initial commit

author: Stonewall Jackson <stonewall@sacredheartsc.com> 2023-02-04 01:23:43 -0500
committer: Stonewall Jackson <stonewall@sacredheartsc.com> 2023-02-04 01:52:13 -0500
commit: 0261e875679f1bf63c8d689da7fc7e014597885d (patch)
tree: 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/unifi/tasks/main.yml
download: selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz
selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip
1 files changed, 81 insertions, 0 deletions
diff --git a/roles/unifi/tasks/main.yml b/roles/unifi/tasks/main.yml
new file mode 100644
index 0000000..683068e
--- /dev/null
+++ b/roles/unifi/tasks/main.yml
@@ -0,0 +1,81 @@
+- name: install packages
+  dnf:
+    name: '{{ unifi_packages }}'
+    state: present
+
+- name: create SELinux policy for mongodb
+  include_role:
+    name: selinux_policy
+    apply:
+      tags: selinux
+  vars:
+    selinux_policy_name: mongodb_cgroup_memory
+    selinux_policy_te: '{{ unifi_mongodb_te }}'
+  tags: selinux
+
+- name: start unifi controller
+  systemd:
+    name: unifi
+    enabled: yes
+    state: started
+
+- name: create default site
+  file:
+    path: '/var/lib/unifi/{{ item }}'
+    owner: unifi
+    group: unifi
+    state: directory
+    mode: 0750
+  loop:
+    - data
+    - data/sites
+    - data/sites/default
+
+- name: opt-out of ubiquiti analytics
+  lineinfile:
+    create: yes
+    path: /var/lib/unifi/data/sites/default/config.properties
+    regexp: ^config.system_cfg.1=system.analytics.anonymous=
+    line: config.system_cfg.1=system.analytics.anonymous=disabled
+    owner: unifi
+    group: unifi
+    mode: 0640
+  notify: restart unifi
+
+- name: open firewall ports
+  firewalld:
+    permanent: yes
+    immediate: yes
+    service: unifi
+    state: enabled
+  tags: firewalld
+
+- name: forward http ports
+  firewalld:
+    permanent: yes
+    immediate: yes
+    rich_rule: 'rule family={{ item[0] }} forward-port port={{ item[1][0] }} protocol=tcp to-port={{ item[1][1] }}'
+    state: enabled
+  loop: "{{ ['ipv4', 'ipv6'] | product([[80, 8080], [443, 8443]]) }}"
+  tags: firewalld
+
+- name: generate certificate hook script
+  template:
+    src: '{{ unifi_certificate_hook_path[1:] }}.j2'
+    dest: '{{ unifi_certificate_hook_path }}'
+    mode: 0555
+
+- name: request TLS certificate
+  include_role:
+    name: getcert_request
+  vars:
+    certificate_service: unifi
+    certificate_path: '{{ unifi_certificate_path }}'
+    certificate_key_path: '{{ unifi_certificate_key_path }}'
+    certificate_hook: '{{ unifi_certificate_hook_path }}'
+
+- name: log to rsyslog
+  copy:
+    src: etc/rsyslog.d/unifi.conf
+    dest: /etc/rsyslog.d/unifi.conf
+  notify: restart rsyslog
author	Stonewall Jackson <stonewall@sacredheartsc.com>	2023-02-04 01:23:43 -0500
committer	Stonewall Jackson <stonewall@sacredheartsc.com>	2023-02-04 01:52:13 -0500
commit	0261e875679f1bf63c8d689da7fc7e014597885d (patch)
tree	3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/unifi/tasks/main.yml
download	selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip