gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/unifi.nix
arcnmx 41c86d6672 fix(unifi): mongodb builds broke
2024-07-11 10:29:40 -07:00

54 lines
1.4 KiB
Nix
Raw Blame History

{
pkgs,
config,
lib,
...
}: let
inherit (lib.modules) mkIf mkDefault;
cfg = config.services.unifi;
in {
services.unifi = {
enable = mkDefault true;
unifiPackage = mkDefault pkgs.unifi8;
# XXX: https://github.com/NixOS/nixpkgs/pull/325961
mongodbPackage = pkgs.mongodb-5_0.override {
callPackage = pkgs.newScope {
buildPackages = pkgs.buildPackages // {
scons = pkgs.buildPackages.scons.override {
python3 = pkgs.buildPackages.python311;
};
};
};
};
};
networking.firewall = mkIf cfg.enable {
interfaces.lan = {
allowedTCPPorts = [
8443 # remote login
];
};
interfaces.local = {
allowedTCPPorts = mkIf (!cfg.openFirewall) [
8080 # Port for UAP to inform controller.
8880 # Port for HTTP portal redirect, if guest portal is enabled.
8843 # Port for HTTPS portal redirect, ditto.
6789 # Port for UniFi mobile speed test.
];
allowedUDPPorts = mkIf (!cfg.openFirewall) [
10001 # UDP port used for device discovery.
];
};
allowedUDPPorts = mkIf (!cfg.openFirewall) [
3478 # UDP port used for STUN.
];
};
users = mkIf cfg.enable {
users.unifi.uid = 990;
groups.unifi.gid = 990;
};
systemd.services.unifi = mkIf cfg.enable {
gensokyo-zone.sharedMounts.unifi.path = mkDefault "/var/lib/unifi";
};
}
Reference in a new issue View git blame Copy permalink