initial commit of file from CVS for smeserver-unifi on Sat Sep 7 21:10:32 AEST 2024

root/etc/e-smith/db/configuration/defaults/unifi/TCPPorts

@@ -0,0 +1 @@
+8080,8443,8880,8843

root/etc/e-smith/db/configuration/defaults/unifi/UDPPorts

@@ -0,0 +1 @@
+3478,10001

root/etc/e-smith/db/configuration/defaults/unifi/VersionToInstall

@@ -0,0 +1 @@
+7.1.68

root/etc/e-smith/db/configuration/defaults/unifi/access

@@ -0,0 +1 @@
+private

root/etc/e-smith/db/configuration/defaults/unifi/status

@@ -0,0 +1 @@
+enabled

root/etc/e-smith/db/configuration/defaults/unifi/type

@@ -0,0 +1 @@
+service

root/etc/e-smith/db/configuration/migrate/unifi

@@ -0,0 +1,6 @@
+{
+
+        my $unifi = $DB->get('unifi') || $DB->new_record("unifi",{type=>'service'});
+	$unifi->delete_prop('TCPPort') if ( defined( $unifi->prop('TCPPort') ) and $unifi->prop('TCPPort') eq "8080,8443,8880,8843"); 
+
+}

root/etc/e-smith/events/actions/upgrade_unifi_controller.sh

@@ -0,0 +1,117 @@
+#!/bin/sh
+
+# upgrade_unifi_controller.sh
+# Easy UniFi Controller Upgrade Script for Unix/Linux Systems
+# by Steve Jenkins (stevejenkins.com)
+# Version 2.3
+# Last Updated January 8, 2017
+
+# REQUIREMENTS
+# 1) Assumes you already have any version of UniFi Controller installed 
+#    and running on your system.
+# 2) Assumes a user named "ubnt" owns the /opt/UniFi directory.
+# 3) Requires a service start/stop script to properly shut down and 
+#    restart the UniFi controller before and after upgrade. I've written
+#    compatible startup scrips for SysV and systemd systems at 
+#    http://wp.me/p1iGgP-2wl
+# 4) Requires wget command to fetch the software from UBNT's download site.
+
+# USAGE
+# Modify the "UNIFI_DOWNLOAD_URL" variable below using the full URL of
+# the UniFi Controller zip file on UBNT's download site. Optionally modify
+# any of the additional variables below (defaults should work fine),
+# then run the script!
+
+# CONFIGURATION OPTIONS
+VERSION=$(/sbin/e-smith/db configuration getprop unifi VersionToInstall || echo "5.6.30")
+UNIFI_DOWNLOAD_URL=http://dl.ubnt.com/unifi/$VERSION/UniFi.unix.zip
+UNIFI_ARCHIVE_FILENAME=UniFi.unix.zip
+UNIFI_OWNER=ubnt
+UNIFI_SERVICE=unifi
+UNIFI_PARENT_DIR=/opt
+UNIFI_DIR=/opt/UniFi
+UNIFI_BACKUP_DIR=/opt/UniFi_bak
+TEMP_DIR=/tmp
+
+#### SHOULDN'T HAVE TO MODIFY PAST THIS POINT ####
+
+#today date
+TODAY=$(date +%Y-%m-%d-%H%M%S)
+
+# Create progress dots function
+show_dots() {
+	while ps $1 >/dev/null ; do
+	printf "."
+	sleep 1
+	done
+	printf "\n"
+}
+
+# Let's DO this!
+printf "Upgrading UniFi Controller...\n"
+
+# Retrieve the updated zip archive from UBNT (overwriting any previous version)
+printf "\nDownloading %s from UBNT..." "$UNIFI_DOWNLOAD_URL"
+cd $TEMP_DIR || exit
+wget -qq $UNIFI_DOWNLOAD_URL -O $UNIFI_ARCHIVE_FILENAME &
+show_dots $!
+
+# Check to make sure we have a downloaded file to work with
+
+if [ -f "$UNIFI_ARCHIVE_FILENAME" ]; then
+
+	# Archive file exists, extract and install it
+
+	# Stop the local UniFi Controller service
+	printf "\n"
+	/usr/bin/systemctl stop $UNIFI_SERVICE
+	
+	# Remove previous backup directory (if it exists)
+#	if [ -d "$UNIFI_BACKUP_DIR" ]; then
+#		printf "\nRemoving previous backup directory...\n"
+#		rm -rf $UNIFI_BACKUP_DIR
+#	fi
+	# remove previous backup and leave the 3 last
+	ls -tp $UNIFI_BACKUP_DIR/ | grep -v '/$' | tail -n +3 | xargs -d '\n' -r rm --
+	
+	# Move existing UniFi directory to backup location
+	printf "\nMoving existing UniFi Controller directory to backup location...\n"
+	mv $UNIFI_DIR "$UNIFI_BACKUP_DIR/UniFi_$TODAY"
+
+	# Extract new version
+	printf "\nExtracting downloaded software..."
+	unzip -qq $TEMP_DIR/$UNIFI_ARCHIVE_FILENAME -d $UNIFI_PARENT_DIR &
+	show_dots $!
+	
+	# Jump into the backup directory
+	cd "$UNIFI_BACKUP_DIR/UniFi_$TODAY" || exit
+	
+	# Create an archive of the existing data directory
+	printf "\nBacking up existing UniFi Controller data..."
+	tar zcf $TEMP_DIR/unifi_data_bak.tar.gz data/ &
+	show_dots $!
+	
+	# Extract the data into the new directory
+	printf "\nExtracting UniFi Controller backup data to new directory..."
+	tar zxf $TEMP_DIR/unifi_data_bak.tar.gz -C $UNIFI_DIR &
+	show_dots $!
+	
+	# Enforce proper ownership of UniFi directory
+	chown -R $UNIFI_OWNER:$UNIFI_OWNER $UNIFI_DIR
+	
+	# Restart the local UniFi Controller service
+	printf "\n"
+	/usr/bin/systemctl start $UNIFI_SERVICE 
+	
+	# All done!
+	printf "\nUpgrade of UniFi Controller complete!\n"
+
+	exit 0
+
+else
+
+	# Archive file doesn't exist, warn and exit
+	printf "\nUniFi Controller software not found! Please check download link.\n"
+
+	exit 1
+fi

