/unifi-poller".path;
+          url = "https://127.0.0.1:8443";
+          verify_ssl = false;
+        }
+      ];
     };
 
     services.nginx.virtualHosts."${cfg.vhostName}" = {
@@ -56,7 +68,7 @@ in
         }
       ];
       locations."/" = {
-        proxyPass = "http://127.0.0.1:8443";
+        proxyPass = "https://127.0.0.1:8443";
         proxyWebsockets = true;
       };
     };
-- 
cgit 1.4.1