Dustin C. Hatch
71a43ccf07
Since Ubiquiti only publishes Debian packages for the Unifi Network controller software, running it on Fedora has historically been neigh impossible. Fortunately, a modern solution is available: containers. The *linuxserver.io* project publishes a container image for the controller software, making it fairly easy to deploy on any host with an OCI runtime. I briefly considered creating my own image, since theirs must be run as root, but I decided the maintenance burden would not be worth it. Using Podman's user namespace functionality, I was able to work around this requirement anyway.
30 lines
601 B
Django/Jinja
30 lines
601 B
Django/Jinja
[Unit]
|
|
Description=Unifi Network
|
|
Wants=network.target
|
|
After=network.target
|
|
|
|
[Container]
|
|
Image={{ unifi_container_image }}:{{ unifi_version }}
|
|
Volume={{ unifi_storage_path }}:/config:rw,Z
|
|
Network=host
|
|
NoNewPrivileges=yes
|
|
UserNS=auto:gidmapping=911:911:1,uidmapping=911:911:1
|
|
VolatileTmp=yes
|
|
Notify=yes
|
|
|
|
[Service]
|
|
PrivateTmp=yes
|
|
ProtectClock=yes
|
|
ProtectHome=yes
|
|
ProtectKernelModules=yes
|
|
ProtectProc=invisible
|
|
ProtectSystem=strict
|
|
ReadWritePaths=/run
|
|
ReadWritePaths=/var/lib/containers/storage
|
|
ReadWritePaths={{ unifi_storage_path }}
|
|
RestrictRealtime=yes
|
|
UMask=0077
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|