raven/unifi-controller: init

This also adds a module that explicitly allows certain unfree packages
to be installed.

Co-Authored-By: Jakob Lechner <mail@jalr.de>

machines/raven/README.md

@@ -0,0 +1,15 @@
+# raven
+
+## Services
+
+### unifi-controller
+
+The unifi controller is used for managing the wireless network. It provides a [Web UI](https://raven.fablab-nea.de:8443).
+
+The following ports are opened in the firewall:
+
+ - `3478/udp` used for STUN
+ - `6789/tcp` used for UniFi mobile speed test
+ - `8080/tcp` used for application GUI/API as seen in a web browser
+ - `8880/tcp` used for HTTP portal redirection
+ - `10001/udp` used for device discovery

machines/raven/services/default.nix

@@ -3,5 +3,6 @@
     ./dnsmasq.nix
     ./dyndns.nix
     ./labsync.nix
+    ./unifi-controller.nix
   ];
 }

machines/raven/services/dnsmasq.nix

@@ -21,7 +21,7 @@
 
       no-hosts
       addn-hosts=${pkgs.writeText "hosts.dnsmasq" ''
-        192.168.94.1 raven labsync
+        192.168.94.1 raven labsync unifi
         192.168.94.2 switch
       ''}
     '';

machines/raven/services/unifi-controller.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{
+  services.unifi = {
+    enable = true;
+    openPorts = true;
+    unifiPackage = pkgs.unifi;
+  };
+  networking.firewall.allowedTCPPorts = [ 8443 ];
+}

modules/default.nix

@@ -5,5 +5,6 @@
     ./pubkeys.nix
     ./sops.nix
     ./tools.nix
+    ./unfree.nix
   ];
 }

modules/unfree.nix

@@ -0,0 +1,7 @@
+{ lib, ... }:
+
+{
+  nixpkgs.config.allowUnfreePredicate = (pkg: lib.elem (lib.getName pkg) [
+    "unifi-controller"
+  ]);
+}