unifi: Deploy Unifi Network controller
Since Ubiquiti only publishes Debian packages for the Unifi Network controller software, running it on Fedora has historically been neigh impossible. Fortunately, a modern solution is available: containers. The *linuxserver.io* project publishes a container image for the controller software, making it fairly easy to deploy on any host with an OCI runtime. I briefly considered creating my own image, since theirs must be run as root, but I decided the maintenance burden would not be worth it. Using Podman's user namespace functionality, I was able to work around this requirement anyway.
This commit is contained in:
29
roles/unifi/templates/unifi.container.j2
Normal file
29
roles/unifi/templates/unifi.container.j2
Normal file
@@ -0,0 +1,29 @@
|
||||
[Unit]
|
||||
Description=Unifi Network
|
||||
Wants=network.target
|
||||
After=network.target
|
||||
|
||||
[Container]
|
||||
Image={{ unifi_container_image }}:{{ unifi_version }}
|
||||
Volume={{ unifi_storage_path }}:/config:rw,Z
|
||||
Network=host
|
||||
NoNewPrivileges=yes
|
||||
UserNS=auto:gidmapping=911:911:1,uidmapping=911:911:1
|
||||
VolatileTmp=yes
|
||||
Notify=yes
|
||||
|
||||
[Service]
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectHome=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectProc=invisible
|
||||
ProtectSystem=strict
|
||||
ReadWritePaths=/run
|
||||
ReadWritePaths=/var/lib/containers/storage
|
||||
ReadWritePaths={{ unifi_storage_path }}
|
||||
RestrictRealtime=yes
|
||||
UMask=0077
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user