175 lines
4.8 KiB
YAML
175 lines
4.8 KiB
YAML
---
|
|
|
|
# Unifi controller has several components :
|
|
# - The controller itself (which also include the inform, the guest_portal and the stun service)
|
|
# - A small nginx proxy to expose all the various web service of unifi through a single port
|
|
# - A mongodb server (optional, can use an external mongodb)
|
|
# - A firmware downloader helper : this is because the Unifi Controller can't use an outbound web proxy
|
|
|
|
unifi:
|
|
# The name of the nomad job
|
|
instance: unifi
|
|
|
|
# This is for the web management console
|
|
controller:
|
|
|
|
# The driver to use (docker or podman)
|
|
driver: docker
|
|
|
|
# The image for the controller
|
|
image: danielberteaud/unifi:7.5.176-1
|
|
|
|
# Resource allocation for the controller
|
|
resources:
|
|
cpu: 200
|
|
memory: 1024
|
|
|
|
# Mongo instance to use
|
|
mongo:
|
|
# The address of the mongo service. Leave the default
|
|
# unless you use an external mongo service
|
|
address: mongodb://127.0.0.1:27017/unifi
|
|
# For stats
|
|
stats_address: mongodb://127.0.0.1:27017/unifi_stats
|
|
|
|
# If username is set, the password must be available in vault at [[ .env.suffix ]]/kv/service/unifi in key mongo_pwd
|
|
# user: unifi
|
|
|
|
# Service name of the mongo service. This is used to wait for mongo to be
|
|
# up before starting the controller
|
|
service_name: unifi-mongo
|
|
|
|
# Set to true if you want to use an external mongo service
|
|
is_external: False
|
|
|
|
# Additional environment vars to pass to the container
|
|
env: {}
|
|
|
|
# Public URL to reach the controller web interface
|
|
public_url: https://unifi.example.org
|
|
|
|
# Traefik settings
|
|
traefik:
|
|
|
|
# List of entrypoints where the management console will be exposed
|
|
#entrypoints:
|
|
# - https
|
|
|
|
# Override the default base_middleware to remove the inflight-std@file middleware
|
|
base_middlewares:
|
|
- rate-limit-std@file
|
|
- security-headers@file
|
|
- forward-headers@file
|
|
- compression@file
|
|
- csp-relaxed@file
|
|
|
|
# List of additional middlewares to load
|
|
#middlewares:
|
|
# - ip-trusted@file
|
|
|
|
# This volume will hold controller data (like cached firmwares)
|
|
volume:
|
|
type: csi
|
|
source: unifi-data
|
|
|
|
# The inform endpoint is used by the devices to contact the controller
|
|
inform:
|
|
# Public URL of the inform endpoint
|
|
# Note : this MUST be http, not https
|
|
public_url: http://unifi-inform.example.org:8080/inform
|
|
|
|
# Traefik settings
|
|
traefik:
|
|
|
|
# List of entrypoints where the inform endpoint will be exposed.
|
|
entrypoints:
|
|
- unifi-inform
|
|
|
|
# Override the base middlewares list to remove hsts@file as we're on http
|
|
# Also remove security headers and csp as they have no meaning here
|
|
base_middlewares:
|
|
- rate-limit-std@file
|
|
- inflight-std@file
|
|
- forward-headers@file
|
|
|
|
# List of additional middleware to load
|
|
middlewares: []
|
|
|
|
# The guest portal
|
|
guest_portal:
|
|
|
|
# Public URL where the guest portal will be reachable
|
|
public_url: https://unifi-portal.example.org:8843/
|
|
|
|
# Traefik settings
|
|
traefik:
|
|
|
|
# List of entrypoints on which the service will be exposed
|
|
# Note: UniFi doesn't allow custommisation of the port, this entrypoint must be listening on port 8843
|
|
entrypoints:
|
|
- unifi-portal
|
|
|
|
# List of middlewares to load
|
|
middlewares: []
|
|
|
|
# The STUN service
|
|
stun:
|
|
|
|
# Traefik settings
|
|
traefik:
|
|
|
|
# List of entrypoints the STUN service wil be exposed on
|
|
# Note: This must be UDP entrypoints !
|
|
entrypoints:
|
|
- unifi-stun
|
|
|
|
# The nginx reverse proxy is used to expose all Unifi service over a single port
|
|
# So we don't need to run one envoy proxy per port
|
|
nginx:
|
|
# The image to use
|
|
image: nginxinc/nginx-unprivileged:alpine
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 10
|
|
memory: 15
|
|
|
|
# MongoDB service.
|
|
# Note : this will be ignored if .unifi.controller.mongo.is_external is set to true
|
|
mongo:
|
|
|
|
# The image to use
|
|
image: danielberteaud/mongo:5.0-1
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 100
|
|
memory: 256
|
|
|
|
# Persistant volume
|
|
volume:
|
|
type: csi
|
|
source: unifi-mongo
|
|
|
|
# This componant will be used if a proxy is set.
|
|
# It's needed because the UniFi controller do not send outbound web requests
|
|
# through the configured proxy to download firmwares
|
|
fw_dl:
|
|
|
|
# The image to use
|
|
image: danielberteaud/ubnt-firmware-downloader:20230831-1
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 10
|
|
memory: 64
|
|
|
|
# Additionnal environment to set on the container
|
|
env:
|
|
# The dir where firmwares will be stored
|
|
UBNT_FIRMWARE_DIR: /data/unifi/firmware
|
|
# A list of platforms for which firmware will be downloaded (other ones will be ignored)
|
|
UBNT_PLATFORMS: U7HD,US48PRO
|
|
# A cron expression to run the update
|
|
UBNT_CRON: 48 22 * * *
|