From 90c41f7edb323e13e78d8ec976ee6467b0c807aa Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Wed, 10 May 2023 17:48:26 -0700 Subject: profiles/unifi: move the module to a profile Get rid of configuration that was duplicated (a lot of things are already handled by the upstream module). --- modules/services/unifi/default.nix | 67 -------------------------------------- 1 file changed, 67 deletions(-) delete mode 100644 modules/services/unifi/default.nix (limited to 'modules/services') diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix deleted file mode 100644 index 6ac45bc..0000000 --- a/modules/services/unifi/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.my.services.unifi; - secrets = config.age.secrets; - allowedRules = { - # https://help.ubnt.com/hc/en-us/articles/218506997 - allowedTCPPorts = [ - 8080 # Port for UAP to inform controller. - 8880 # Port for HTTP portal redirect, if guest portal is enabled. - 8843 # Port for HTTPS portal redirect, ditto. - 6789 # Port for UniFi mobile speed test. - 9130 # Port for the prometheus exporter - ]; - allowedUDPPorts = [ - 3478 # UDP port used for STUN. - 10001 # UDP port used for device discovery. - ]; - }; -in -{ - options.my.services.unifi = with lib; { - enable = mkEnableOption "Unifi controller"; - vhostName = mkOption { - type = types.str; - example = "music.fcuny.net"; - description = "Name for the virtual host"; - }; - }; - - config = lib.mkIf cfg.enable { - networking.firewall = allowedRules; - users.users.unifi.group = "unifi"; - users.users.unifi.isSystemUser = true; - users.groups.unifi = { }; - - services.unifi = { - enable = true; - openFirewall = true; - unifiPackage = pkgs.unifi7; - mongodbPackage = pkgs.mongodb-4_2; - }; - - services.nginx.virtualHosts."${cfg.vhostName}" = { - forceSSL = true; - useACMEHost = config.homelab.domain; - listen = [ - { - addr = "192.168.6.40"; - port = 443; - ssl = true; - } - { - addr = "192.168.6.40"; - port = 80; - ssl = false; - } - ]; - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - proxyWebsockets = true; - }; - }; - - my.services.backup = { paths = [ "/var/lib/unifi/data/backup" ]; }; - }; -} -- cgit 1.4.1