From 90c41f7edb323e13e78d8ec976ee6467b0c807aa Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Wed, 10 May 2023 17:48:26 -0700 Subject: profiles/unifi: move the module to a profile Get rid of configuration that was duplicated (a lot of things are already handled by the upstream module). --- hosts/tahoe/default.nix | 1 + hosts/tahoe/services.nix | 5 --- modules/services/unifi/default.nix | 67 -------------------------------------- profiles/unifi.nix | 38 +++++++++++++++++++++ 4 files changed, 39 insertions(+), 72 deletions(-) delete mode 100644 modules/services/unifi/default.nix create mode 100644 profiles/unifi.nix diff --git a/hosts/tahoe/default.nix b/hosts/tahoe/default.nix index aacc41a..4a5e054 100644 --- a/hosts/tahoe/default.nix +++ b/hosts/tahoe/default.nix @@ -12,6 +12,7 @@ in "${self}/profiles/nas.nix" "${self}/profiles/acme.nix" "${self}/profiles/nginx.nix" + "${self}/profiles/unifi.nix" "${self}/profiles/hardware/amd.nix" ]; diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix index b510463..b684275 100644 --- a/hosts/tahoe/services.nix +++ b/hosts/tahoe/services.nix @@ -16,11 +16,6 @@ in vhostName = "music.${config.homelab.domain}"; musicFolder = "/data/fast/music"; }; - unifi = { - enable = true; - vhostName = "unifi.${config.homelab.domain}"; - }; - monitoring = { prometheus = { enable = true; diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix deleted file mode 100644 index 6ac45bc..0000000 --- a/modules/services/unifi/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.my.services.unifi; - secrets = config.age.secrets; - allowedRules = { - # https://help.ubnt.com/hc/en-us/articles/218506997 - allowedTCPPorts = [ - 8080 # Port for UAP to inform controller. - 8880 # Port for HTTP portal redirect, if guest portal is enabled. - 8843 # Port for HTTPS portal redirect, ditto. - 6789 # Port for UniFi mobile speed test. - 9130 # Port for the prometheus exporter - ]; - allowedUDPPorts = [ - 3478 # UDP port used for STUN. - 10001 # UDP port used for device discovery. - ]; - }; -in -{ - options.my.services.unifi = with lib; { - enable = mkEnableOption "Unifi controller"; - vhostName = mkOption { - type = types.str; - example = "music.fcuny.net"; - description = "Name for the virtual host"; - }; - }; - - config = lib.mkIf cfg.enable { - networking.firewall = allowedRules; - users.users.unifi.group = "unifi"; - users.users.unifi.isSystemUser = true; - users.groups.unifi = { }; - - services.unifi = { - enable = true; - openFirewall = true; - unifiPackage = pkgs.unifi7; - mongodbPackage = pkgs.mongodb-4_2; - }; - - services.nginx.virtualHosts."${cfg.vhostName}" = { - forceSSL = true; - useACMEHost = config.homelab.domain; - listen = [ - { - addr = "192.168.6.40"; - port = 443; - ssl = true; - } - { - addr = "192.168.6.40"; - port = 80; - ssl = false; - } - ]; - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - proxyWebsockets = true; - }; - }; - - my.services.backup = { paths = [ "/var/lib/unifi/data/backup" ]; }; - }; -} diff --git a/profiles/unifi.nix b/profiles/unifi.nix new file mode 100644 index 0000000..9307acd --- /dev/null +++ b/profiles/unifi.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +let + secrets = config.age.secrets; + vhostName = "unifi.${config.homelab.domain}"; +in +{ + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/unifi.nix + services.unifi = { + enable = true; + openFirewall = true; + unifiPackage = pkgs.unifi7; + mongodbPackage = pkgs.mongodb-4_2; + }; + + services.nginx.virtualHosts."${cfg.vhostName}" = { + forceSSL = true; + useACMEHost = config.homelab.domain; + listen = [ + { + addr = "192.168.6.40"; + port = 443; + ssl = true; + } + { + addr = "192.168.6.40"; + port = 80; + ssl = false; + } + ]; + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + proxyWebsockets = true; + }; + }; + + my.services.backup = { paths = [ "/var/lib/unifi/data/backup" ]; }; +} -- cgit 1.4.1