gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/unifi.nix
arcnmx a8d2fa8c90 fix(unifi): pin mongodb-5_0 for now 
requires a manual database upgrade...
2024-11-20 09:16:52 -08:00

60 lines
1.5 KiB
Nix
Raw Blame History

{
pkgs,
config,
gensokyo-zone,
lib,
...
}: let
inherit (lib.modules) mkIf mkMerge mkForce mkDefault;
cfg = config.services.unifi;
delayRestart = true;
in {
services.unifi = {
enable = mkDefault true;
unifiPackage = mkDefault pkgs.unifi8;
#TODO: mongodbPackage = mkDefault pkgs.mongodb-6_0;
mongodbPackage = let
nixpkgs = import gensokyo-zone.inputs.nixpkgs-2405 {
inherit (pkgs) system config;
};
in mkDefault nixpkgs.mongodb-5_0;
};
networking.firewall = mkIf cfg.enable {
interfaces.lan = {
allowedTCPPorts = [
8443 # remote login
];
};
interfaces.local = {
allowedTCPPorts = mkIf (!cfg.openFirewall) [
8080 # Port for UAP to inform controller.
8880 # Port for HTTP portal redirect, if guest portal is enabled.
8843 # Port for HTTPS portal redirect, ditto.
6789 # Port for UniFi mobile speed test.
];
allowedUDPPorts = mkIf (!cfg.openFirewall) [
10001 # UDP port used for device discovery.
];
};
allowedUDPPorts = mkIf (!cfg.openFirewall) [
3478 # UDP port used for STUN.
];
};
users = mkIf cfg.enable {
users.unifi.uid = 990;
groups.unifi.gid = 990;
};
systemd.services.unifi = let
restartConfig = {
restartTriggers = mkForce [];
restartIfChanged = false;
};
conf.gensokyo-zone.sharedMounts.unifi.path = mkDefault "/var/lib/unifi";
in
mkIf cfg.enable (mkMerge [
conf
(mkIf delayRestart restartConfig)
]);
}
Reference in a new issue View git blame Copy permalink