add unifi container

2023-07-31 16:48:00 +10:00
commit 8494857b2e
3 changed files with 139 additions and 0 deletions
--- a/79
+++ b/79
@@ -0,0 +1,79 @@
+FROM debian:11-slim
+
+# Copy in requirements file
+COPY apt-requirements.txt /tmp/apt-requirements.txt
+
+# Set default repos to HTTPS
+# RUN sed -i '/URIs: http:\/\/deb\.debian\.org\/debian/c\URIs: https:\/\/deb\.debian\.org\/debian' /etc/apt/sources.list.d/debian.sources
+
+# Install package dependancies
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update -y && \
+    xargs -a /tmp/apt-requirements.txt apt-get install -y --no-install-recommends
+
+# Add MongoDB key and repo, install MongoDB
+# RUN curl https://pgp.mongodb.com/server-6.0.asc | gpg --dearmor > /usr/share/keyrings/mongodb-archive-keyring.gpg && \
+#     echo "deb [ signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg] https://repo.mongodb.org/apt/debian bullseye/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb.list && \
+#     apt-get update -y && \
+#     apt-get install -y --no-install-recommends mongodb-org
+
+# Add Unifi key and repo, install Unifi
+# RUN curl https://dl.ui.com/unifi/unifi-repo.gpg | gpg --dearmor > /usr/share/keyrings/ubiquiti-archive-keyring.gpg && \
+#     echo 'deb [signed-by=/usr/share/keyrings/ubiquiti-archive-keyring.gpg] https://www.ui.com/downloads/unifi/debian stable ubiquiti' | tee /etc/apt/sources.list.d/ubiquiti.list && \
+#     apt-get update -y && \
+#     apt-get install -y --no-install-recommends unifi
+
+# Get latest version of Unifi and download deb file
+RUN UNIFI_VERSION=$(curl -sX GET http://dl-origin.ubnt.com/unifi/debian/dists/stable/ubiquiti/binary-amd64/Packages \
+        | grep -A 7 -m 1 'Package: unifi' \
+        | awk -F ': ' '/Version/{print $2;exit}' \
+        | awk -F '-' '{print $1}') && \
+    echo "Unifi version: $UNIFI_VERSION" && \
+    curl -o /tmp/unifi.deb -L https://dl.ui.com/unifi/$UNIFI_VERSION/unifi_sysvinit_all.deb
+
+# Unpack the unifi deb file, remove mongodb dependancy, then repack and install
+RUN mkdir -p /tmp/unpack && \
+    dpkg-deb -R /tmp/unifi.deb /tmp/unpack && \
+    sed -i '/^ mongodb-server.*),/d' /tmp/unpack/DEBIAN/control && \
+    echo "Updated control file:" && \
+    cat /tmp/unpack/DEBIAN/control && \
+    dpkg-deb -b /tmp/unpack /tmp/unifi-nomongo.deb && \
+    dpkg -i /tmp/unifi-nomongo.deb
+
+# Copy in system.properties file
+COPY system.properties /var/lib/unifi/system.properties
+
+# Tweak the unifi user, chown files, clean up
+RUN usermod -s /bin/bash unifi && \
+    chown -R unifi:unifi /var/lib/unifi && \
+    chmod 600 /var/lib/unifi/system.properties && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Add unifi user, create app directores and chown to unifi user
+# RUN useradd unifi-svc \
+#         --uid 1000 \
+#         --user-group \
+#         --groups unifi,unifi-svc \
+#         --create-home \
+#         --shell /bin/bash && \
+    # mkdir -p /unifi/data && \
+    # mkdir -p /unifi/logs && \
+    # chown -R unifi:unifi /unifi
+
+VOLUME /var/lib/unifi
+VOLUME /var/log/unifi
+
+# Expose ports
+EXPOSE 3478 8080 8443 8843 8880
+
+# Change to unifi user
+USER unifi
+
+# Set working directory
+WORKDIR /var/lib/unifi
+
+# Set entrypoint
+CMD ["/usr/bin/java", "-Dlog4j2.formatMsgNoLookups=true", "-jar", "/usr/lib/unifi/lib/ace.jar", "start"]
+
+
--- a/apt-requirements.txt
+++ b/apt-requirements.txt
@@ -0,0 +1,13 @@
+software-properties-common
+gnupg
+debconf
+ca-certificates
+apt-transport-https
+binutils
+coreutils
+adduser
+libcap2
+curl
+openjdk-11-jre-headless
+logrotate
+procps
--- a/system.properties
+++ b/system.properties
@@ -0,0 +1,47 @@
+## system.properties
+#
+# each unifi instance requires a set of ports:
+#
+## device inform
+# unifi.http.port=$UNIFI_INFORM_PORT
+## controller UI / API
+# unifi.https.port=$UNIFI_GUI_PORT
+## portal redirect port for HTTP
+# portal.http.port=$UNIFI_PORTAL_PORT
+## portal redirect port for HTTPs
+# portal.https.port=8843
+## local-bound port for DB server
+# unifi.db.port=27117
+## UDP port used for STUN
+# unifi.stun.port=$UNIFI_STUN_PORT
+#
+## the IP devices should be talking to for inform
+system_ip=$UNIFI_SYSTEM_ADDRESS
+## disable mongodb journaling
+unifi.db.nojournal=true
+## extra mongod args
+# unifi.db.extraargs
+
+db.mongo.local=false
+db.mongo.uri=mongodb://$UNIFI_DB_USER:$UNIFI_DB_PASSWORD@$UNIFI_DB_ADDRESS:$UNIFI_DB_PORT/$UNIFI_DB_NAME
+statdb.mongo.uri=mongodb://$UNIFI_DB_USER:$UNIFI_DB_PASSWORD@$UNIFI_DB_ADDRESS:$UNIFI_DB_PORT/$UNIFI_DB_STAT_NAME
+unifi.db.name=$UNIFI_DB_NAME
+
+## HTTPS options
+# unifi.https.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
+# unifi.https.sslEnabledProtocols=TLSv1,SSLv2Hello
+# unifi.https.hsts=false
+# unifi.https.hsts.max_age=31536000
+# unifi.https.hsts.preload=false
+# unifi.https.hsts.subdomain=false
+#
+# Ports reserved for device redirector. There is no need to open
+# firewall for these ports on controller, however do NOT set
+# controller to use these ports.
+#
+# portal.redirector.port=8881
+# portal.redirector.port.wired=8882
+#
+# Port used for throughput measurement.
+# unifi.throughput.port=6789
+#