xoxys.unifi/defaults/main.yml

---
unifi_version: 5.6.39
unifi_openjdk_version: 1.8.0
unifi_restore_after_upgrade: False

unifi_group: ubnt
unifi_user: ubnt

unifi_lvm_enabled: False
# unifi_lvm_pvs:
#   - /dev/sda
# unifi_lvm_vg: vg_unifi
# unifi_lvm_lv: lv_unifi
# unifi_lvm_size: 10G
# unifi_lvm_fstype: xfs
unifi_base_dir: /opt/unifi
unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"

unifi_iptables_enabled: True
unifi_open_ports:
  - name: allow_unifi_web
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 8443 -j ACCEPT
    state: present
  - name: allow_unifi_comm
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
      -A OUTPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
    state: present
  - name: allow_unifi_stun
    rules: |
      -A INPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
      -A OUTPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
    state: present
  - name: allow_unifi_discover
    rules: |
      -A INPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
      -A OUTPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
    state: present
  - name: allow_unifi_sped
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
    state: present

unifi_tls_deploment_enabled: False
unifi_tls_pkcs12_path: /tmp/unifi.p12
unifi_tls_cert_path: /etc/pki/tls/certs/cert.pem
unifi_tls_key_path: /etc/pki/tls/private/key.pem
unifi_tls_lookup_user: "{{ ansible_user_dir }}"
initial commit 2018-07-08 18:50:35 +02:00			`---`
			`unifi_version: 5.6.39`
restructuring 2018-07-10 22:30:54 +02:00			`unifi_openjdk_version: 1.8.0`
try to fix firewall rules 2018-07-11 23:08:25 +02:00			`unifi_restore_after_upgrade: False`
initial commit 2018-07-08 18:50:35 +02:00
			`unifi_group: ubnt`
			`unifi_user: ubnt`

			`unifi_lvm_enabled: False`
			`# unifi_lvm_pvs:`
			`# - /dev/sda`
			`# unifi_lvm_vg: vg_unifi`
			`# unifi_lvm_lv: lv_unifi`
			`# unifi_lvm_size: 10G`
restructuring 2018-07-10 22:30:54 +02:00			`# unifi_lvm_fstype: xfs`
initial commit 2018-07-08 18:50:35 +02:00			`unifi_base_dir: /opt/unifi`
use different tmp dir 2018-07-10 23:11:32 +02:00			`unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"`
add default iptables rules 2018-07-11 22:37:44 +02:00
add iptables allowed ports 2018-07-11 22:40:37 +02:00			`unifi_iptables_enabled: True`
add default iptables rules 2018-07-11 22:37:44 +02:00			`unifi_open_ports:`
another iptables fix 2018-07-12 00:48:14 +02:00			`- name: allow_unifi_web`
			`rules: \|`
			`-A INPUT -m state --state NEW -p tcp --dport 8443 -j ACCEPT`
			`state: present`
			`- name: allow_unifi_comm`
			`rules: \|`
			`-A INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT`
			`-A OUTPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT`
			`state: present`
			`- name: allow_unifi_stun`
			`rules: \|`
			`-A INPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT`
			`-A OUTPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT`
			`state: present`
			`- name: allow_unifi_discover`
			`rules: \|`
			`-A INPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT`
			`-A OUTPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT`
			`state: present`
			`- name: allow_unifi_sped`
			`rules: \|`
			`-A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT`
			`state: present`
try to create pkcs12 keystore 2018-07-12 23:02:27 +02:00
include certificates tasks file 2018-07-12 23:07:34 +02:00			`unifi_tls_deploment_enabled: False`
try to create pkcs12 keystore 2018-07-12 23:02:27 +02:00			`unifi_tls_pkcs12_path: /tmp/unifi.p12`
			`unifi_tls_cert_path: /etc/pki/tls/certs/cert.pem`
			`unifi_tls_key_path: /etc/pki/tls/private/key.pem`
fix user variable 2018-07-12 23:19:32 +02:00			`unifi_tls_lookup_user: "{{ ansible_user_dir }}"`