alo-cluster/services/unifi.hcl

job "unifi" {
  datacenters = ["alo"]

  meta {
    uuid = uuidv4()
  }

  group "net" {
    # Run on primary storage node (zippy) for local disk performance
    # MongoDB needs local disk, not NFS
    # TODO: can move to fractal once it's converted to NixOS
    constraint {
      attribute = "${meta.storage_role}"
      value     = "primary"
    }

    network {
      port "p8443" { static = 8443 }
      port "p3478" { static = 3478 }
      port "p10001" { static = 10001 }
      port "p8080" { static = 8080 }
      port "p1900" { static = 1900 }
      port "p8843" { static = 8843 }
      port "p8880" { static = 8880 }
      port "p6789" { static = 6789 }
      port "p5514" { static = 5514 }

      port "mongodb" { static = 27017 }
    }

    task "controller" {
      driver = "docker"

      config {
        image = "lscr.io/linuxserver/unifi-network-application:latest"
        network_mode = "host"
        ports = [
          "p8443",
          "p3478",
          "p10001",
          "p8080",
          "p1900",
          "p8843",
          "p8880",
          "p6789",
          "p5514",
        ]
        volumes = [
          "/data/services/unifi/data:/config",
        ]
      }

      env {
        PUID = 1000
        PGID = 1000
        TZ = "Etc/UTC"
        MONGO_USER = "unifi"
        MONGO_PASS = "${var.mongo_pass}"
        MONGO_HOST = "mongodb.service.consul"
        MONGO_PORT = 27017
        MONGO_DBNAME = "unifi"
        MONGO_AUTHSOURCE = "admin"
      }

      service {
        name = "unifi"
        port = "p8443"

        tags = [
          "traefik.enable=true",
          "traefik.http.routers.unifi.entryPoints=websecure",
          "traefik.http.routers.unifi.middlewares=authentik@file",
          "traefik.http.services.unifi.loadbalancer.server.scheme=https",
        ]
      }

      resources {
        cpu = 1000
        memory = 1500
      }
    }

    task "keepalived" {
      driver = "docker"
      env {
        KEEPALIVED_INTERFACE = "eno1"
        # To change this go to Settings > System > Advanced in unifi and set the Inform Host
        KEEPALIVED_VIRTUAL_IPS = "192.168.1.101/24"
        KEEPALIVED_ROUTER_ID = "53" # defaults to 51
        KEEPALIVED_UNICAST_PEERS = ""
        KEEPALIVED_STATE       = "MASTER"
        KEEPALIVED_VIRTUAL_ROUTES = ""
      }
      config {
        # 2.2.8 wasn't starting, reason unknown
        image        = "visibilityspots/keepalived:2.2.7"
        network_mode = "host"
        privileged   = true
        cap_add      = ["NET_ADMIN", "NET_BROADCAST", "NET_RAW"]
      }

      resources {
        cpu = 50
        memory = 50
      }
    }


    task "mongodb" {
      driver = "docker"

      config {
        image = "mongo:8.0"
        ports = ["mongodb"]
        volumes = [
          "/data/services/unifi/mongodb:/data/db",
          "/data/services/unifi/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro"
        ]
      }

      env {
        MONGO_INITDB_ROOT_USERNAME = "root"
        MONGO_INITDB_ROOT_PASSWORD = "odolc7ETyl0D8LAKFdqV"
        MONGO_AUTHSOURCE = "admin"
        MONGO_USER = "unifi"
        MONGO_PASS = "${var.mongo_pass}"
        MONGO_DBNAME = "unifi"
      }

      service {
        name = "mongodb"
        port = "mongodb"
      }

      resources {
        cpu = 1024
        memory = 1024
      }
    }
  }
}

variable "mongo_pass" {
  type = string
  default = "GJONX27TleK85hj1dDbI"
}