blob: 96558e10c7d0ca1179b2f7db2ee535859af3428e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#!/bin/sh
unifi_user=unifi
unifi_home=/usr/local/share/java/unifi
unifi_https_cert="${unifi_home}/data/unifi.crt"
unifi_https_key="${unifi_home}/data/unifi.key"
unifi_keystore="${unifi_home}/data/keystore"
# Install required packages.
pkg install -y unifi8
# Create ZFS dataset for unifi data.
create_dataset -o "mountpoint=${unifi_home}/data" "${state_dataset}/unifi"
zfs set \
com.sun:auto-snapshot:daily=true \
com.sun:auto-snapshot:weekly=true \
"${state_dataset}/unifi"
# Set ownership on unifi data dir.
install_directory -o "$unifi_user" -g "$unifi_user" -m 0700 "${unifi_home}/data"
# Copy TLS certificate for unifi.
install_certificate -g "$unifi_user" unifi "$unifi_https_cert"
install_certificate_key -m 0640 -g "$unifi_user" unifi "$unifi_https_key"
# Enable unifi.
sysrc -v unifi_enable=YES
# Stop the unifi service.
service unifi status && service unifi stop
# Add HTTPS certificate to unifi keystore.
[ -f "${unifi_home}/data/keystore" ] || install -Cv -o "$unifi_user" -g "$unifi_user" -m 0600 /dev/null "${unifi_home}/data/keystore"
su -m "$unifi_user" -c "java -jar ${unifi_home}/lib/ace.jar import_key_cert ${unifi_https_key} ${unifi_https_cert} ${site_cacert_path}"
# Add root CA to java keystore.
keytool -list -cacerts -storepass changeit -alias "$site" \
|| keytool -import -trustcacerts -cacerts -storepass changeit -noprompt -alias "$site" -file "$site_cacert_path"
# Disable analytics.
install_directory -m 0640 -o "$unifi_user" -g "$unifi_user" \
"${unifi_home}/data/sites" \
"${unifi_home}/data/sites/default"
grep -xFq 'config.system_cfg.1=system.analytics.anonymous=disabled' "${unifi_home}/data/sites/default/config.properties" \
|| echo 'config.system_cfg.1=system.analytics.anonymous=disabled' | tee -a "${unifi_home}/data/sites/default/config.properties"
# Start unifi.
service unifi start
|
