---
unifi_version: 5.6.39
unifi_openjdk_version: 1.8.0
unifi_restore_after_upgrade: False

unifi_group: ubnt
unifi_user: ubnt

unifi_lvm_enabled: False
# unifi_lvm_pvs:
#   - /dev/sda
# unifi_lvm_vg: vg_unifi
# unifi_lvm_lv: lv_unifi
# unifi_lvm_size: 10G
# unifi_lvm_fstype: xfs
unifi_base_dir: /opt/unifi
unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"

unifi_iptables_enabled: True
unifi_open_ports:
  - name: allow_unifi_web
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 8443 -j ACCEPT
    state: present
  - name: allow_unifi_comm
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
      -A OUTPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
    state: present
  - name: allow_unifi_stun
    rules: |
      -A INPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
      -A OUTPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
    state: present
  - name: allow_unifi_discover
    rules: |
      -A INPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
      -A OUTPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
    state: present
  - name: allow_unifi_sped
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
    state: present

unifi_tls_deploment_enabled: False
unifi_tls_pkcs12_path: /tmp/unifi.p12
unifi_tls_cert_path: /etc/pki/tls/certs/cert.pem
unifi_tls_key_path: /etc/pki/tls/private/key.pem
unifi_tls_lookup_user: "{{ remote_user }}"