From a1571509568c938cb180d6e02abdd4d63b3fd827 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Thu, 21 Mar 2024 08:19:43 -0700
Subject: [PATCH] refactor(unifi): move to utsuho

---
 nixos/unifi.nix           |  7 +++++++
 systems/hakurei/nixos.nix | 15 +++++++++------
 systems/tei/lxc.json      |  1 -
 systems/tei/nixos.nix     |  2 --
 systems/utsuho/nixos.nix  |  7 +++----
 5 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/nixos/unifi.nix b/nixos/unifi.nix
index 9722ef97..d88a669c 100644
--- a/nixos/unifi.nix
+++ b/nixos/unifi.nix
@@ -10,6 +10,8 @@ in {
   services.unifi = {
     enable = mkDefault true;
     unifiPackage = mkDefault pkgs.unifi8;
+    #seems to be *much* harder to compile so not going with this for now...
+    #mongodbPackage = mkDefault pkgs.mongodb-5_0;
   };
 
   networking.firewall.interfaces.local = mkIf cfg.enable {
@@ -34,4 +36,9 @@ in {
     users.unifi.uid = 990;
     groups.unifi.gid = 990;
   };
+  systemd.services.unifi = mkIf cfg.enable {
+    serviceConfig.BindPaths = [
+      "/mnt/shared/unifi:/var/lib/unifi"
+    ];
+  };
 }
diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix
index 5946afed..7145c91a 100644
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@@ -9,10 +9,12 @@
   keycloak = access.nixosFor "keycloak";
   mediabox = access.nixosFor "mediabox";
   tei = access.nixosFor "tei";
+  utsuho = access.nixosFor "utsuho";
   inherit (mediabox.services) plex;
   inherit (keycloak.services) vouch-proxy;
   inherit (tei.services) home-assistant zigbee2mqtt;
-  inherit (config.services) nginx tailscale;
+  inherit (utsuho.services) unifi;
+  inherit (config.services) nginx;
 in {
   imports = let
     inherit (meta) nixos;
@@ -53,15 +55,16 @@ in {
   };
 
   services.cloudflared = let
-    inherit (nginx) virtualHosts;
+    inherit (nginx) virtualHosts defaultHTTPListenPort;
     tunnelId = "964121e3-b3a9-4cc1-8480-954c4728b604";
+    localNginx = "http://localhost:${toString defaultHTTPListenPort}";
   in {
     tunnels.${tunnelId} = {
       default = "http_status:404";
       credentialsFile = config.sops.secrets.cloudflared-tunnel-hakurei.path;
       ingress = {
-        ${virtualHosts.prox.serverName}.service = "http://localhost";
-        ${virtualHosts.gensokyoZone.serverName}.service = "http://localhost";
+        ${virtualHosts.prox.serverName}.service = localNginx;
+        ${virtualHosts.gensokyoZone.serverName}.service = localNginx;
       };
     };
   };
@@ -191,8 +194,8 @@ in {
     access.vouch = assert vouch-proxy.enable; {
       url = "http://${keycloak.lib.access.hostnameForNetwork.local}:${toString vouch-proxy.settings.vouch.port}";
     };
-    access.unifi = {
-      host = tei.lib.access.hostnameForNetwork.local;
+    access.unifi = assert unifi.enable; {
+      host = utsuho.lib.access.hostnameForNetwork.local;
     };
     access.freeipa = {
       host = "idp.local.${config.networking.domain}";
diff --git a/systems/tei/lxc.json b/systems/tei/lxc.json
index 9b7c6a80..d19b9987 100644
--- a/systems/tei/lxc.json
+++ b/systems/tei/lxc.json
@@ -6,7 +6,6 @@
 			"/rpool/shared/mosquitto mnt/shared/mosquitto none bind,optional,create=dir",
 			"/rpool/shared/hass mnt/shared/hass none bind,optional,create=dir",
 			"/rpool/shared/postgresql mnt/shared/postgresql none bind,optional,create=dir",
-			"/rpool/shared/unifi mnt/shared/unifi none bind,optional,create=dir",
 			"/dev/ttyZigbee dev/ttyZigbee none bind,optional,create=file",
 			"/dev/net/tun dev/net/tun none bind,optional,create=file"
 		],
diff --git a/systems/tei/nixos.nix b/systems/tei/nixos.nix
index 6b92783c..6b972c39 100644
--- a/systems/tei/nixos.nix
+++ b/systems/tei/nixos.nix
@@ -17,8 +17,6 @@ in {
     nixos.postgres
     nixos.nginx
     nixos.access.zigbee2mqtt
-    nixos.access.unifi
-    nixos.unifi
     nixos.mosquitto
     nixos.home-assistant
     nixos.zigbee2mqtt
diff --git a/systems/utsuho/nixos.nix b/systems/utsuho/nixos.nix
index f9eff658..e83823c0 100644
--- a/systems/utsuho/nixos.nix
+++ b/systems/utsuho/nixos.nix
@@ -11,16 +11,18 @@ in {
     nixos.cloudflared
     nixos.nginx
     nixos.access.unifi
+    nixos.unifi
   ];
 
   services.cloudflared = let
     tunnelId = "28bcd3fc-3467-4997-806b-546ba9995028";
+    inherit (config.services) unifi;
   in {
     tunnels.${tunnelId} = {
       default = "http_status:404";
       credentialsFile = config.sops.secrets.cloudflared-tunnel-utsuho.path;
       ingress = {
-        ${virtualHosts.unifi.serverName} = {
+        ${virtualHosts.unifi.serverName} = assert unifi.enable; {
           service = "http://localhost";
         };
       };
@@ -28,9 +30,6 @@ in {
   };
 
   services.nginx = {
-    access.unifi = {
-      host = tei.lib.access.hostnameForNetwork.local;
-    };
     virtualHosts = {
       unifi.proxied.enable = "cloudflared";
     };