mabunixda.ansible_udmp

Panoramica Versioni Approfondimenti

Ansible UDMP Role

Customize your Ubiquiti UDM (Pro) using Ansible and udm-utilities.

Since the Ubiquiti UDM and Pro do not have a proper Python installation, we need to use raw commands for any changes.

Sample Playbook

This playbook will:

  • Load your custom SSL certificate onto the UDM (Pro)
  • Install unifios-utilities
  • Transfer SSH keys from the Unifi Controller to the UDM (Pro)
  • Set up the node exporter for Prometheus scraping as a container using Podman
---
- name: udmp setup
  hosts: unifi-udmp-gateway
  gather_facts: false
  roles:
    - role: mabunixda.ansible_udmp
      certificate: <path-to-certificate.pem>
      certificate_key: <path-to-certificate-key.pem>

UDM Kernel Tools

By default, the UDM Kernel tools are not installed. If you enable the option install_kernel_tools, it will install the tools and the latest kernel. Autoboost into the custom kernel is enabled by default. You can turn it off using udm_kernel_tools_autoboot.

Currently, installing an older kernel is not supported. If you have an older kernel installed, you can return to it by setting udm_kernel_tools_kernel_version to an available version. The role checks if this version exists before switching and booting into it.

Please read more about the kernel switch at UDM Kernel tools before proceeding!

---
- name: udmp setup
  hosts: unifi-udmp-gateway
  gather_facts: false
  roles:
    - role: mabunixda.ansible_udmp
      install_kernel_tools: true

You can configure the following services:

Except for the node exporter, all services require additional manual configuration after deploying. This configuration can be done manually or using other roles/plays.

nodeexporter_enabled

Starts a node exporter instance via Podman on the gateway for Prometheus metrics scraping.

frr_enabled

FRR is a service that enables BGP routing (e.g., for Kubernetes with MetalLB or Nomad with Calico).

rsyncd_enabled

This service allows you to back up your configuration using rsync over port 2202.

openvpn_enabled

OpenVPN service to connect the UDM (Pro) to a specific OpenVPN tunnel.

zerotier_enabled

Launches a ZeroTier container on the UDM (Pro) and connects it to a specific ZeroTier network.

force_external_dns

Enables iptables rules to redirect DNS queries to a specific external DNS server. You can set this server using udmp_external_dns_server_ipv4 and/or udmp_external_dns_server_ipv6. You also need to specify which devices should use this setup, linked to the bridge names on the UDM (Pro). The default is br0, and the naming follows the format br (e.g., br20 for VLAN 20). Configure it like this with udmp_external_dns_devices:

---
- name: udmp setup
  hosts: unifi-udmp-gateway
  gather_facts: false
  roles:
    - role: mabunixda.ansible_udmp
      force_external_dns: yes
      udmp_external_dns_server_ipv4: "192.168.99.100" # e.g., Pi-hole
      udmp_external_dns_devices:
        - br10 # VLAN 10
        - br20 # VLAN 20
Informazioni sul progetto

Update Ubiquiti UDM (pro) Configuration with custom startup scripts and certificates

role ubiquiti udm udmpro unifi
Installa
ansible-galaxy install mabunixda.ansible_udmp
GitHub repository
45 stelle
1 fork
0 problemi aperti
Licenza
gpl-3.0
Download
15.4k
Proprietario