From 88177be9a7ce93e3d80520e5a3422267e0f8e35e Mon Sep 17 00:00:00 2001
From: Ahwx <ahwx@ahwx.org>
Date: Sun, 18 May 2025 14:09:08 +0200
Subject: [PATCH] feat: adds unifi service so that lily can host that

---
 modules/services/unifi.nix | 66 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 modules/services/unifi.nix

diff --git a/modules/services/unifi.nix b/modules/services/unifi.nix
new file mode 100644
index 0000000..c206c3d
--- /dev/null
+++ b/modules/services/unifi.nix
@@ -0,0 +1,66 @@
+{ pkgs, lib, ... }:
+
+{
+  services.unifi = {
+    enable = true;
+    unifiPackage = pkgs.unifi8;
+    mongodbPackage = pkgs.mongodb-7_0;
+  };
+  # services.nginx = {
+  #   enable = true;
+  #   recommendedProxySettings = true;
+
+  #   virtualHosts."unifi.local" = {
+  #     forceSSL = true;
+  #     useACMEHost = "unifi.local";
+  #     locations."/" = {
+  #       proxyPass = "https://127.0.0.1:8443";
+  #       proxyWebsockets = true;
+  #     };
+  #   };
+  # };
+  #   virtualisation.oci-containers.containers."unifi" = {
+  #     image = "lscr.io/linuxserver/unifi-network-application:latest";
+  #     autoStart = true;
+  #     environmentFiles = [ /run/unifi/container-vars.env ];
+  #     volumes = [
+  #       "/etc/localtime:/etc/localtime:ro"
+  #       "/run/unifi/data:/config"
+  #     ];
+  #     ports = [
+  #       "8443:8443" # web admin UI
+  #       "3478:3478/udp" # STUN
+  #       "10001:10001/udp" # AP discovery
+  #       "8080:8080" # device communication
+  #       "6789:6789/udp" # mobile throughput test (assumption: wifiman)
+  #       "5514:5514/udp" # remote syslog (optional)
+  #     ];
+  #     dependsOn = [
+  #       "unifi-mongo"
+  #     ];
+  #     log-driver = "journald";
+  #   };
+  #   virtualisation.oci-containers.containers."unifi-mongo" = {
+  #     image = "mongo:latest";
+  #     autoStart = true;
+  #     volumes = [
+  #       "/etc/localtime:/etc/localtime:ro"
+  #       "/run/unifi/mongo/db:/data/db"
+  #       "/run/unifi/mongo/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro"
+  #     ];
+  #     log-driver = "journald";
+  #   };
+
+  networking.firewall.interfaces."lan0" = {
+    allowedTCPPorts = [
+      8443 # web admin UI
+      8080 # device communication
+    ];
+    allowedUDPPorts = [
+      6789 # mobile throughput test (assumption: wifiman)
+      5514 # remote syslog (optional)
+      3478 # STUN
+      10001 # AP discovery
+    ];
+  };
+}