Refactor .bashrc welcome message logic, remove unused dotfiles symlink, add Unifi Network Application service and MongoDB setup in Ansible, update flake.lock for dependencies, and modify authorized_keys for SSH access.

2025-07-15 21:20:32 +00:00
parent 2eb5ab5387
commit 252aa6f221
8 changed files with 145 additions and 10 deletions
--- a/config/ansible/tasks/servers/server.yml
+++ b/config/ansible/tasks/servers/server.yml
@@ -88,3 +88,7 @@
        enabled: true
        hosts:
          - mennos-server
+      - name: unifi-network-application
+        enabled: true
+        hosts:
+          - mennos-cloud-server
--- a/config/ansible/tasks/servers/services/echoip/docker-compose.yml.j2
+++ b/config/ansible/tasks/servers/services/echoip/docker-compose.yml.j2
@@ -3,8 +3,6 @@ services:
    container_name: 'echoip'
    image: 'mpolden/echoip:latest'
    restart: unless-stopped
-    ports:
-      - "8080:8080"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
--- a/config/ansible/tasks/servers/services/unifi-network-application/docker-compose.yml.j2
+++ b/config/ansible/tasks/servers/services/unifi-network-application/docker-compose.yml.j2
@@ -0,0 +1,54 @@
+services:
+  unifi-controller:
+    image: linuxserver/unifi-network-application:latest
+    restart: unless-stopped
+    ports:
+      - "8080:8080"     # Device communication
+      - "8443:8443"     # Controller GUI / API
+      - "3478:3478/udp" # STUN
+      - "10001:10001/udp" # AP discovery
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+      - MONGO_USER=unifi
+      - MONGO_PASS=unifi
+      - MONGO_HOST=unifi-db
+      - MONGO_PORT=27017
+      - MONGO_DBNAME=unifi
+      - MONGO_AUTHSOURCE=admin
+    volumes:
+      - {{ unifi_network_application_data_dir }}/data:/config
+    depends_on:
+      - unifi-db
+    networks:
+      - unifi-network
+      - caddy_network
+    sysctls:
+      - net.ipv6.conf.all.disable_ipv6=1
+
+  unifi-db:
+    image: mongo:6.0
+    restart: unless-stopped
+    volumes:
+      - {{ unifi_network_application_data_dir }}/db:/data/db
+      - {{ unifi_network_application_data_dir }}/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=root
+      - MONGO_INITDB_ROOT_PASSWORD=root
+      - MONGO_INITDB_DATABASE=unifi
+      - MONGO_USER=unifi
+      - MONGO_PASS=unifi
+      - MONGO_DBNAME=unifi
+      - MONGO_AUTHSOURCE=admin
+    networks:
+      - unifi-network
+    sysctls:
+      - net.ipv6.conf.all.disable_ipv6=1
+
+networks:
+  unifi-network:
+    driver: bridge
+  caddy_network:
+    external: true
+    name: caddy_default
--- a/config/ansible/tasks/servers/services/unifi-network-application/unifi-network-application.yml
+++ b/config/ansible/tasks/servers/services/unifi-network-application/unifi-network-application.yml
@@ -0,0 +1,78 @@
+---
+- name: Deploy Unifi Network App service
+  block:
+    - name: Set Unifi Network App directories
+      ansible.builtin.set_fact:
+        unifi_network_application_data_dir: "/mnt/object_storage/services/unifi_network_application"
+        unifi_network_application_service_dir: "{{ ansible_env.HOME }}/services/unifi_network_application"
+
+    - name: Create Unifi Network App directories
+      ansible.builtin.file:
+        path: "{{ unifi_network_application_dir }}"
+        state: directory
+        mode: "0755"
+      loop:
+        - "{{ unifi_network_application_data_dir }}"
+        - "{{ unifi_network_application_data_dir }}/data"
+        - "{{ unifi_network_application_data_dir }}/db"
+        - "{{ unifi_network_application_service_dir }}"
+      loop_control:
+        loop_var: unifi_network_application_dir
+
+    - name: Create MongoDB initialization script
+      ansible.builtin.copy:
+        content: |
+          #!/bin/bash
+
+          if which mongosh > /dev/null 2>&1; then
+            mongo_init_bin='mongosh'
+          else
+            mongo_init_bin='mongo'
+          fi
+          "${mongo_init_bin}" <<EOF
+          use ${MONGO_AUTHSOURCE}
+          db.auth("${MONGO_INITDB_ROOT_USERNAME}", "${MONGO_INITDB_ROOT_PASSWORD}")
+          db.createUser({
+            user: "${MONGO_USER}",
+            pwd: "${MONGO_PASS}",
+            roles: [
+              { db: "${MONGO_DBNAME}", role: "dbOwner" },
+              { db: "${MONGO_DBNAME}_stat", role: "dbOwner" },
+              { db: "${MONGO_DBNAME}_audit", role: "dbOwner" }
+            ]
+          })
+          EOF
+        dest: "{{ unifi_network_application_data_dir }}/init-mongo.sh"
+        mode: "0755"
+      register: unifi_mongo_init_script
+
+    - name: Deploy Unifi Network App docker-compose.yml
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ unifi_network_application_service_dir }}/docker-compose.yml"
+        mode: "0644"
+      register: unifi_network_application_compose
+
+    - name: Clean MongoDB database for fresh initialization
+      ansible.builtin.file:
+        path: "{{ unifi_network_application_data_dir }}/db"
+        state: absent
+      when: unifi_mongo_init_script.changed
+
+    - name: Recreate MongoDB database directory
+      ansible.builtin.file:
+        path: "{{ unifi_network_application_data_dir }}/db"
+        state: directory
+        mode: "0755"
+      when: unifi_mongo_init_script.changed
+
+    - name: Stop Unifi Network App service
+      ansible.builtin.command: docker compose -f "{{ unifi_network_application_service_dir }}/docker-compose.yml" down --remove-orphans
+      when: unifi_network_application_compose.changed or unifi_mongo_init_script.changed
+
+    - name: Start Unifi Network App service
+      ansible.builtin.command: docker compose -f "{{ unifi_network_application_service_dir }}/docker-compose.yml" up -d
+      when: unifi_network_application_compose.changed or unifi_mongo_init_script.changed
+  tags:
+    - services
+    - unifi