Add container for unifi controller

This commit is contained in:
Erwin Boskma 2023-09-06 16:56:20 +02:00
parent d8881c7623
commit 8952c28b60
Signed by: erwin
SSH key fingerprint: SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
5 changed files with 144 additions and 0 deletions

View file

@ -76,6 +76,15 @@ inputs: {
substituteOnTarget = true;
};
};
unifi = {
config = import ./unifi/configuration.nix inputs;
deploy = {
host = "10.0.0.207";
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
};
};
valkyrie = {
config = import ./valkyrie/configuration.nix inputs;
deploy = {

24
machines/unifi/.terraform.lock.hcl generated Normal file
View file

@ -0,0 +1,24 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/telmate/proxmox" {
version = "2.9.14"
constraints = "2.9.14"
hashes = [
"h1:H/f+LbVyPOLslHLAYnGuMMRqWFZ65K6E3V+MCYgfAyk=",
"zh:0d049d33f705e5b814d30028770c084151218439424e99684ce31d7e26a720b5",
"zh:20b1c64ed56d81de95f3f37b82b45b4654c0de26670c0e87a474c5cce13cd015",
"zh:2946058abd1d8e50e475b9ec39781eb02576b40dbd80f4653fade4493a4514c6",
"zh:29e50a25c456f040ce072f23ac57b5b82ebd3b916ca5ae6688332b5ec62adc4a",
"zh:3612932306ce5f08db94868f526cbb8c56d0d3c6ebe1c11a83f92bbf94354296",
"zh:42d1699b0abebaac82ea5a19f4393541d8bb2741bde204a8ac1028cdc29d1b14",
"zh:5ffd5dc567262eb8aafdf2f6eac63f7f21361da9c5d75a3c36b479638a0001b0",
"zh:6692ef323e3b89de99934ad731f6a1850525bf8142916ae28ea4e4048d73a787",
"zh:a5afc98e9a4038516bb58e788cb77dea67a60dce780dfcd206d7373c5a56b776",
"zh:bf902cded709d84fa27fbf91b589c241f2238a6c4924e4e479eebd74320b93a5",
"zh:cab0e1e72c9cebcf669fc6f35ec28cb8ab2dffb0237afc8860aa40d23bf8a49f",
"zh:e523b99a48beec83d9bc04b2d336266044f9f53514cefb652fe6768611847196",
"zh:f593915e8a24829d322d2eaeedcb153328cf9042f0d84f66040dde1be70ede04",
"zh:fba1aff541133e2129dfda0160369635ab48503d5c44b8407ce5922ecc15d0bd",
]
}

View file

@ -0,0 +1,56 @@
{ self, ... }:
{ modulesPath, pkgs, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
};
services.unifi = {
enable = true;
unifiPackage = pkgs.unifi.overrideAttrs (_oldAttrs: {
version = "7.4.162";
src = builtins.fetchurl {
url = "https://dl.ubnt.com/unifi/7.4.162/unifi_sysvinit_all.deb";
sha256 = "sha256-BpZS95NJgSRGjJhVN6Vp8/4djdQEvj+2nfay0YsVPEw=";
};
});
openFirewall = true;
};
networking.firewall = {
allowPing = true;
trustedInterfaces = [ "tailscale0" ];
allowedTCPPorts = [ 8443 ];
};
boot.isContainer = true;
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
proxmoxLXC = {
privileged = true;
};
services.tailscale.enable = true;
security.sudo.execWheelOnly = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { };
system.stateVersion = "23.11";
}

38
machines/unifi/main.tf Normal file
View file

@ -0,0 +1,38 @@
terraform {
required_providers {
proxmox = {
source = "Telmate/proxmox"
version = "2.9.14"
}
}
}
provider "proxmox" {
pm_api_url = var.proxmox_api_url
pm_api_token_id = var.proxmox_token_id
pm_api_token_secret = var.proxmox_token_secret
pm_tls_insecure = true
}
resource "proxmox_lxc" "unifi" {
target_node = "pve"
hostname = "unifi"
ostemplate = "loki:vztmpl/nixos-23.11-default_20230606_amd64.tar.xz"
unprivileged = false
onboot = true
memory = 2048
swap = 2048
rootfs {
storage = "local-lvm"
size = "32G"
}
network {
name = "eth0"
bridge = "vmbr0"
ip = "10.0.0.207/24"
gw = "10.0.0.1"
}
}

View file

@ -0,0 +1,17 @@
variable "proxmox_token_id" {
description = "Proxmox API token ID"
type = string
sensitive = true
}
variable "proxmox_token_secret" {
description = "Proxmox API token secret"
type = string
sensitive = true
}
variable "proxmox_api_url" {
description = "Proxmox API URL"
type = string
sensitive = true
}