ansible-roles/roles/unifi/tasks/main.yml

---

- include_vars: "{{ item }}"
  with_first_found:
    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
    - vars/{{ ansible_distribution }}.yml
    - vars/{{ ansible_os_family }}.yml
  tags: unifi

- name: Set default install mode to none
  set_fact: unifi_install_mode="none"
  tags: unifi

- name: Remove mongodb from base repo
  yum: name=mongodb-server state=absent
  when:
    - ansible_os_family == 'RedHat'
    - ansible_distribution_major_version is version('8','<')
  tags: unifi

- name: Install dependencies
  yum: name={{ unifi_packages }}
  notify: restart unifi
  tags: unifi

- name: Create a system account to run unifi
  user:
    name: unifi
    comment: "Unifi system account"
    system: True
    shell: /sbin/nologin
  tags: unifi

- name: Check if unifi is installed
  stat: path={{ unifi_root_dir }}/meta/ansible_version
  register: unifi_version_file
  tags: unifi

- name: Check installed version
  command:  cat {{ unifi_root_dir }}/meta/ansible_version
  register: unifi_current_version
  changed_when: False
  when: unifi_version_file.stat.exists
  tags: unifi

- name: Set install mode to install
  set_fact: unifi_install_mode='install'
  when: not unifi_version_file.stat.exists
  tags: unifi

- name: Set install mode to upgrade
  set_fact: unifi_install_mode='upgrade'
  when:
    - unifi_version_file.stat.exists
    - unifi_current_version is defined
    - unifi_current_version.stdout != unifi_version
    - unifi_manage_upgrade == True
  tags: unifi

- name: Create archive directory
  file: path={{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }} state=directory
  when: unifi_install_mode == 'upgrade'
  tags: unifi

- name: Stop the service
  service: name=unifi state=stopped
  when: unifi_install_mode == 'upgrade'
  tags: unifi

- name: Archive current version
  synchronize:
    src: "{{ unifi_root_dir }}/app"
    dest: "{{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }}/"
    recursive: True
    delete: True
    compress: False
    rsync_opts:
      - '--sparse'
  delegate_to: "{{ inventory_hostname }}"
  when: unifi_install_mode == 'upgrade'
  tags: unifi

- name: Create directories
  file: path={{ unifi_root_dir }}/{{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
  with_items:
    - path: tmp
    - path: app
      owner: unifi
      group: unifi
    - path: 'app/data'
      owner: unifi
      group: unifi
      mode: 700
    - path: meta
    - path: archives
      owner: root
      group: root
      mode: 700
    - path: backup
      owner: unifi
      group: unifi
      mode: 700
  tags: unifi

- name: Download unifi archive
  get_url:
    url: "{{ unifi_archive_url }}"
    dest: "{{ unifi_root_dir }}/tmp"
    checksum: "sha256:{{ unifi_archive_sha256 }}"
  when: unifi_install_mode != 'none'
  tags: unifi

- name: Extract Unifi
  unarchive:
    src: "{{ unifi_root_dir }}/tmp/UniFi.unix.zip"
    dest: "{{ unifi_root_dir }}/tmp"
    owner: unifi
    group: unifi
    remote_src: True
  when: unifi_install_mode != 'none'
  tags: unifi

- name: Move unifi to its final directory
  synchronize:
    src: "{{ unifi_root_dir }}/tmp/UniFi/{{ item }}"
    dest: "{{ unifi_root_dir }}/app/"
    delete: True
    recursive: True
  with_items:
    - bin
    - conf
    - dl
    - lib
    - webapps
  delegate_to: "{{ inventory_hostname }}"
  when: unifi_install_mode != 'none'
  tags: unifi

- name: Handle unifi HTTP ports
  iptables_raw:
    name: unifi_http_ports
    state: "{{ (unifi_http_src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ unifi_http_ports | join(',') }} -s {{ unifi_http_src_ip | join(',') }} -j ACCEPT"
  when: iptables_manage | default(True)
  tags: [firewall,unifi]

- name: Handle unifi STUN ports
  iptables_raw:
    name: unifi_stun_ports
    state: "{{ (unifi_stun_src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p udp -m multiport --dports {{ unifi_stun_ports | join(',') }} -s {{ unifi_stun_src_ip | join(',') }} -j ACCEPT"
  when: iptables_manage | default(True)
  tags: [firewall,unifi]

- name: Check if a config file already exists
  stat: path={{ unifi_root_dir }}/app/data/system.properties
  register: unifi_config
  tags: unifi

- name: Init config file
  copy: content="is_default=true" dest={{ unifi_root_dir }}/app/data/system.properties owner=unifi group=unifi mode=640
  when: not unifi_config.stat.exists
  tags: unifi

- name: Configure UniFi Controller
  lineinfile:
    path: "{{ unifi_root_dir }}/app/data/system.properties"
    regexp: "^{{ item.option }}.*"
    line: "{{ item.option }}={{ item.value }}"
  with_items:
    - option: unifi.xmx
      value: 4096
    - option: unifi.xms
      value: 4096
    - option: unifi.G1GC.enabled
      value: 'true'
    - option: autobackup.dir
      value: "{{ unifi_root_dir }}/backup"
    - option: unifi.http.port
      value: "{{ unifi_http_port }}"
    - option: unifi.https.port
      value: "{{ unifi_https_port }}"
    - option: portal.http.port
      value: "{{ unifi_portal_http_port }}"
    - option: portal.https.port
      value: "{{ unifi_portal_https_port }}"
    - option: uuid
      value: "{{ inventory_hostname | to_uuid }}"
  notify: restart unifi
  tags: unifi

- name: Deploy unit file
  template: src=unifi.service.j2 dest=/etc/systemd/system/unifi.service
  notify: restart unifi
  register: unifi_unit
  tags: unifi

- name: Reload systemd
  command: systemctl daemon-reload
  when: unifi_unit.changed
  tags: unifi

- name: Deploy pre and post backup hooks
  template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/unifi mode=755
  loop:
    - pre
    - post
  tags: unifi

- name: Start and enable the service
  service: name=unifi state=started enabled=True
  tags: unifi

- name: Compress previous version
  command: tar cf {{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }}.tar.zst --use-compress-program=zstd ./
  args:
    chdir: "{{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }}"
    warn: False
  when: unifi_install_mode == 'upgrade'
  tags: unifi

- name: Remove archive dir
  file: path={{ unifi_root_dir }}/archives/{{ unifi_current_version.stdout }} state=absent
  when: unifi_install_mode == 'upgrade'
  tags: unifi

- name: Remove temp files
  file: path={{ item }} state=absent
  loop:
    - "{{ unifi_root_dir }}/tmp/UniFi.unix.zip"
    - "{{ unifi_root_dir }}/tmp/UniFi"
  tags: unifi

- name: Write version installed
  copy: content={{ unifi_version }} dest={{ unifi_root_dir }}/meta/ansible_version
  tags: unifi

- include_tasks: filebeat.yml
  tags: always