9 changed files with 201 additions and 0 deletions
@ -0,0 +1,10 @@ |
|||||
|
##
|
||||
|
## Makefile for Unifi Network Application quadlet
|
||||
|
##
|
||||
|
|
||||
|
# Unifi quadlet is mapped to the 10011 user (unifi) and 10000 group (itix-svc)
|
||||
|
PROJECT_UID = 10011 |
||||
|
PROJECT_GID = 10000 |
||||
|
|
||||
|
TOP_LEVEL_DIR := .. |
||||
|
include $(TOP_LEVEL_DIR)/common.mk |
||||
@ -0,0 +1,23 @@ |
|||||
|
# Podman Quadlet: Unifi Network Application |
||||
|
|
||||
|
## Overview |
||||
|
|
||||
|
The Unifi software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance. |
||||
|
|
||||
|
This cookbook: |
||||
|
|
||||
|
- Runs the Unifi Network Application as a rootless container with minimal privileges. |
||||
|
- Uses the supplied MongoDB as the database backend. |
||||
|
- Includes health checks to monitor the service status. |
||||
|
- Stores backup in `/var/lib/virtiofs/data/unifi/`. |
||||
|
- Supports automatic container image updates via Podman auto-update. |
||||
|
|
||||
|
## Prerequisites |
||||
|
|
||||
|
- Configuration file `/etc/quadlets/unifi/config.env` must exist. |
||||
|
|
||||
|
## Container images |
||||
|
|
||||
|
- lscr.io/linuxserver/unifi-network-application:latest |
||||
|
- docker.io/library/mongo:8 |
||||
|
|
||||
@ -0,0 +1,22 @@ |
|||||
|
## |
||||
|
## Unifi Network Application Configuration Environment Variables |
||||
|
## |
||||
|
|
||||
|
# Major version of MongoDB |
||||
|
MONGO_MAJOR=8 |
||||
|
|
||||
|
# MongoDB root credentials (for initialization) |
||||
|
MONGO_INITDB_ROOT_USERNAME=root |
||||
|
MONGO_INITDB_ROOT_PASSWORD=unifi |
||||
|
|
||||
|
# MongoDB connection settings for Unifi |
||||
|
MONGO_USER=unifi |
||||
|
MONGO_PASS=unifi |
||||
|
MONGO_HOST=localhost |
||||
|
MONGO_PORT=27017 |
||||
|
MONGO_DBNAME=unifi |
||||
|
MONGO_AUTHSOURCE=admin |
||||
|
|
||||
|
# Optional: Java memory limits |
||||
|
#MEM_LIMIT=1024 |
||||
|
#MEM_STARTUP=1024 |
||||
@ -0,0 +1,15 @@ |
|||||
|
const authSource = process.env.MONGO_AUTHSOURCE || "admin"; |
||||
|
const dbName = process.env.MONGO_DBNAME || "unifi"; |
||||
|
const user = process.env.MONGO_USER || "unifi"; |
||||
|
const pass = process.env.MONGO_PASS || "unifi"; |
||||
|
|
||||
|
db = db.getSiblingDB(authSource); |
||||
|
db.createUser({ |
||||
|
user: user, |
||||
|
pwd: pass, |
||||
|
roles: [ |
||||
|
{ db: dbName, role: "dbOwner" }, |
||||
|
{ db: dbName + "_stat", role: "dbOwner" }, |
||||
|
{ db: dbName + "_audit", role: "dbOwner" } |
||||
|
] |
||||
|
}); |
||||
@ -0,0 +1,9 @@ |
|||||
|
variant: fcos |
||||
|
version: 1.4.0 |
||||
|
passwd: |
||||
|
users: |
||||
|
- name: unifi |
||||
|
uid: 10011 |
||||
|
gecos: Unifi Network Application |
||||
|
home_dir: /var/lib/quadlets/unifi |
||||
|
primary_group: itix-svc |
||||
@ -0,0 +1,5 @@ |
|||||
|
d$ /var/lib/quadlets/unifi/mongo 0700 10011 10000 - |
||||
|
d$ /var/lib/quadlets/unifi/mongo/db 0700 10011 10000 - |
||||
|
d$ /var/lib/quadlets/unifi/mongo/configdb 0700 10011 10000 - |
||||
|
d$ /var/lib/quadlets/unifi/app 0700 10011 10000 - |
||||
|
d$ /var/lib/virtiofs/data/unifi 0700 10011 10000 - |
||||
@ -0,0 +1,52 @@ |
|||||
|
[Unit] |
||||
|
Description=Unifi Network Application |
||||
|
Documentation=https://docs.linuxserver.io/images/docker-unifi-network-application/ |
||||
|
After=network.target unifi-mongo.service |
||||
|
Requires=unifi-mongo.service |
||||
|
|
||||
|
# Only start if Unifi has been configured |
||||
|
ConditionPathExists=/etc/quadlets/unifi/config.env |
||||
|
|
||||
|
# Start/stop this unit when the target is started/stopped |
||||
|
PartOf=unifi.target |
||||
|
|
||||
|
[Container] |
||||
|
ContainerName=unifi-app |
||||
|
Image=lscr.io/linuxserver/unifi-network-application:latest |
||||
|
AutoUpdate=registry |
||||
|
|
||||
|
# Network configuration |
||||
|
Network=host |
||||
|
|
