From 53629c10db12ddf76be540a1be97b612f0d23c83 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sat, 25 Dec 2021 23:35:22 +0100
Subject: [PATCH] raven/unifi-controller: init

This also adds a module that explicitly allows certain unfree packages
to be installed.

Co-Authored-By: Jakob Lechner <mail@jalr.de>
---
 machines/raven/README.md                     | 15 +++++++++++++++
 machines/raven/services/default.nix          |  1 +
 machines/raven/services/dnsmasq.nix          |  2 +-
 machines/raven/services/unifi-controller.nix |  9 +++++++++
 modules/default.nix                          |  1 +
 modules/unfree.nix                           |  7 +++++++
 6 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 machines/raven/README.md
 create mode 100644 machines/raven/services/unifi-controller.nix
 create mode 100644 modules/unfree.nix

diff --git a/machines/raven/README.md b/machines/raven/README.md
new file mode 100644
index 0000000..2799b0d
--- /dev/null
+++ b/machines/raven/README.md
@@ -0,0 +1,15 @@
+# raven
+
+## Services
+
+### unifi-controller
+
+The unifi controller is used for managing the wireless network. It provides a [Web UI](https://raven.fablab-nea.de:8443).
+
+The following ports are opened in the firewall:
+
+ - `3478/udp` used for STUN
+ - `6789/tcp` used for UniFi mobile speed test
+ - `8080/tcp` used for application GUI/API as seen in a web browser
+ - `8880/tcp` used for HTTP portal redirection
+ - `10001/udp` used for device discovery
diff --git a/machines/raven/services/default.nix b/machines/raven/services/default.nix
index 37fec97..ae47ca9 100644
--- a/machines/raven/services/default.nix
+++ b/machines/raven/services/default.nix
@@ -3,5 +3,6 @@
     ./dnsmasq.nix
     ./dyndns.nix
     ./labsync.nix
+    ./unifi-controller.nix
   ];
 }
diff --git a/machines/raven/services/dnsmasq.nix b/machines/raven/services/dnsmasq.nix
index 1eeac78..fdf7531 100644
--- a/machines/raven/services/dnsmasq.nix
+++ b/machines/raven/services/dnsmasq.nix
@@ -21,7 +21,7 @@
 
       no-hosts
       addn-hosts=${pkgs.writeText "hosts.dnsmasq" ''
-        192.168.94.1 raven labsync
+        192.168.94.1 raven labsync unifi
         192.168.94.2 switch
       ''}
     '';
diff --git a/machines/raven/services/unifi-controller.nix b/machines/raven/services/unifi-controller.nix
new file mode 100644
index 0000000..7af0870
--- /dev/null
+++ b/machines/raven/services/unifi-controller.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{
+  services.unifi = {
+    enable = true;
+    openPorts = true;
+    unifiPackage = pkgs.unifi;
+  };
+  networking.firewall.allowedTCPPorts = [ 8443 ];
+}
diff --git a/modules/default.nix b/modules/default.nix
index ab09911..86ada52 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -5,5 +5,6 @@
     ./pubkeys.nix
     ./sops.nix
     ./tools.nix
+    ./unfree.nix
   ];
 }
diff --git a/modules/unfree.nix b/modules/unfree.nix
new file mode 100644
index 0000000..5024029
--- /dev/null
+++ b/modules/unfree.nix
@@ -0,0 +1,7 @@
+{ lib, ... }:
+
+{
+  nixpkgs.config.allowUnfreePredicate = (pkg: lib.elem (lib.getName pkg) [
+    "unifi-controller"
+  ]);
+}