flakes/modules/nixos/services/unifi-controller/default.nix

{
  config,
  lib,
  pkgs,
  ...
}: {
  options.snowflake.services.unifi-controller = {
    enable = lib.mkEnableOption "Enable Unifi controller service for Unifi devices";
    unpoller = {
      enable = lib.mkEnableOption "Enable unpoller metrics for Unifi controller";

      user = lib.mkOption {
        type = lib.types.str;
        default = "unifi-unpoller";
        description = "Username for unpoller access to Unifi controller";
      };

      passwordFile = lib.mkOption {
        description = "Age module containing the password to use for unpoller user";
      };

      url = lib.mkOption {
        type = lib.types.str;
        default = "https://127.0.0.1:8443";
        description = "URL for the unifi controller service";
      };
    };
  };

  config = let
    cfg = config.snowflake.services.unifi-controller;
  in
    lib.mkMerge [
      (lib.mkIf cfg.enable
        {
          networking.firewall.allowedTCPPorts = [8443];
          services.unifi = {
            enable = true;
            unifiPackage = pkgs.unifi8;
            # mongodbPackage = pkgs.mongodb-6_0;
            # Limit memory to 256MB. Works well enough
            # for small, home-based controller deployments.
            maximumJavaHeapSize = 256;
            openFirewall = true;
          };
        })

      (lib.mkIf cfg.unpoller.enable
        {
          age.secrets.unpoller-password = {
            inherit (cfg.unpoller.passwordFile) file;
            owner = config.services.prometheus.exporters.unpoller.user;
            group = config.services.prometheus.exporters.unpoller.user;
          };

          services.prometheus.exporters.unpoller = {
            enable = cfg.unpoller.enable;
            controllers = [
              {
                url = cfg.unpoller.url;
                user = cfg.unpoller.user;
                pass = config.age.secrets.unpoller-password.path;
                save_ids = true;
                save_events = true;
                save_alarms = true;
                save_anomalies = true;
                verify_ssl = false;
              }
            ];
          };
        })
    ];
}
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
feat: refactor unifi-controller, add unifi-unpoller for monitoring Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 19:17:56 +05:30			`}: {`
			`options.snowflake.services.unifi-controller = {`
			`enable = lib.mkEnableOption "Enable Unifi controller service for Unifi devices";`
			`unpoller = {`
			`enable = lib.mkEnableOption "Enable unpoller metrics for Unifi controller";`

			`user = lib.mkOption {`
			`type = lib.types.str;`
			`default = "unifi-unpoller";`
			`description = "Username for unpoller access to Unifi controller";`
			`};`

			`passwordFile = lib.mkOption {`
			`description = "Age module containing the password to use for unpoller user";`
			`};`
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30
feat: refactor unifi-controller, add unifi-unpoller for monitoring Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 19:17:56 +05:30			`url = lib.mkOption {`
			`type = lib.types.str;`
			`default = "https://127.0.0.1:8443";`
			`description = "URL for the unifi controller service";`
			`};`
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`};`
			`};`
feat: refactor unifi-controller, add unifi-unpoller for monitoring Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 19:17:56 +05:30
			`config = let`
			`cfg = config.snowflake.services.unifi-controller;`
			`in`
			`lib.mkMerge [`
			`(lib.mkIf cfg.enable`
			`{`
			`networking.firewall.allowedTCPPorts = [8443];`
			`services.unifi = {`
			`enable = true;`
			`unifiPackage = pkgs.unifi8;`
			`# mongodbPackage = pkgs.mongodb-6_0;`
			`# Limit memory to 256MB. Works well enough`
			`# for small, home-based controller deployments.`
			`maximumJavaHeapSize = 256;`
			`openFirewall = true;`
			`};`
			`})`

			`(lib.mkIf cfg.unpoller.enable`
			`{`
			`age.secrets.unpoller-password = {`
			`inherit (cfg.unpoller.passwordFile) file;`
			`owner = config.services.prometheus.exporters.unpoller.user;`
			`group = config.services.prometheus.exporters.unpoller.user;`
			`};`

			`services.prometheus.exporters.unpoller = {`
			`enable = cfg.unpoller.enable;`
			`controllers = [`
			`{`
			`url = cfg.unpoller.url;`
			`user = cfg.unpoller.user;`
			`pass = config.age.secrets.unpoller-password.path;`
			`save_ids = true;`
			`save_events = true;`
			`save_alarms = true;`
			`save_anomalies = true;`
			`verify_ssl = false;`
			`}`
			`];`
			`};`
			`})`
			`];`
feat: add nixos configuration based on snowfall-lib Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com> 2024-09-02 18:31:19 +05:30			`}`