Add Unifi Network

2025-11-06 19:30:42 +11:00
parent bbff0f6692
commit 2803f694e8
6 changed files with 169 additions and 30 deletions
--- a/1-nixos-node/configuration.nix
+++ b/1-nixos-node/configuration.nix
@@ -113,6 +113,50 @@
  networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];
  networking.firewall.allowedUDPPorts = [ 8301 ];

+  # Ensure Docker daemon is available (Nomad enableDocker only configures Nomad, does not guarantee docker service)
+  virtualisation.docker.enable = true;
+
+  # Proper systemd service definition for macvlan network creation
+  systemd.services.docker-macvlan-network = {
+    description = "Ensure macvlan Docker network exists";
+    after = [ "network-online.target" "docker.service" ];
+    wants = [ "network-online.target" "docker.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+    };
+    # Provide required binaries in PATH
+    path = [ pkgs.docker pkgs.bash pkgs.coreutils pkgs.iproute2 pkgs.gnugrep ];
+    script = ''
+      set -euo pipefail
+      NET_NAME=macvlan
+      if docker network inspect "$NET_NAME" >/dev/null 2>&1; then
+        echo "Docker network $NET_NAME already exists"
+        exit 0
+      fi
+      echo "Creating Docker macvlan network $NET_NAME on interface ${bind_interface}"
+      # We intentionally do NOT use --ip-range here to avoid allocating the
+      # same reserved pool on every host (which could lead to collisions if
+      # multiple macvlan containers are started across nodes). Instead, we
+      # give critical services (like UniFi) an explicit static IP via the
+      # Nomad job (Docker static assignment) and rely on manual DHCP
+      # reservations to prevent conflicts.
+      #
+      # If you later need multiple macvlan-assigned containers per host,
+      # consider one of these strategies:
+      #  1. Per-host distinct network name + ip-range slice (macvlan-m01, ...)
+      #  2. Parameterize an ip-range per host in Terraform and template here
+      #  3. Keep a registry of allocated static IPs in Consul KV / Nomad vars
+      docker network create -d macvlan \
+        --subnet=192.168.1.0/24 \
+        --gateway=192.168.1.1 \
+        -o parent=${bind_interface} \
+        "$NET_NAME"
+      echo "Docker macvlan network $NET_NAME created"
+    '';
+    restartIfChanged = false; # Don't rerun just because comment changed
+  };
+
  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.