Add container for unifi controller
This commit is contained in:
parent
d8881c7623
commit
8952c28b60
5 changed files with 144 additions and 0 deletions
|
@ -76,6 +76,15 @@ inputs: {
|
|||
substituteOnTarget = true;
|
||||
};
|
||||
};
|
||||
unifi = {
|
||||
config = import ./unifi/configuration.nix inputs;
|
||||
deploy = {
|
||||
host = "10.0.0.207";
|
||||
sshUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
};
|
||||
};
|
||||
valkyrie = {
|
||||
config = import ./valkyrie/configuration.nix inputs;
|
||||
deploy = {
|
||||
|
|
24
machines/unifi/.terraform.lock.hcl
Normal file
24
machines/unifi/.terraform.lock.hcl
Normal file
|
@ -0,0 +1,24 @@
|
|||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/telmate/proxmox" {
|
||||
version = "2.9.14"
|
||||
constraints = "2.9.14"
|
||||
hashes = [
|
||||
"h1:H/f+LbVyPOLslHLAYnGuMMRqWFZ65K6E3V+MCYgfAyk=",
|
||||
"zh:0d049d33f705e5b814d30028770c084151218439424e99684ce31d7e26a720b5",
|
||||
"zh:20b1c64ed56d81de95f3f37b82b45b4654c0de26670c0e87a474c5cce13cd015",
|
||||
"zh:2946058abd1d8e50e475b9ec39781eb02576b40dbd80f4653fade4493a4514c6",
|
||||
"zh:29e50a25c456f040ce072f23ac57b5b82ebd3b916ca5ae6688332b5ec62adc4a",
|
||||
"zh:3612932306ce5f08db94868f526cbb8c56d0d3c6ebe1c11a83f92bbf94354296",
|
||||
"zh:42d1699b0abebaac82ea5a19f4393541d8bb2741bde204a8ac1028cdc29d1b14",
|
||||
"zh:5ffd5dc567262eb8aafdf2f6eac63f7f21361da9c5d75a3c36b479638a0001b0",
|
||||
"zh:6692ef323e3b89de99934ad731f6a1850525bf8142916ae28ea4e4048d73a787",
|
||||
"zh:a5afc98e9a4038516bb58e788cb77dea67a60dce780dfcd206d7373c5a56b776",
|
||||
"zh:bf902cded709d84fa27fbf91b589c241f2238a6c4924e4e479eebd74320b93a5",
|
||||
"zh:cab0e1e72c9cebcf669fc6f35ec28cb8ab2dffb0237afc8860aa40d23bf8a49f",
|
||||
"zh:e523b99a48beec83d9bc04b2d336266044f9f53514cefb652fe6768611847196",
|
||||
"zh:f593915e8a24829d322d2eaeedcb153328cf9042f0d84f66040dde1be70ede04",
|
||||
"zh:fba1aff541133e2129dfda0160369635ab48503d5c44b8407ce5922ecc15d0bd",
|
||||
]
|
||||
}
|
56
machines/unifi/configuration.nix
Normal file
56
machines/unifi/configuration.nix
Normal file
|
@ -0,0 +1,56 @@
|
|||
{ self, ... }:
|
||||
{ modulesPath, pkgs, ... }: {
|
||||
imports = [
|
||||
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
||||
../../users/root
|
||||
../../users/erwin
|
||||
];
|
||||
|
||||
eboskma = {
|
||||
users.erwin = {
|
||||
enable = true;
|
||||
server = true;
|
||||
};
|
||||
nix-common = {
|
||||
enable = true;
|
||||
remote-builders = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.unifi = {
|
||||
enable = true;
|
||||
unifiPackage = pkgs.unifi.overrideAttrs (_oldAttrs: {
|
||||
version = "7.4.162";
|
||||
src = builtins.fetchurl {
|
||||
url = "https://dl.ubnt.com/unifi/7.4.162/unifi_sysvinit_all.deb";
|
||||
sha256 = "sha256-BpZS95NJgSRGjJhVN6Vp8/4djdQEvj+2nfay0YsVPEw=";
|
||||
};
|
||||
});
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
allowPing = true;
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
allowedTCPPorts = [ 8443 ];
|
||||
};
|
||||
|
||||
boot.isContainer = true;
|
||||
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||
|
||||
proxmoxLXC = {
|
||||
privileged = true;
|
||||
};
|
||||
|
||||
services.tailscale.enable = true;
|
||||
|
||||
security.sudo.execWheelOnly = true;
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = { };
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
38
machines/unifi/main.tf
Normal file
38
machines/unifi/main.tf
Normal file
|
@ -0,0 +1,38 @@
|
|||
terraform {
|
||||
required_providers {
|
||||
proxmox = {
|
||||
source = "Telmate/proxmox"
|
||||
version = "2.9.14"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "proxmox" {
|
||||
pm_api_url = var.proxmox_api_url
|
||||
pm_api_token_id = var.proxmox_token_id
|
||||
pm_api_token_secret = var.proxmox_token_secret
|
||||
pm_tls_insecure = true
|
||||
}
|
||||
|
||||
resource "proxmox_lxc" "unifi" {
|
||||
target_node = "pve"
|
||||
hostname = "unifi"
|
||||
ostemplate = "loki:vztmpl/nixos-23.11-default_20230606_amd64.tar.xz"
|
||||
unprivileged = false
|
||||
onboot = true
|
||||
|
||||
memory = 2048
|
||||
swap = 2048
|
||||
|
||||
rootfs {
|
||||
storage = "local-lvm"
|
||||
size = "32G"
|
||||
}
|
||||
|
||||
network {
|
||||
name = "eth0"
|
||||
bridge = "vmbr0"
|
||||
ip = "10.0.0.207/24"
|
||||
gw = "10.0.0.1"
|
||||
}
|
||||
}
|
17
machines/unifi/variables.tf
Normal file
17
machines/unifi/variables.tf
Normal file
|
@ -0,0 +1,17 @@
|
|||
variable "proxmox_token_id" {
|
||||
description = "Proxmox API token ID"
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable "proxmox_token_secret" {
|
||||
description = "Proxmox API token secret"
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable "proxmox_api_url" {
|
||||
description = "Proxmox API URL"
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
Loading…
Reference in a new issue