nixos/unifi: Add service module

10 years ago · dfb596b49b
parent 0652ee16e4
commit dfb596b49b
3 changed files with 89 additions and 0 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -138,6 +138,7 @@
      znc = 128;
      polipo = 129;
      mopidy = 130;
+      unifi = 131;

      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -233,6 +233,7 @@
  ./services/networking/teamspeak3.nix
  ./services/networking/tftpd.nix
  ./services/networking/unbound.nix
+  ./services/networking/unifi.nix
  ./services/networking/vsftpd.nix
  ./services/networking/wakeonlan.nix
  ./services/networking/websockify.nix
--- a/nixos/modules/services/networking/unifi.nix
+++ b/nixos/modules/services/networking/unifi.nix
@ -0,0 +1,87 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.unifi;
+  stateDir = "/var/lib/unifi";
+  cmd = "@${pkgs.icedtea7_jre}/bin/java java -jar ${stateDir}/lib/ace.jar";
+in
+{
+
+  options = {
+
+    services.unifi.enable = mkOption {
+      type = types.uniq types.bool;
+      default = false;
+      description = ''
+        Whether or not to enable the unifi controller service.
+      '';
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers.unifi = {
+      uid = config.ids.uids.unifi;
+      description = "UniFi controller daemon user";
+      home = "${stateDir}";
+    };
+
+    systemd.mounts = [
+      {
+        unitConfig.StopWhenUnneeded = true;
+        requiredBy = [ "unifi.service" ];
+        what = "${pkgs.unifi}/dl";
+        where = "${stateDir}/dl";
+        options = "bind";
+      }
+      {
+        unitConfig.StopWhenUnneeded = true;
+        requiredBy = [ "unifi.service" ];
+        what = "${pkgs.unifi}/lib";
+        where = "${stateDir}/lib";
+        options = "bind";
+      }
+      {
+        unitConfig.StopWhenUnneeded = true;
+        requiredBy = [ "unifi.service" ];
+        what = "${pkgs.mongodb}/bin";
+        where = "${stateDir}/bin";
+        options = "bind";
+      }
+    ];
+
+    systemd.services.unifi = {
+      description = "UniFi controller daemon";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      preStart = ''
+        # Ensure privacy of state
+        chown unifi "${stateDir}"
+        chmod 0700 "${stateDir}"
+
+        # Create the volatile webapps
+        mkdir -p "${stateDir}/webapps"
+        chown unifi "${stateDir}/webapps"
+        ln -s "${pkgs.unifi}/webapps/ROOT.war" "${stateDir}/webapps/ROOT.war"
+      '';
+
+      postStop = ''
+        rm "${stateDir}/webapps/ROOT.war"
+      '';
+
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${cmd} start";
+        ExecStop = "${cmd} stop";
+        User = "unifi";
+        PermissionsStartOnly = true;
+        UMask = "0077";
+        WorkingDirectory = "${stateDir}";
+      };
+    };
+
+  };
+
+}