Erich Blume
2a2ba0bcb7
Reviewed (verified against live state) and stamped last-reviewed on: - reference/services/argocd.md: SSO via Authentik (public PKCE client), dual-cluster management (minikube + ringtail k3s), corrected sync policy (everything is manual sync, including the apps root) - reference/services/authentik.md: blueprint list grown to 8 OIDC clients, postgresql-* secret fields, client-type table - reference/services/grafana.md: TeslaMate datasource now pg.ops.eblu.me:5434 (ringtail), dashboard inventory refreshed, TeslaMate dashboards via pinned-tag init container - reference/infrastructure/unifi.md: UnPoller now a locally-built image - how-to/mealie/plan-a-meal.md: procedure verified; stored API token currently returns 401 (operational fix tracked separately) AGENTS.md: replace the mandatory full ai-docs read with a find-relevant- docs-first rule (bulk ai-docs/ai-sources now opt-in), and document the heph CLI surface for reading and manipulating Blumeops tasks. agent-change-process.md updated to match. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
3 KiB
| title | modified | last-reviewed | tags | ||
|---|---|---|---|---|---|
| UniFi | 2026-06-09 | 2026-06-09 |
|
UniFi
Home WiFi router and network controller, managed via the UX7 web UI.
Quick Reference
| Property | Value |
|---|---|
| Model | UniFi Express 7 (UX7) |
| LAN IP | 192.168.1.1 |
| Management URL | https://192.168.1.1 |
| Management | Web UI only (no IaC) |
| Power | Battery-backed via UPS (see power) |
What It Does
The UX7 is the home WiFi access point and network gateway. It provides:
- WiFi (main, guest, IoT networks)
- DHCP for all network subnets
- Built-in UniFi controller for managing adopted devices (switches)
- Zone-based firewall and traffic management
Networks
| Network | VLAN | Subnet | Purpose |
|---|---|---|---|
| Main | 1 (default) | 192.168.1.0/24 | Trusted devices (indri, sifaka, gilbert, mouse) |
| Guest | 2 | 192.168.2.0/24 | Visitors, internet-only |
| IoT | 3 | 192.168.3.0/24 | Smart devices (Frame TV, appliances) |
Three-network segmentation configured manually via UX7 web UI (Feb 2026).
Network Topology
ISP Modem
└── UniFi Express 7 [WAN]
└── [LAN port] ──→ Switch A (by router/sifaka)
├── sifaka (Synology NAS)
└── ~12ft Cat6 ──→ Switch B (on desk)
├── indri (Mac Mini, primary server)
└── gilbert (USB-C adapter)
All wired devices share the default VLAN (192.168.1.0/24). The two daisy-chained UniFi Switch Flex Minis provide enough ports for all devices while using the UX7's single LAN port.
Operations
| Task | Method |
|---|---|
| Manage networks/WiFi/firewall | https://192.168.1.1 web UI |
| Backup configuration | Settings → System → Backup |
| Restore from backup | Settings → System → Backup → Restore |
Authentication
Local admin account on the UX7. Credentials stored in 1Password (vault blumeops). WiFi passphrase stored in 1Password item "Radio New Vegas" (Wireless Router type) in vault blumeops.
Why Not IaC?
Attempted Feb 2026 with the ubiquiti-community/unifi Terraform provider via Pulumi. A "no-op" update on the default LAN network reset undeclared properties, bricking the network and requiring a factory reset. The provider ecosystem is too immature for single-device infrastructure.
Monitoring
UniFi metrics are exported to Prometheus via UnPoller, running as a k8s deployment in the monitoring namespace on indri's minikube (argocd/manifests/unpoller/, locally-built image registry.ops.eblu.me/blumeops/unpoller). UnPoller polls the UX7 controller API using an API key and exposes metrics on port 9130.
- Prometheus job:
unpoller - Metrics prefix:
unifi_ - Credentials: 1Password item
unpoller(vaultblumeops, API key)