Erich Blume 6b53cde35c Update UniFi Pulumi plan: switch to ubiquiti-community provider

Corroboration review of the add-unifi-pulumi-stack plan found several
issues. Switch provider from filipowm/unifi (inactive maintainer,
showstopper bug #94 wiping firewall rules) to ubiquiti-community/unifi
(actively maintained, API key auth). Add UX7 config backup prerequisite,
fix safety guard to check default route instead of hostname, update
1Password paths to match actual item, fix ringtail references, and
update doc steps for already-existing files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-13 20:00:13 -08:00

2.5 KiB

Raw Blame History

title

modified

UniFi

Home WiFi router and network controller, managed via Pulumi IaC.

Quick Reference

Property	Value
Model	UniFi Express 7 (UX7)
LAN IP	`192.168.1.1`
Management URL	`https://192.168.1.1`
IaC	`pulumi/unifi/` (planned)
Stack	`home-network` (planned)
Power	Battery-backed via UPS (see power)

What It Does

The UX7 is the home WiFi access point and network gateway. It provides:

WiFi (main, guest, IoT networks)
DHCP for 192.168.1.0/24
Built-in UniFi controller for managing adopted devices (switches, APs)
Firewall and traffic management

Network Topology

ISP Modem
  └── UniFi Express 7 [WAN]
       └── [LAN port] ──→ Switch A (by router/sifaka)
            ├── sifaka (Synology NAS)
            └── ~12ft Cat6 ──→ Switch B (on desk)
                                 ├── indri (Mac Mini, primary server)
                                 └── gilbert (USB-C adapter)

All wired devices share the 192.168.1.0/24 subnet. The two daisy-chained UniFi Switch Flex Minis provide enough ports for all devices while using the UX7's single LAN port.

Pulumi Configuration (Planned)

The Pulumi program will live in pulumi/unifi/:

__main__.py — declares networks, WLANs, and firewall zones
Pulumi.home-network.yaml — stack config (router URL, site)
sdks/unifi/ — generated Python SDK from pulumi package add terraform-provider filipowm/unifi

Provider: filipowm/terraform-provider-unifi v1.0.0, consumed via pulumi package add terraform-provider.

See add-unifi-pulumi-stack for the full implementation plan.

Operations

Task	Command
Preview changes	`mise run unifi-preview` (planned)
Apply changes	`mise run unifi-up` (planned)
Web management	`https://192.168.1.1`

Authentication

The provider uses an API key created in the UX7 control plane (Settings → Control Plane → API). The key is stored in 1Password (op://blumeops/unifi/credential) and injected via mise task environment variables.

add-unifi-pulumi-stack - Implementation plan
hosts - Device inventory
power - UPS power chain
indri - Primary server (wired connection required for management)
tailscale - Tailnet networking

2.5 KiB Raw Blame History