Update UniFi Pulumi plan: switch to ubiquiti-community provider

Corroboration review of the add-unifi-pulumi-stack plan found several issues. Switch provider from filipowm/unifi (inactive maintainer, showstopper bug #94 wiping firewall rules) to ubiquiti-community/unifi (actively maintained, API key auth). Add UX7 config backup prerequisite, fix safety guard to check default route instead of hostname, update 1Password paths to match actual item, fix ringtail references, and update doc steps for already-existing files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 20:00:13 -08:00 · 2026-02-13 20:00:13 -08:00 · 6b53cde35c
commit 6b53cde35c
parent b77ae19f20
2 changed files with 49 additions and 36 deletions
--- a/docs/reference/infrastructure/unifi.md
+++ b/docs/reference/infrastructure/unifi.md
@ -39,8 +39,7 @@ ISP Modem
            ├── sifaka (Synology NAS)
            └── ~12ft Cat6 ──→ Switch B (on desk)
                                 ├── indri (Mac Mini, primary server)
-                                 ├── ringtail (Raspberry Pi)
-                                 └── (gilbert via USB-C adapter, optional)
+                                 └── gilbert (USB-C adapter)
 ```

 All wired devices share the `192.168.1.0/24` subnet. The two daisy-chained UniFi Switch Flex Minis provide enough ports for all devices while using the UX7's single LAN port.
@ -67,7 +66,7 @@ See [[add-unifi-pulumi-stack]] for the full implementation plan.

 ## Authentication

-The provider uses an API key created in the UX7 control plane (Settings → Control Plane → API). The key is stored in 1Password (`op://blumeops/unifi - blumeops/api_key`) and injected via mise task environment variables.
+The provider uses an API key created in the UX7 control plane (Settings → Control Plane → API). The key is stored in 1Password (`op://blumeops/unifi/credential`) and injected via mise task environment variables.

 ## Related