An ansible role for managing and providing advanced configuration of UBNT EdgeMAX and UniFI Network Devices.
After doing some research I realized there's a bunch fo scattered material for automating management and taking advantage of the functionatly of these great network devices. The goal is to consolidate that information and simplify the extension of the core platform to enable things like LetsEncrypt, Easy OpenVPN Connectivity, OSPF, MPLS and Other Advanced Configures.
A list features based on the research included here I'm hoping to implement.
| Feature | Ansible | UniFI CloudKey | USG4P | USG | EdgeRouterX |
|---|---|---|---|---|---|
| unifi_controller_facts | ansible library | * | |||
| Install SSH Keys | ansible role | untested | tested | tested | tested |
| SSH No Passwd Auth | task | ||||
| LetsEncrypt | task | ||||
| Get EdgeSwitch Config | template | n/a | n/a | n/a | untested |
| AWS Route53 DNS Update | task | Untested | n/a | n/a | n/a |
- Some UBNT (EdgeRouter/UniFI) Devices to Manage.
- unifi_controller_facts
Provide the location for the SSH keys that will be installed for SSH key based authentication to the ubnt device.
ubnt_ssh_authorized_key: ~/.ssh/id_ed25519.pub
AWS Credentials and additional information needed for updating Route53 information. This is currently untested.
Example Variables:
aws_access_key_id: < AWS_ACCESS_KEY_ID >
aws_secret_access_key: < AWS_SECRET_ACCESS_KEY >
aws_route53_domain: pouliot.net
aws_route53_network: 192.168.1.0/24
aws_route53_syslog_facility: local7
aws_route53_exclude_host: nothisone.pouliot.net
Script template to get ERX config.
docker run \
--rm \
-v ${PWD}:/usr/src/myapp \
-w /usr/src/myapp \
-e GOOS=linux \
-e GOARCH=mips64 \
golang bash -c "go get -v github.com/cloudflare/cloudflared/cmd/cloudflared ; GOOS=linux GOARCH=mips64 go build -ldflags='-s -w' -v -x github.com/cloudflare/cloudflared/cmd/cloudflared "
docker run \
--rm \
-v ${PWD}:/usr/src/myapp \
-w /usr/src/myapp \
-e GOOS=linux \
-e GOARCH=mipsle \
golang bash -c "go get -v github.com/cloudflare/cloudflared/cmd/cloudflared ; GOOS=linux GOARCH=mipsle go build -ldflags='-s -w' -v -x github.com/cloudflare/cloudflared/cmd/cloudflared"
docker run \
--rm \
-v ${PWD}:/usr/src/myapp \
-w /usr/src/myapp \
-e GOOS=linux \
-e GOARCH=mips64 \
golang bash -c "go get -v go.universe.tf/netboot/cmd/pixiecore ; GOOS=linux GOARCH=mips64 go build -ldflags='-s -w' -v -x go.universe.tf/netboot/cmd/pixiecore"
docker run \
--rm \
-v ${PWD}:/usr/src/myapp \
-w /usr/src/myapp \
-e GOOS=linux \
-e GOARCH=mipsle \
golang bash -c "go get -v go.universe.tf/netboot/cmd/pixiecore ; GOOS=linux GOARCH=mipsle go build -ldflags='-s -w' -v -x go.universe.tf/netboot/cmd/pixiecore"
Here is a non-working example of typical usage.
- hosts: localhost
gather_facts: True
roles:
- ppouliot.ubnt_platform_mgmt
- https://networkjutsu.com/hardening-edgerouter-lite-part-1/
- https://miketabor.com/enable-ssh-auto-login-ubiquiti-edgerouter-x/
- https://community.ubnt.com/t5/EdgeRouter/ssh-authorized-keys/td-p/458361
- https://community.ubnt.com/t5/UniFi-Stories/Adding-Let-s-Encrypt-certificate-to-UniFi-Cloud-Key-without/cns-p/2222363
- https://github.com/Ar0xA/USG-DNS-ADBLOCK
- https://github.com/amarcu5/EdgeOS-Blacklist
- https://github.com/britannic/blacklist
- https://github.com/Ar0xA/USG-DNS-ADBLOCK
- https://bendews.com/posts/implement-dns-over-https/
- https://github.com/j-c-m/ubnt-letsencrypt
- https://github.com/neilalexander/vyatta-cjdns
- https://github.com/bettermanbao/erx-shadowsocks-libev
- https://github.com/cmur2/vyatta-sixxs
- A Pi-hole equivalent for the Unifi Security Gateway
- pi-hole conditional forwarding and unifi networking
- catching naughty devices on my home network
- https://github.com/brontide/usg-blacklist
- Pritunl to USG/Unifi
- https://community.ubnt.com/t5/UniFi-Routing-Switching/OpenVPN-to-Pritunl-using-USG/td-p/2161699
- https://github.com/mafredri/vyatta-wireguard-installer
- https://github.com/whiskerz007/ubnt_get_wireguard
- https://community.ubnt.com/t5/UniFi-Routing-Switching/USG-PRO-4-amp-MPLS-Outbound-routing-works-but-unable-to-reach/td-p/2450723
- https://github.com/basmeerman/unifi-usg-kpn
- How to build a load balancer with BGP and ECMP
- Update AWS Route53
- Install cloudflared on UniFI Controller
- Cloudflare DynDNS
- https://github.com/Twanislas/ubnt-cloudflared
- https://khaz.me/cloudflare-ddns-configuration-for-unifi-usg/
- ubnt_cloudflared
- https://github.com/kchristensen/udm-le
- https://github.com/Art-of-WiFi/UniFi-API-client/
