eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/infrastructure/unifi.md

77 lines
2.5 KiB
Markdown
Raw Normal View History

Add plan and reference card for UniFi Express 7 Pulumi stack (#145) ## Summary - Rewrites the UniFi Pulumi plan doc to use filipowm/unifi Terraform provider via `pulumi package add terraform-provider` (replaces pulumiverse_unifi approach) - Adds network segmentation goals (main/guest/IoT WiFi zones) and API key auth - Creates UniFi reference card (`docs/reference/infrastructure/unifi.md`) with topology diagram - Updates all documentation indexes (plans.md, how-to.md, hosts.md, reference.md) ## What's Deferred Actual stack scaffolding (`pulumi/unifi/`), mise tasks, and `pulumi import` are blocked on switch purchase and cabling. The plan doc captures everything needed for a future execution session. ## Verification - `docs-check-links` passes (all wiki-links resolve) - `docs-check-index` passes (unifi.md referenced in reference.md) - Pre-commit hooks pass Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/145
2026-02-10 15:36:13 -08:00
---
title: UniFi
tags:
- infrastructure
- networking
---
# UniFi
Home WiFi router and network controller, managed via Pulumi IaC.
## Quick Reference
| Property | Value |
|----------|-------|
| **Model** | UniFi Express 7 (UX7) |
| **LAN IP** | `192.168.1.1` |
| **Management URL** | `https://192.168.1.1` |
| **IaC** | `pulumi/unifi/` (planned) |
| **Stack** | `home-network` (planned) |
| **Power** | Battery-backed via UPS (see [[power]]) |
## What It Does
The UX7 is the home WiFi access point and network gateway. It provides:
- WiFi (main, guest, IoT networks)
- DHCP for `192.168.1.0/24`
- Built-in UniFi controller for managing adopted devices (switches, APs)
- Firewall and traffic management
## Network Topology
```
ISP Modem
└── UniFi Express 7 [WAN]
└── [LAN port] ──→ Switch A (by router/sifaka)
├── sifaka (Synology NAS)
└── ~12ft Cat6 ──→ Switch B (on desk)
├── indri (Mac Mini, primary server)
├── ringtail (Raspberry Pi)
└── (gilbert via USB-C adapter, optional)
```
All wired devices share the `192.168.1.0/24` subnet. The two daisy-chained UniFi Switch Flex Minis provide enough ports for all devices while using the UX7's single LAN port.
## Pulumi Configuration (Planned)
The Pulumi program will live in `pulumi/unifi/`:
- `__main__.py` — declares networks, WLANs, and firewall zones
- `Pulumi.home-network.yaml` — stack config (router URL, site)
- `sdks/unifi/` — generated Python SDK from `pulumi package add terraform-provider filipowm/unifi`
Provider: [filipowm/terraform-provider-unifi](https://github.com/filipowm/terraform-provider-unifi) v1.0.0, consumed via `pulumi package add terraform-provider`.
See [[add-unifi-pulumi-stack]] for the full implementation plan.
## Operations
| Task | Command |
|------|---------|
| Preview changes | `mise run unifi-preview` (planned) |
| Apply changes | `mise run unifi-up` (planned) |
| Web management | `https://192.168.1.1` |
## Authentication
The provider uses an API key created in the UX7 control plane (Settings → Control Plane → API). The key is stored in 1Password (`op://blumeops/unifi - blumeops/api_key`) and injected via mise task environment variables.
## Related
- [[add-unifi-pulumi-stack]] - Implementation plan
- [[hosts]] - Device inventory
- [[power]] - UPS power chain
- [[indri]] - Primary server (wired connection required for management)
- [[tailscale]] - Tailnet networking
Reference in a new issue Copy permalink