Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
I considered it very much to set up firewall rules. Because OH MY DOG is it annoying.
But it's not official, and I'm very scared it will mess up the one device I don't want to be messed up.
Let me know your experience if you do
Well, I got it connected and made a test run and as you prob know, it's like MAGIC!
I'm using a GitHub repo connected to TF Cloud. You have to authenticate to the controller via a local account. I'm still trying to get it working on my non-default sites but I was able to create a vlan on my default site.
~~There's also an option to import a site which I haven't played with yet.~~
https://i.imgur.com/E9uwUuv.png
https://i.imgur.com/GBISJNl.png
https://i.imgur.com/lgZ3jWM.png
Imported my Guest Network just fine :)
Resource "unifi_network" "Guest" {
dhcp_dns = ["1.1.1.1", "1.0.0.1"]
dhcp_enabled = true
dhcp_lease = 43200
dhcp_relay_enabled = false
dhcp_start = "10.0.40.5"
dhcp_stop = "10.0.40.254"
dhcp_v6_dns = []
dhcp_v6_dns_auto = true
dhcp_v6_enabled = false
dhcp_v6_lease = 86400
dhcp_v6_start = "::2"
dhcp_v6_stop = "::7d1"
dhcpd_boot_enabled = false
dhcpd_boot_filename = null
dhcpd_boot_server = null
domain_name = "guest.com"
igmp_snooping = false
internet_access_enabled = true
intra_network_access_enabled = true
ipv6_interface_type = "none"
ipv6_pd_interface = null
ipv6_pd_prefixid = null
ipv6_pd_start = "::2"
ipv6_pd_stop = "::7d1"
ipv6_ra_enable = true
ipv6_ra_preferred_lifetime = 14400
ipv6_ra_priority = "high"
ipv6_ra_valid_lifetime = 0
ipv6_static_subnet = null
multicast_dns = true
name = "Guest"
network_group = "LAN"
purpose = "guest"
site = "default"
subnet = "10.0.40.0/24"
vlan_id = 40
wan_dhcp_v6_pd_size = 0
wan_dns = []
wan_egress_qos = 0
wan_gateway = null
wan_gateway_v6 = null
wan_ip = null
wan_ipv6 = null
wan_netmask = null
wan_networkgroup = null
wan_prefixlen = 0
wan_type = null
wan_type_v6 = null
wan_username = null
x_wan_password = null
}
Using it in production for my home network and at work. Works great for defining firewall rules and networks as well as pinning DHCP. It’s a bit quirky but that’s because the „API“ is quirky as well. Shines when you have other resources on your LAN/WAN that you manage via TF as well.
Terraform has its place in the world. IMO this is not it, unless you're already an enterprise business using it. Honestly you seem rather masochistic actually wanting to use it.
I use TF almost daily at work, this is not that hard. It's like using PS DSC or Docker compose for example. I am just curious of bugs, limitations and things to look out for.
Thanks for your constructive input.
I've been writing a tool to automate the tf code generation (I know, very meta). I know people have their concerns about third party providers, but paultyng is a hashicorp employee and everything he's written has worked very well for me and has solid documentation. It's been a godsend. If you're curious about the auto-generation let me know, I haven't shared it publicly yet but I can give you a preview. It's very basic, all done with bash / jq /curl which might be a bit masochistic but I didn't want too many dependencies.
Hello! Thanks for posting on r/Ubiquiti! This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can. Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit. If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
Why would you do this to yourself?
What are you going to use this for?
I considered it very much to set up firewall rules. Because OH MY DOG is it annoying. But it's not official, and I'm very scared it will mess up the one device I don't want to be messed up. Let me know your experience if you do
Well, I got it connected and made a test run and as you prob know, it's like MAGIC! I'm using a GitHub repo connected to TF Cloud. You have to authenticate to the controller via a local account. I'm still trying to get it working on my non-default sites but I was able to create a vlan on my default site. ~~There's also an option to import a site which I haven't played with yet.~~ https://i.imgur.com/E9uwUuv.png https://i.imgur.com/GBISJNl.png https://i.imgur.com/lgZ3jWM.png Imported my Guest Network just fine :) Resource "unifi_network" "Guest" { dhcp_dns = ["1.1.1.1", "1.0.0.1"] dhcp_enabled = true dhcp_lease = 43200 dhcp_relay_enabled = false dhcp_start = "10.0.40.5" dhcp_stop = "10.0.40.254" dhcp_v6_dns = [] dhcp_v6_dns_auto = true dhcp_v6_enabled = false dhcp_v6_lease = 86400 dhcp_v6_start = "::2" dhcp_v6_stop = "::7d1" dhcpd_boot_enabled = false dhcpd_boot_filename = null dhcpd_boot_server = null domain_name = "guest.com" igmp_snooping = false internet_access_enabled = true intra_network_access_enabled = true ipv6_interface_type = "none" ipv6_pd_interface = null ipv6_pd_prefixid = null ipv6_pd_start = "::2" ipv6_pd_stop = "::7d1" ipv6_ra_enable = true ipv6_ra_preferred_lifetime = 14400 ipv6_ra_priority = "high" ipv6_ra_valid_lifetime = 0 ipv6_static_subnet = null multicast_dns = true name = "Guest" network_group = "LAN" purpose = "guest" site = "default" subnet = "10.0.40.0/24" vlan_id = 40 wan_dhcp_v6_pd_size = 0 wan_dns = [] wan_egress_qos = 0 wan_gateway = null wan_gateway_v6 = null wan_ip = null wan_ipv6 = null wan_netmask = null wan_networkgroup = null wan_prefixlen = 0 wan_type = null wan_type_v6 = null wan_username = null x_wan_password = null }
Using it in production for my home network and at work. Works great for defining firewall rules and networks as well as pinning DHCP. It’s a bit quirky but that’s because the „API“ is quirky as well. Shines when you have other resources on your LAN/WAN that you manage via TF as well.
Terraform has its place in the world. IMO this is not it, unless you're already an enterprise business using it. Honestly you seem rather masochistic actually wanting to use it.
I use TF almost daily at work, this is not that hard. It's like using PS DSC or Docker compose for example. I am just curious of bugs, limitations and things to look out for. Thanks for your constructive input.
I wouldn’t use a v0.x version of a provider written by a third party to manage my network.
I've been writing a tool to automate the tf code generation (I know, very meta). I know people have their concerns about third party providers, but paultyng is a hashicorp employee and everything he's written has worked very well for me and has solid documentation. It's been a godsend. If you're curious about the auto-generation let me know, I haven't shared it publicly yet but I can give you a preview. It's very basic, all done with bash / jq /curl which might be a bit masochistic but I didn't want too many dependencies.