{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.unpoller;
configFile = pkgs.writeText "unpoller.json" (
lib.generators.toJSON { } {
inherit (cfg)
poller
influxdb
loki
prometheus
unifi
;
}
);
in
imports = [
(lib.mkRenamedOptionModule [ "services" "unifi-poller" ] [ "services" "unpoller" ])
];
options.services.unpoller = {
enable = lib.mkEnableOption "unpoller";
poller = {
debug = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Turns on line numbers, microsecond logging, and a per-device log.
This may be noisy if you have a lot of devices. It adds one line per device.
'';
};
quiet = lib.mkOption {
Turns off per-interval logs. Only startup and error logs will be emitted.
plugins = lib.mkOption {
type = with lib.types; listOf str;
default = [ ];
Load additional plugins.
prometheus = {
disable = lib.mkOption {
Whether to disable the prometheus output plugin.
http_listen = lib.mkOption {
type = lib.types.str;
default = "[::]:9130";
Bind the prometheus exporter to this IP or hostname.
report_errors = lib.mkOption {
Whether to report errors.
influxdb = {
Whether to disable the influxdb output plugin.
url = lib.mkOption {
default = "http://127.0.0.1:8086";
URL of the influxdb host.
user = lib.mkOption {
default = "unifipoller";
Username for the influxdb.
pass = lib.mkOption {
type = lib.types.path;
default = pkgs.writeText "unpoller-influxdb-default.password" "unifipoller";
defaultText = lib.literalExpression "unpoller-influxdb-default.password";
Path of a file containing the password for influxdb.
This file needs to be readable by the unifi-poller user.
apply = v: "file://${v}";
db = lib.mkOption {
default = "unifi";
Database name. Database should exist.
verify_ssl = lib.mkOption {
default = true;
Verify the influxdb's certificate.
interval = lib.mkOption {
default = "30s";
Setting this lower than the Unifi controller's refresh
interval may lead to zeroes in your database.
loki = {
default = "";
URL of the Loki host.
Username for Loki.
default = pkgs.writeText "unpoller-loki-default.password" "";
defaultText = "unpoller-influxdb-default.password";
Path of a file containing the password for Loki.
Verify Loki's certificate.
tenant_id = lib.mkOption {
Tenant ID to use in Loki.
default = "2m";
How often the events are polled and pushed to Loki.
timeout = lib.mkOption {
default = "10s";
Should be increased in case of timeout errors.
unifi =
controllerOptions = {
Unifi service user name.
default = pkgs.writeText "unpoller-unifi-default.password" "unifi";
defaultText = lib.literalExpression "unpoller-unifi-default.password";
Path of a file containing the password for the unifi service user.
default = "https://unifi:8443";
URL of the Unifi controller.
sites = lib.mkOption {
type =
with lib.types;
either (enum [
"default"
"all"
]) (listOf str);
default = "all";
List of site names for which statistics should be exported.
Or the string "default" for the default site or the string "all" for all sites.
apply = lib.toList;
save_ids = lib.mkOption {
Collect and save data from the intrusion detection system to influxdb and Loki.
save_events = lib.mkOption {
Collect and save data from UniFi events to influxdb and Loki.
save_alarms = lib.mkOption {
Collect and save data from UniFi alarms to influxdb and Loki.
save_anomalies = lib.mkOption {
Collect and save data from UniFi anomalies to influxdb and Loki.
save_dpi = lib.mkOption {
Collect and save data from deep packet inspection.
Adds around 150 data points and impacts performance.
save_sites = lib.mkOption {
Collect and save site data.
hash_pii = lib.mkOption {
Hash, with md5, client names and MAC addresses. This attempts
to protect personally identifiable information.
Verify the Unifi controller's certificate.
dynamic = lib.mkOption {
Let prometheus select which controller to poll when scraping.
Use with default credentials. See unifi-poller wiki for more.
defaults = controllerOptions;
controllers = lib.mkOption {
listOf (submodule {
options = controllerOptions;
});
List of Unifi controllers to poll. Use defaults if empty.
apply = map (lib.flip removeAttrs [ "_module" ]);
config = lib.mkIf cfg.enable {
users.groups.unifi-poller = { };
users.users.unifi-poller = {
description = "unifi-poller Service User";
group = "unifi-poller";
isSystemUser = true;
systemd.services.unifi-poller = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.unpoller}/bin/unpoller --config ${configFile}";
Restart = "always";
PrivateTmp = true;
ProtectHome = true;
ProtectSystem = "full";
DevicePolicy = "closed";
NoNewPrivileges = true;
User = "unifi-poller";
WorkingDirectory = "/tmp";