From e4684d3f5778ecf3432b2e93b9af0cb79686e9f8 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 6 Mar 2022 19:20:55 -0800
Subject: unifi: configure the poller

---
 hosts/common/server/unifi.nix | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

(limited to 'hosts/common')

diff --git a/hosts/common/server/unifi.nix b/hosts/common/server/unifi.nix
index 1da8709..52635f0 100644
--- a/hosts/common/server/unifi.nix
+++ b/hosts/common/server/unifi.nix
@@ -16,7 +16,6 @@ let
   };
 in {
   config = {
-    networking.firewall.allowedTCPPorts = [ 8443 ];
     networking.firewall = allowedRules;
     users.users.unifi.group = "unifi";
     users.users.unifi.isSystemUser = true;
@@ -25,14 +24,28 @@ in {
     services.unifi = {
       enable = true;
       openPorts = true;
-      openFirewall = true;
+      unifiPackage = pkgs.unifiStable;
     };
 
-    services.prometheus.exporters.unifi = {
+    age.secrets.unifi-read-only = {
+      file = ../../../secrets/unifi/unifi-poller.age;
+      mode = "0400";
+      owner = "unifi-poller";
+    };
+
+    services.unifi-poller = {
       enable = true;
-      unifiAddress = "https://localhost:8443/";
-      unifiInsecure = true;
+
+      unifi.defaults = {
+        url = "https://127.0.0.1:8443";
+        user = "unifipoller";
+        pass = config.age.secrets.unifi-read-only.path;
+
+        verify_ssl = false;
+      };
+
       influxdb.disable = true;
+
       prometheus = { http_listen = ":9130"; };
     };
 
-- 
cgit 1.4.1