blob: 683068e57ea8412998fce961a1e033762d7545f3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
- name: install packages
dnf:
name: '{{ unifi_packages }}'
state: present
- name: create SELinux policy for mongodb
include_role:
name: selinux_policy
apply:
tags: selinux
vars:
selinux_policy_name: mongodb_cgroup_memory
selinux_policy_te: '{{ unifi_mongodb_te }}'
tags: selinux
- name: start unifi controller
systemd:
name: unifi
enabled: yes
state: started
- name: create default site
file:
path: '/var/lib/unifi/{{ item }}'
owner: unifi
group: unifi
state: directory
mode: 0750
loop:
- data
- data/sites
- data/sites/default
- name: opt-out of ubiquiti analytics
lineinfile:
create: yes
path: /var/lib/unifi/data/sites/default/config.properties
regexp: ^config.system_cfg.1=system.analytics.anonymous=
line: config.system_cfg.1=system.analytics.anonymous=disabled
owner: unifi
group: unifi
mode: 0640
notify: restart unifi
- name: open firewall ports
firewalld:
permanent: yes
immediate: yes
service: unifi
state: enabled
tags: firewalld
- name: forward http ports
firewalld:
permanent: yes
immediate: yes
rich_rule: 'rule family={{ item[0] }} forward-port port={{ item[1][0] }} protocol=tcp to-port={{ item[1][1] }}'
state: enabled
loop: "{{ ['ipv4', 'ipv6'] | product([[80, 8080], [443, 8443]]) }}"
tags: firewalld
- name: generate certificate hook script
template:
src: '{{ unifi_certificate_hook_path[1:] }}.j2'
dest: '{{ unifi_certificate_hook_path }}'
mode: 0555
- name: request TLS certificate
include_role:
name: getcert_request
vars:
certificate_service: unifi
certificate_path: '{{ unifi_certificate_path }}'
certificate_key_path: '{{ unifi_certificate_key_path }}'
certificate_hook: '{{ unifi_certificate_hook_path }}'
- name: log to rsyslog
copy:
src: etc/rsyslog.d/unifi.conf
dest: /etc/rsyslog.d/unifi.conf
notify: restart rsyslog
|