root/etc/e-smith/templates/usr/bin/hook-script.sh/30unifi

@@ -0,0 +1,26 @@
+if [ $1 = "deploy_cert" ]; then
+  # and now deploy our LE cert to Unifi controller !
+{  # in case we rely on scl again
+  #. /opt/rh/rh-mongodb34/service-environment
+  #. scl_source enable \$RH_MONGODB34_SCLS_ENABLED
+}
+  # To automatically detect DOMAIN (thanks to @SprockTech):
+  DOMAIN=$(mongo --quiet --port 27117 --eval 'db.getSiblingDB("ace").setting.find(\{"key": "super_identity"\}).forEach(function(document)\{ print(document.hostname) \})')
+  
+  # Backup previous keystore
+  cp /opt/UniFi/data/keystore  /opt/UniFi/data/keystore.backup.$(date +%F_%R)
+ 
+  # Convert cert to PKCS12 format
+  # Ignore warnings
+  #openssl pkcs12 -export -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem -in /etc/letsencrypt/live/${DOMAIN}/fullchain.pem -out /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -name unifi -password pass:unifi
+  openssl pkcs12 -export -inkey `/sbin/e-smith/config getprop modSSL key` -in `/sbin/e-smith/config getprop modSSL crt` -out /opt/UniFi/data/fullchain.p12 -name unifi -password pass:unifi 2>/dev/null
+  
+  # Install certificate
+  # Ignore warnings
+  #keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore /etc/letsencrypt/live/${DOMAIN}/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt
+  keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore  /opt/UniFi/data/keystore -srckeystore /opt/UniFi/data/fullchain.p12 -srcstoretype PKCS12 -srcstorepass unifi -alias unifi -noprompt
+
+  #Restart UniFi controller
+  /usr/bin/systemctl restart unifi.service
+fi
+

root/sbin/e-smith/systemd/unifi

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# check if squid is using 8080, if yes, then move to 8081
+intercept=$(/usr/sbin/e-smith/config getprop squid InterceptPort||echo "8080")
+squidstatus=$(/usr/sbin/e-smith/config getprop squid status||echo "disabled")
+
+if [[ "$intercept" == "8080" && "$squidstatus" == "enabled" ]]; then
+ echo "we set squid Intercept port to 8081.. to avoid conflict with unifi "
+ /usr/sbin/e-smith/config setprop squid InterceptPort 8081
+ /usr/sbin/e-smith/expand-template /etc/squid/squid.conf
+ /usr/sbin/e-smith/expand-template /etc/rc.d/init.d/masq 
+ /usr/bin/systemctl restart squid
+ /usr/bin/systemctl restart masq
+
+fi
+
+# now deal with dansguardian
+dport=$(/usr/sbin/e-smith/config getprop dansguardian port ||echo "8080")
+dstatus=$(/usr/sbin/e-smith/config getprop dansguardian status||echo "disabled")
+if [[ "$dport" == "8080" && "$dsatus" == "enabled" ]]; then
+ echo "we set dansguardian port to 8081.. to avoid conflict with unifi "
+  /usr/sbin/e-smith/config setprop dansguardian port 8081
+  /usr/sbin/e-smith/expand-template /etc/dansguardian/dansguardian.conf 
+  /usr/bin/systemctl restart dansguardian
+fi
+
+# nothing to do with with squidguard
+

root/usr/lib/systemd/system/unifi.service

@@ -0,0 +1,22 @@
+# UniFi Controller systemd Service File
+# by Steve Jenkins
+# Last updated January 8, 2017
+# adapted for Koozali SME Server 10
+[Unit]
+Description=Ubiquiti UniFi Controller
+After=syslog.target network.target
+
+[Service]
+ExecStartPre=-/usr/sbin/e-smith/service-status unifi
+ExecStartPre=/usr//sbin/e-smith/systemd/unifi
+ExecStart=/usr/bin/java -Xmx1024M -jar /opt/UniFi/lib/ace.jar start
+ExecStop=/usr/bin/java -jar /opt/UniFi/lib/ace.jar stop
+Type=simple
+User=ubnt
+PermissionsStartOnly=true
+WorkingDirectory=/opt/UniFi
+SuccessExitStatus=143
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=sme-server.target