---
unifi_version: 5.6.39
unifi_openjdk_version: 1.8.0
unifi_restore_after_upgrade: False

unifi_group: ubnt
unifi_user: ubnt

unifi_lvm_enabled: False
# unifi_lvm_pvs:
#   - /dev/sda
# unifi_lvm_vg: vg_unifi
# unifi_lvm_lv: lv_unifi
# unifi_lvm_size: 10G
# unifi_lvm_fstype: xfs
unifi_base_dir: /opt/unifi
unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"

unifi_iptables_enabled: True
unifi_open_ports:
  - name: allow_unifi_web
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 8443 -j ACCEPT
    state: present
  - name: allow_unifi_comm
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
      -A OUTPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
    state: present
  - name: allow_unifi_stun
    rules: |
      -A INPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
      -A OUTPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
    state: present
  - name: allow_unifi_discover
    rules: |
      -A INPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
      -A OUTPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
    state: present
  - name: allow_unifi_sped
    rules: |
      -A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
    state: present

unifi_tls_deployment_enabled: False
unifi_tls_pkcs12_passphrase: temppass
unifi_tls_cert_path: /etc/pki/tls/certs/mycert.pem
unifi_tls_key_path: /etc/pki/tls/private/mykey.pem

unifi_nginx_vhost_enabled: False
unifi_ip_server: localhost
unifi_server_port: 8443
unifi_nginx_server: myinventoryname
unifi_nginx_server_name: unifi.example.com
unifi_nginx_vhost_dir: /etc/nginx/sites-available
unifi_nginx_vhost_symlink: /etc/nginx/sites-enabled
unifi_nginx_iptables_enabled: False