sicet7/unifi.nix

## unifi.nix
{ config, pkgs, lib, ... }:
let
  configFile = pkgs.writeText "init-mongo.sh"
    ''
#!/bin/bash

if which mongosh > /dev/null 2>&1; then
  mongo_init_bin='mongosh'
else
  mongo_init_bin='mongo'
fi
"''${mongo_init_bin}" <<EOF
use ''${MONGO_AUTHSOURCE}
db.auth("''${MONGO_INITDB_ROOT_USERNAME}", "''${MONGO_INITDB_ROOT_PASSWORD}")
db.createUser({
  user: "''${MONGO_USER}",
  pwd: "''${MONGO_PASS}",
  roles: [
    { db: "''${MONGO_DBNAME}", role: "dbOwner" },
    { db: "''${MONGO_DBNAME}_stat", role: "dbOwner" }
  ]
})
    '';
in
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Bootloader.
  boot.loader = {
    efi = {
      canTouchEfiVariables = true;
    };

    systemd-boot = {
      enable = true;
    };
  };

  # Configure Networking
  networking = {
    hostName = "unifi-network-application"; # Hostname
    enableIPv6 = false; # Disable IPv6

    # Network Manager
    networkmanager = {
      enable = true;
    };

    # Firewall
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22
        80
        443
        8843
        8880
        6789
      ];
      allowedUDPPorts = [
        80
        443
        1900
        3478
        5514
        6789
        8843
        8880
        10001
      ];
    };
  };

  # Set time zone.
  time.timeZone = "Europe/Copenhagen";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_DK.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "da_DK.UTF-8";
    LC_IDENTIFICATION = "da_DK.UTF-8";
    LC_MEASUREMENT = "da_DK.UTF-8";
    LC_MONETARY = "da_DK.UTF-8";
    LC_NAME = "da_DK.UTF-8";
    LC_NUMERIC = "da_DK.UTF-8";
    LC_PAPER = "da_DK.UTF-8";
    LC_TELEPHONE = "da_DK.UTF-8";
    LC_TIME = "da_DK.UTF-8";
  };

  # Configure console keymap
  console.keyMap = "dk-latin1";

  # Virtualization
  virtualisation = {

    oci-containers = {
      backend = "docker";

      containers = {
        mongo = {
          autoStart = true;
          hostname = "mongo";
          image = "docker.io/mongo:7.0";
          environment = {
            MONGO_INITDB_ROOT_USERNAME = "root";
            MONGO_INITDB_ROOT_PASSWORD = "UenfsehCaG29BcILVxqU7tHVxM6uLnYQ";
            MONGO_USER = "unifi";
            MONGO_PASS = "Yh6Dacq6Sc2lYAolRdpA8LmVHS9QMvPB";
            MONGO_DBNAME = "unifi";
            MONGO_AUTHSOURCE = "admin";
          };
          volumes = [
            "/docker/mongo/data:/data/db"
            "${configFile}:/docker-entrypoint-initdb.d/init-mongo.sh:ro"
          ];
          extraOptions = [
            "--network=mdb"
          ];
        };
        unifi-network-application = {
          autoStart = true;
          hostname = "unifi-network-application";
          image = "lscr.io/linuxserver/unifi-network-application:latest";
          dependsOn = [ "mongo" ];
          environment = {
            PUID = "1000";
            PGID = "1000";
            TZ = "Europe/Copenhagen";
            MONGO_HOST = "mongo";
            MONGO_PORT = "27017";
            MONGO_USER = "unifi";
            MONGO_PASS = "Yh6Dacq6Sc2lYAolRdpA8LmVHS9QMvPB";
            MONGO_DBNAME = "unifi";
            MONGO_AUTHSOURCE = "admin";
            MEM_LIMIT = "2048";
            MEM_STARTUP = "2048";
          };
          ports = [
            "443:8443"
            "8443:8443"
            "3478:3478/udp"
            "10001:10001/udp"
            "80:8080"
            "8080:8080"
            "1900:1900/udp"
            "8843:8843"
            "8880:8880"
            "6789:6789"
            "5514:5514/udp"
          ];
          volumes = [
            "/docker/unifi-network-application/data:/config"
          ];
          extraOptions = [
            "--network=mdb"
          ];
        };
      };
    };

    # Docker
    docker = {
      enable = true;
    };
  };

  systemd.services.create-docker-network = with config.virtualisation.oci-containers; {
    serviceConfig.Type = "oneshot";
    wants = [ "${backend}.service" ];
    wantedBy = [ "${backend}-mongo.service" ];
    script = ''
      ${pkgs.docker}/bin/docker network inspect mdb >/dev/null 2>&1 || \
      ${pkgs.docker}/bin/docker network create --driver bridge mdb
    '';
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.sicet7 = {
    isNormalUser = true;
    description = "Martin René Sørensen";
    extraGroups = [ "networkmanager" "wheel" "docker" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFG9+ha+dZ8KVE0RSVVxMqNPYpDkshOSnKYI+mW5Cjsg [email protected]"
    ];
  };

