diff --git a/.gitignore b/.gitignore index 98cc5dc..a9b266b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -packer_cache/ \ No newline at end of file +packer_cache/ +output/ +*.retry \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..2ac67bf --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +ROOT_PASSWORD=uuunifi +OUTPUT_IMAGE=$(shell find output/base -type f -name '*.ova' | head -1) + +all: output/unifi/ + +output/base/: + packer build -var root_password=$(ROOT_PASSWORD) base.json + +output/unifi/: output/base/ + packer build -var root_password=$(ROOT_PASSWORD) \ + -var source_image=$(OUTPUT_IMAGE) provision.json + +clean: clean_base clean_provisioned +clean_base: + rm -r output/base +clean_provisioned: + rm -r output/unifi +.PHONY: all clean \ No newline at end of file diff --git a/build.json b/base.json similarity index 82% rename from build.json rename to base.json index 1dbe763..69900fd 100644 --- a/build.json +++ b/base.json @@ -5,29 +5,29 @@ "iso_checksum_type": "sha256", "boot_wait": "10s", - "boot_key_interval": "10ms", - "root_password": "uuunifi", + "root_password": null, "ssh_timeout": "60m", "machine_hostname": "unifi", - "http_directory": "http/" + "http_directory": "http/", + "output_directory": "output/base/" }, "builders": [ { - "type": "qemu", - "accelerator": "kvm", - "disk_interface": "virtio", + "type": "virtualbox-iso", + "guest_os_type": "Linux_64", + "format": "ova", "iso_url": "{{user `iso_url`}}", "iso_checksum": "{{user `iso_checksum`}}", "iso_checksum_type": "{{user `iso_checksum_type`}}", "http_directory": "{{user `http_directory`}}", + "output_directory": "{{user `output_directory`}}", "boot_wait": "{{user `boot_wait`}}", - "boot_key_interval": "{{user `boot_key_interval`}}", "boot_command": [ "root", @@ -43,8 +43,9 @@ "sed -i \"s/rc-service \\$svc start/#&/\" /sbin/setup-sshd", "setup-alpine -f answers && ", - "mount /dev/vda3 /mnt && ", + "mount /dev/sda3 /mnt && ", "echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config && ", + "rc-update add acpid && ", "umount /mnt && ", "reboot", "", diff --git a/http/answers b/http/answers index 7b9f9af..455136f 100644 --- a/http/answers +++ b/http/answers @@ -16,4 +16,4 @@ APKREPOSOPTS="-1" SSHDOPTS="-c openssh" NTPOPTS="-c chrony" -DISKOPTS="-m sys /dev/vda" \ No newline at end of file +DISKOPTS="-m sys /dev/sda" \ No newline at end of file diff --git a/provision.json b/provision.json new file mode 100644 index 0000000..9bb39a1 --- /dev/null +++ b/provision.json @@ -0,0 +1,42 @@ +{ + "variables": { + "source_image": null, + "root_password": null, + + "boot_wait": "10s", + "output_directory": "output/unifi/" + }, + "builders": [ + { + "type": "virtualbox-ovf", + "format": "ova", + + "source_path": "{{user `source_image`}}", + "checksum_type": "none", + + "output_directory": "{{user `output_directory`}}", + + "boot_wait": "{{user `boot_wait`}}", + "shutdown_command": "echo '{{user `root_password`}}' | sudo -S poweroff", + + "communicator": "ssh", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "apk update", + "apk add python sudo" + ] + }, + { + "type": "ansible", + "extra_arguments": [], + "user": "root", + "playbook_file": "./setup.yml" + } + ] +} \ No newline at end of file diff --git a/setup.yml b/setup.yml new file mode 100644 index 0000000..64c300e --- /dev/null +++ b/setup.yml @@ -0,0 +1,69 @@ +- hosts: default + debugger: on_failed + vars: + unifi_software_url: https://dl.ubnt.com/unifi/5.10.21/UniFi.unix.zip + tasks: + - replace: + path: /etc/apk/repositories + regexp: '^#(.*v\d+.\d+/community.*)$' + replace: '\1' + - apk: + name: openjdk8-jre + state: present + update_cache: yes + - apk: + name: '{{item}}' + state: present + loop: + - shadow + - mongodb + - s6 + - unzip + - user: + name: unifi + home: /srv/unifi + - get_url: + url: '{{unifi_software_url}}' + dest: /tmp/UniFi.unix.zip + - command: unzip /tmp/UniFi.unix.zip + args: + chdir: /tmp + warn: false + - shell: mv /tmp/UniFi/* /srv/unifi + - command: rm /srv/unifi/bin/mongod + - file: + path: /srv/unifi + owner: unifi + mode: o-rwx + recurse: yes + - file: + dest: /srv/unifi/bin/mongod + src: /usr/bin/mongod + state: link + - file: + path: /etc/unifi/log + state: directory + - template: + src: templates/unifi/run + dest: /etc/unifi/run + mode: 755 + - template: + src: templates/unifi/log/run + dest: /etc/unifi/log/run + mode: 755 + - user: + name: log + home: /var/log + - file: + path: /var/log/unifi + state: directory + owner: log + mode: 750 + - template: + src: templates/init.d/unifi + dest: /etc/init.d/unifi + mode: 755 + - service: + name: unifi + state: started + enabled: yes \ No newline at end of file diff --git a/templates/init.d/unifi b/templates/init.d/unifi new file mode 100644 index 0000000..666704a --- /dev/null +++ b/templates/init.d/unifi @@ -0,0 +1,16 @@ +#!/sbin/openrc-run + +name="unifi" +supervisor=s6 +s6_service_path="${RC_SVCDIR}/s6-scan/${name}" + +depend() { + need net s6-svscan + after firewall +} + +start_pre() { + if [ ! -L "${RC_SVCDIR}/s6-scan/${name}" ]; then + ln -s "/etc/${name}" "${RC_SVCDIR}/s6-scan/${name}" + fi +} \ No newline at end of file diff --git a/templates/unifi/log/run b/templates/unifi/log/run new file mode 100644 index 0000000..1eeee10 --- /dev/null +++ b/templates/unifi/log/run @@ -0,0 +1,5 @@ +#!/bin/ash + +log_user='log' + +exec s6-setuidgid $log_user s6-log -b n20 s1000000 t /var/log/unifi \ No newline at end of file diff --git a/templates/unifi/run b/templates/unifi/run new file mode 100644 index 0000000..e03f4e3 --- /dev/null +++ b/templates/unifi/run @@ -0,0 +1,19 @@ +#!/bin/ash + +user='unifi' +group='unifi' + +exec 2>&1 + +base='/srv/unifi' + +if [ -d $base ]; then + cd $base + chown -R $user:$group . + version=`head -1 webapps/ROOT/app-unifi/.version` + echo "Starting UniFi Controller $version" + exec s6-setuidgid $user java -jar lib/ace.jar start +else + echo "Missing $base ... aborting" + touch down +fi