blob: 1da8709fe4b367c7ba6906365e6db2725acb92f8 (
plain) (
tree)
|
|
{ config, lib, pkgs, ... }:
let
allowedRules = {
# https://help.ubnt.com/hc/en-us/articles/218506997
allowedTCPPorts = [
8080 # Port for UAP to inform controller.
8880 # Port for HTTP portal redirect, if guest portal is enabled.
8843 # Port for HTTPS portal redirect, ditto.
6789 # Port for UniFi mobile speed test.
];
allowedUDPPorts = [
3478 # UDP port used for STUN.
10001 # UDP port used for device discovery.
];
};
in {
config = {
networking.firewall.allowedTCPPorts = [ 8443 ];
networking.firewall = allowedRules;
users.users.unifi.group = "unifi";
users.users.unifi.isSystemUser = true;
users.groups.unifi = { };
services.unifi = {
enable = true;
openPorts = true;
openFirewall = true;
};
services.prometheus.exporters.unifi = {
enable = true;
unifiAddress = "https://localhost:8443/";
unifiInsecure = true;
influxdb.disable = true;
prometheus = { http_listen = ":9130"; };
};
systemd.services.unifi-available = {
description = "Wait for Unifi to be available";
after = [ "unifi.service" ];
before = [ "prometheus-unifi-exporter.service" ];
wantedBy = [ "prometheus-unifi-exporter.service" ];
serviceConfig = {
ExecStart =
"${pkgs.curl}/bin/curl --insecure 'https://localhost:8443/'";
Restart = "on-failure";
RestartSec = "10";
Type = "oneshot";
};
};
};
}
|