- https://github.com/tbyehl/edgerouter-backup
- https://github.com/syncloudsoft/unifi-client
- https://github.com/hobbyquaker/unifi2mqtt
- https://github.com/jens-maus/node-unifi
- https://github.com/KoenZomers/UniFiApi
- https://github.com/davidmaitland/unifi-voucher-generator
- https://gist.github.com/troyfontaine/43f4a978418b845cdbb117ffe1fd30e8
- https://github.com/bsab/django-unifi-portal
- https://github.com/emanuelepaiano/espresso-portal
- https://github.com/SEQUOIIA/unifi-proper-portal
- https://github.com/kaptk2/portal
- http://dl.ubnt.com/unifi/3.2.10/portal_sample_paypal.zip
- https://github.com/PaintSplasher/unifi-voucher-service
- https://github.com/woodjme/unifi-hotspot
- https://github.com/batesta/whoshere
- https://github.com/stevejenkins/unifi-linux-utils
- https://github.com/oldsj/edgerouter-automation
- https://github.com/brianredbeard/edgeos_setup
- kenmoini/unifi_controller_facts
- https://github.com/btaub/misc-scripts/blob/master/get-EdgeSwitch-config.sh
- https://github.com/jaysoffian/eap_proxy
- https://github.com/ubiquiti/eot-controller
- https://github.com/Enatec/UniFiTooling
- https://github.com/martbrooks/unifi_ssl_certs
- https://github.com/dmbaturin/scripts/blob/master/usg-config-export.py
- https://github.com/msnelling/ansible-unifi
- https://github.com/boostchicken/udm-utilities
- https://github.com/richardhofman/ansible-role-edgerouter/
- Ansible Example w/ Jinja template
- https://github.com/unifi-toolbox/unifi-protect-video-downloader
- https://github.com/yuppity/unifi-video-api
- https://github.com/petergeneric/unifi-protect-remux
- EdgeRouter to git repo backup scripts.
- Oxidized
- https://github.com/gebn/unifibackup
- https://github.com/zhangyoufu/unifi-backup-decrypt
- Nagios Plugin to check Unifi Controller
- Sensu plugin that polls metrics from UBNT Unifi wireless controllers
- Collect your Unifi Controller Data and send it to an InfluxDB instance. Grafana dashboards included
- Periodic monitoring of UBNT EdgeRouter metrics not otherwise available via SNMP and logging to InfluxDB/Grafana
- Simple web server that connects to a Ubiquiti Edge Router to show who is using a substantial amount of data
- Perl Module to output UBNT info
- https://github.com/mikeder/edgerouter-graylog-extractors
- https://github.com/lowfive/graylog-grok-edgerouter
- https://github.com/Graylog2/graylog-guide-ubiquity-unify-ap
- https://github.com/breakandinspect/graylog
- https://github.com/loganmarchione/graylog-edgerouter-lite
- https://github.com/edoput/netjsonconfig-airos
- https://github.com/WaterByWind/grafana-dashboards
- https://github.com/zbx-sadman/unifi_miner
- https://github.com/zbx-sadman/unifi_proxy
- https://github.com/mdlayher/unifi_exporter
- https://github.com/caglar10ur/elk-usg
- https://github.com/custom-components/sensor.unifigateway
- unifi-poller
- https://github.com/tusc/ntopng-udm
- https://github.com/iobroker-community-adapters/ioBroker.unifi
- https://github.com/custom-components/sensor.unifigateway
- https://github.com/finish06/Unifi-Metrics-Collector
- https://github.com/jcoutch/usg-scripts
- https://github.com/Manawyrm/unifirespondd
- https://github.com/tborychowski/unifi-event-monitor
- https://github.com/stevejenkins/UBNT-EdgeRouter-Example-Configs
- https://github.com/ekrunch/ubiquiti_unifi_configs
- https://github.com/psaintemarie/unifi-bytel
- https://github.com/TimoDJatomika/EdgeRouter-Stuff
- Vyatta Network OS High Availability
- 235723207-UniFi-USG-UDM-Port-Forwarding-Configuration-and-Troubleshooting
- https://github.com/chashtag/unifi-8021x-setup
- PiHole - Catching and dealing w/ naughty devices
- Unifi Usg dnat rule for pi-hole or other dns redirection
- How To Enable InterVLAN Routing on the UniFi USG
- Firewall-rules-DNS-blocking-except-for-my-local-Pi-Hole
- PiHole across VLANs blocking internet traffic SOLVED
- VLAN inter-accessibility for MultiCast devices (SONOS, Chromecast, Airtame, etc)
- EdgeRouter Setup IGMP proxy and statistics
- Configure Sonos across subnets on USG
- Unifi Sonos and VLANs
- An optimal configuration for a Unifi Managed Network & Sonos
- Tips Connecting to SONOS speakers on a Unifi Wireless Network.
- Sonos on Unifi Network Gear
- How to configure your UniFi network for Sonos
- Tips: Running Sonos wired and wireless in a pure Unifi (Ubiquiti) network environment
- Getting Sonos and Ubiquiti to play nice
- Peter Pouliot peter@pouliot.net
Copyright (C) 2018 Peter J. Pouliot
Peter Pouliot can be contacted at: peter@pouliot.net
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.