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      AllowUsers = [ "sicet7" ];
    };
    openFirewall = false;
    ports = [ 22 ];
  };

  system.stateVersion = "24.04";
}
	{ config, pkgs, lib, ... }:
	let
	configFile = pkgs.writeText "init-mongo.sh"
	''
	#!/bin/bash

	if which mongosh > /dev/null 2>&1; then
	mongo_init_bin='mongosh'
	else
	mongo_init_bin='mongo'
	fi
	"''${mongo_init_bin}" <<EOF
	use ''${MONGO_AUTHSOURCE}
	db.auth("''${MONGO_INITDB_ROOT_USERNAME}", "''${MONGO_INITDB_ROOT_PASSWORD}")
	db.createUser({
	user: "''${MONGO_USER}",
	pwd: "''${MONGO_PASS}",
	roles: [
	{ db: "''${MONGO_DBNAME}", role: "dbOwner" },
	{ db: "''${MONGO_DBNAME}_stat", role: "dbOwner" }
	]
	})
	'';
	in
	{
	imports =
	[ # Include the results of the hardware scan.
	./hardware-configuration.nix
	];

	# Bootloader.
	boot.loader = {
	efi = {
	canTouchEfiVariables = true;
	};

	systemd-boot = {
	enable = true;
	};
	};

	# Configure Networking
	networking = {
	hostName = "unifi-network-application"; # Hostname
	enableIPv6 = false; # Disable IPv6

	# Network Manager
	networkmanager = {
	enable = true;
	};

	# Firewall
	firewall = {
	enable = true;
	allowedTCPPorts = [
	22
	80
	443
	8843
	8880
	6789
	];
	allowedUDPPorts = [
	80
	443
	1900
	3478
	5514
	6789
	8843
	8880
	10001
	];
	};
	};

	# Set time zone.
	time.timeZone = "Europe/Copenhagen";

	# Select internationalisation properties.
	i18n.defaultLocale = "en_DK.UTF-8";

	i18n.extraLocaleSettings = {
	LC_ADDRESS = "da_DK.UTF-8";
	LC_IDENTIFICATION = "da_DK.UTF-8";
	LC_MEASUREMENT = "da_DK.UTF-8";
	LC_MONETARY = "da_DK.UTF-8";
	LC_NAME = "da_DK.UTF-8";
	LC_NUMERIC = "da_DK.UTF-8";
	LC_PAPER = "da_DK.UTF-8";
	LC_TELEPHONE = "da_DK.UTF-8";
	LC_TIME = "da_DK.UTF-8";
	};

	# Configure console keymap
	console.keyMap = "dk-latin1";

	# Virtualization
	virtualisation = {

	oci-containers = {
	backend = "docker";

	containers = {
	mongo = {
	autoStart = true;
	hostname = "mongo";
	image = "docker.io/mongo:7.0";
	environment = {
	MONGO_INITDB_ROOT_USERNAME = "root";
	MONGO_INITDB_ROOT_PASSWORD = "UenfsehCaG29BcILVxqU7tHVxM6uLnYQ";
	MONGO_USER = "unifi";
	MONGO_PASS = "Yh6Dacq6Sc2lYAolRdpA8LmVHS9QMvPB";
	MONGO_DBNAME = "unifi";
	MONGO_AUTHSOURCE = "admin";
	};
	volumes = [
	"/docker/mongo/data:/data/db"
	"${configFile}:/docker-entrypoint-initdb.d/init-mongo.sh:ro"
	];
	extraOptions = [
	"--network=mdb"
	];
	};
	unifi-network-application = {
	autoStart = true;
	hostname = "unifi-network-application";
	image = "lscr.io/linuxserver/unifi-network-application:latest";
	dependsOn = [ "mongo" ];
	environment = {
	PUID = "1000";
	PGID = "1000";
	TZ = "Europe/Copenhagen";
	MONGO_HOST = "mongo";
	MONGO_PORT = "27017";
	MONGO_USER = "unifi";
	MONGO_PASS = "Yh6Dacq6Sc2lYAolRdpA8LmVHS9QMvPB";
	MONGO_DBNAME = "unifi";
	MONGO_AUTHSOURCE = "admin";
	MEM_LIMIT = "2048";
	MEM_STARTUP = "2048";
	};
	ports = [
	"443:8443"
	"8443:8443"
	"3478:3478/udp"
	"10001:10001/udp"
	"80:8080"
	"8080:8080"
	"1900:1900/udp"
	"8843:8843"
	"8880:8880"
	"6789:6789"
	"5514:5514/udp"
	];
	volumes = [
	"/docker/unifi-network-application/data:/config"
	];
	extraOptions = [
	"--network=mdb"
	];
	};
	};
	};

	# Docker
	docker = {
	enable = true;
	};
	};

	systemd.services.create-docker-network = with config.virtualisation.oci-containers; {
	serviceConfig.Type = "oneshot";
	wants = [ "${backend}.service" ];
	wantedBy = [ "${backend}-mongo.service" ];
	script = ''
	${pkgs.docker}/bin/docker network inspect mdb >/dev/null 2>&1 \|\| \
	${pkgs.docker}/bin/docker network create --driver bridge mdb
	'';
	};

	# Define a user account. Don't forget to set a password with ‘passwd’.
	users.users.sicet7 = {
	isNormalUser = true;
	description = "Martin René Sørensen";
	extraGroups = [ "networkmanager" "wheel" "docker" ];
	openssh.authorizedKeys.keys = [
	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFG9+ha+dZ8KVE0RSVVxMqNPYpDkshOSnKYI+mW5Cjsg [email protected]"
	];
	};

	# Allow unfree packages
	nixpkgs.config.allowUnfree = true;

	# Enable the OpenSSH daemon.
	services.openssh = {
	enable = true;
	settings = {
	PermitRootLogin = "no";
	PasswordAuthentication = false;
	KbdInteractiveAuthentication = false;
	AllowUsers = [ "sicet7" ];
	};
	openFirewall = false;
	ports = [ 22 ];
	};

	system.stateVersion = "24.04";
	}