diff options
| -rw-r--r-- | nixos/modules/misc/ids.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/networking/unifi.nix | 87 |
3 files changed, 89 insertions, 0 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 4ba81dadb315..853efcc09dc1 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -138,6 +138,7 @@ znc = 128; polipo = 129; mopidy = 130; + unifi = 131; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2cbda50ba29d..ea647b43c9d2 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -233,6 +233,7 @@ ./services/networking/teamspeak3.nix ./services/networking/tftpd.nix ./services/networking/unbound.nix + ./services/networking/unifi.nix ./services/networking/vsftpd.nix ./services/networking/wakeonlan.nix ./services/networking/websockify.nix diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix new file mode 100644 index 000000000000..cc9e2b934713 --- /dev/null +++ b/nixos/modules/services/networking/unifi.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.unifi; + stateDir = "/var/lib/unifi"; + cmd = "@${pkgs.icedtea7_jre}/bin/java java -jar ${stateDir}/lib/ace.jar"; +in +{ + + options = { + + services.unifi.enable = mkOption { + type = types.uniq types.bool; + default = false; + description = '' + Whether or not to enable the unifi controller service. + ''; + }; + + }; + + config = mkIf cfg.enable { + + users.extraUsers.unifi = { + uid = config.ids.uids.unifi; + description = "UniFi controller daemon user"; + home = "${stateDir}"; + }; + + systemd.mounts = [ + { + unitConfig.StopWhenUnneeded = true; + requiredBy = [ "unifi.service" ]; + what = "${pkgs.unifi}/dl"; + where = "${stateDir}/dl"; + options = "bind"; + } + { + unitConfig.StopWhenUnneeded = true; + requiredBy = [ "unifi.service" ]; + what = "${pkgs.unifi}/lib"; + where = "${stateDir}/lib"; + options = "bind"; + } + { + unitConfig.StopWhenUnneeded = true; + requiredBy = [ "unifi.service" ]; + what = "${pkgs.mongodb}/bin"; + where = "${stateDir}/bin"; + options = "bind"; + } + ]; + + systemd.services.unifi = { + description = "UniFi controller daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + preStart = '' + # Ensure privacy of state + chown unifi "${stateDir}" + chmod 0700 "${stateDir}" + + # Create the volatile webapps + mkdir -p "${stateDir}/webapps" + chown unifi "${stateDir}/webapps" + ln -s "${pkgs.unifi}/webapps/ROOT.war" "${stateDir}/webapps/ROOT.war" + ''; + + postStop = '' + rm "${stateDir}/webapps/ROOT.war" + ''; + + serviceConfig = { + Type = "simple"; + ExecStart = "${cmd} start"; + ExecStop = "${cmd} stop"; + User = "unifi"; + PermissionsStartOnly = true; + UMask = "0077"; + WorkingDirectory = "${stateDir}"; + }; + }; + + }; + +} |