||||
|
# The LinuxServer Unifi image runs as root and then drops privileges to the PUID/PGID specified by environment variables. |
||||
|
Environment=PUID=10011 PGID=10000 |
||||
|
|
||||
|
# Environment variables for MongoDB initialization |
||||
|
Environment=TZ=Etc/UTC |
||||
|
EnvironmentFile=/etc/quadlets/unifi/config.env |
||||
|
|
||||
|
# Volume mounts |
||||
|
Volume=/var/lib/quadlets/unifi/app:/config:Z |
||||
|
Volume=/var/lib/virtiofs/data/unifi:/config/data/backup:z |
||||
|
|
||||
|
# Health check |
||||
|
HealthCmd=curl -kfs https://localhost:8443 || exit 1 |
||||
|
HealthInterval=30s |
||||
|
HealthTimeout=10s |
||||
|
HealthStartPeriod=60s |
||||
|
HealthRetries=3 |
||||
|
|
||||
|
[Service] |
||||
|
Restart=always |
||||
|
RestartSec=10 |
||||
|
TimeoutStartSec=300 |
||||
|
TimeoutStopSec=30 |
||||
|
|
||||
|
# These environment variables are sourced to be used by systemd in the Exec* commands |
||||
|
EnvironmentFile=/etc/quadlets/unifi/config.env |
||||
|
|
||||
|
# Wait for MongoDB to be ready on localhost |
||||
|
ExecStartPre=/bin/sh -c 'exec 2>/dev/null; for try in $(seq 0 12); do if ! /bin/true 5<> /dev/tcp/127.0.0.1/27017; then echo "Waiting for MongoDB to be available..."; sleep 5; else exit 0; fi; done; exit 1' |
||||
|
|
||||
|
[Install] |
||||
|
WantedBy=unifi.target |
||||
@ -0,0 +1,52 @@ |
|||||
|
[Unit] |
||||
|
Description=MongoDB for Unifi Network Application |
||||
|
Documentation=https://hub.docker.com/_/mongo/ |
||||
|
After=network.target |
||||
|
|
||||
|
# Only start if Unifi has been configured |
||||
|
ConditionPathExists=/etc/quadlets/unifi/config.env |
||||
|
|
||||
|
# Start/stop this unit when the target is started/stopped |
||||
|
PartOf=unifi.target |
||||
|
|
||||
|
[Container] |
||||
|
ContainerName=unifi-mongo |
||||
|
Image=docker.io/library/mongo:${MONGO_MAJOR} |
||||
|
AutoUpdate=registry |
||||
|
|
||||
|
# Network configuration |
||||
|
Network=host |
||||
|
|
||||
|
# No need for root privileges |
||||
|
User=10011 |
||||
|
Group=10000 |
||||
|
|
||||
|
# Environment variables for MongoDB initialization |
||||
|
Environment=MONGO_INITDB_ROOT_USERNAME MONGO_INITDB_ROOT_PASSWORD MONGO_DBNAME MONGO_USER MONGO_PASS MONGO_AUTHSOURCE |
||||
|
|
||||
|
# Bind MongoDB to localhost to prevent it from being accessible from the network, since the Unifi app will connect to it via localhost |
||||
|
Exec=--bind_ip 127.0.0.1 |
||||
|
|
||||
|
# Volume mounts for data persistence |
||||
|
Volume=/var/lib/quadlets/unifi/mongo/db:/data/db:Z |
||||
|
Volume=/var/lib/quadlets/unifi/mongo/configdb:/data/configdb:Z |
||||
|
Volume=/etc/quadlets/unifi/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro,z |
||||
|
|
||||
|
# Health check |
||||
|
HealthCmd=mongosh --quiet --eval "db.runCommand({ping: 1})" || exit 1 |
||||
|
HealthInterval=30s |
||||
|
HealthTimeout=10s |
||||
|
HealthStartPeriod=30s |
||||
|
HealthRetries=3 |
||||
|
|
||||
|
[Service] |
||||
|
Restart=always |
||||
|
RestartSec=5 |
||||
|
TimeoutStartSec=300 |
||||
|
TimeoutStopSec=30 |
||||
|
|
||||
|
# These environment variables are sourced to be used by systemd in the Exec* commands |
||||
|
EnvironmentFile=/etc/quadlets/unifi/config.env |
||||
|
|
||||
|
[Install] |
||||
|
WantedBy=unifi.target |
||||
@ -0,0 +1,13 @@ |
|||||
|
[Unit] |
||||
|
Description=Unifi Network Application Service Target |
||||
|
Documentation=man:systemd.target(5) |
||||
|
Requires=unifi-mongo.service unifi-app.service |
||||
|
After=unifi-mongo.service unifi-app.service |
||||
|
|
||||
|
# Allow isolation - can stop/start this target independently |
||||
|
AllowIsolate=yes |
||||
|
# Only start if Unifi has been configured |
||||
|
ConditionPathExists=/etc/quadlets/unifi/config.env |
||||
|
|
||||
|
[Install] |
||||
|
WantedBy=multi-user.target |
||||
Loading…
Reference in new issue