Erich Blume 0dce806107 Add plan and reference card for UniFi Express 7 Pulumi stack (#145 )

## Summary
- Rewrites the UniFi Pulumi plan doc to use filipowm/unifi Terraform provider via `pulumi package add terraform-provider` (replaces pulumiverse_unifi approach)
- Adds network segmentation goals (main/guest/IoT WiFi zones) and API key auth
- Creates UniFi reference card (`docs/reference/infrastructure/unifi.md`) with topology diagram
- Updates all documentation indexes (plans.md, how-to.md, hosts.md, reference.md)

## What's Deferred
Actual stack scaffolding (`pulumi/unifi/`), mise tasks, and `pulumi import` are blocked on switch purchase and cabling. The plan doc captures everything needed for a future execution session.

## Verification
- `docs-check-links` passes (all wiki-links resolve)
- `docs-check-index` passes (unifi.md referenced in reference.md)
- Pre-commit hooks pass

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/145

2026-02-10 15:36:13 -08:00

2.5 KiB

Raw Blame History

title

UniFi

Home WiFi router and network controller, managed via Pulumi IaC.

Quick Reference

Property	Value
Model	UniFi Express 7 (UX7)
LAN IP	`192.168.1.1`
Management URL	`https://192.168.1.1`
IaC	`pulumi/unifi/` (planned)
Stack	`home-network` (planned)
Power	Battery-backed via UPS (see power)

What It Does

The UX7 is the home WiFi access point and network gateway. It provides:

WiFi (main, guest, IoT networks)
DHCP for 192.168.1.0/24
Built-in UniFi controller for managing adopted devices (switches, APs)
Firewall and traffic management

Network Topology

ISP Modem
  └── UniFi Express 7 [WAN]
       └── [LAN port] ──→ Switch A (by router/sifaka)
            ├── sifaka (Synology NAS)
            └── ~12ft Cat6 ──→ Switch B (on desk)
                                 ├── indri (Mac Mini, primary server)
                                 ├── ringtail (Raspberry Pi)
                                 └── (gilbert via USB-C adapter, optional)

All wired devices share the 192.168.1.0/24 subnet. The two daisy-chained UniFi Switch Flex Minis provide enough ports for all devices while using the UX7's single LAN port.

Pulumi Configuration (Planned)

The Pulumi program will live in pulumi/unifi/:

__main__.py — declares networks, WLANs, and firewall zones
Pulumi.home-network.yaml — stack config (router URL, site)
sdks/unifi/ — generated Python SDK from pulumi package add terraform-provider filipowm/unifi

Provider: filipowm/terraform-provider-unifi v1.0.0, consumed via pulumi package add terraform-provider.

See add-unifi-pulumi-stack for the full implementation plan.

Operations

Task	Command
Preview changes	`mise run unifi-preview` (planned)
Apply changes	`mise run unifi-up` (planned)
Web management	`https://192.168.1.1`

Authentication

The provider uses an API key created in the UX7 control plane (Settings → Control Plane → API). The key is stored in 1Password (op://blumeops/unifi - blumeops/api_key) and injected via mise task environment variables.

add-unifi-pulumi-stack - Implementation plan
hosts - Device inventory
power - UPS power chain
indri - Primary server (wired connection required for management)
tailscale - Tailnet networking

2.5 KiB Raw Blame History