Recently I bought a Ubiquiti mPower which is part of their mFi-line of products for home automation. This comes with the mFi controller software which is a standalone Tomcat application used to control various mFi components. These can be smart powerbars, temperature/current/motion sensors, but also custom sensors (more on that later).

Since this controller would need to be running 24/7 it seemed like a logical choice to install it on my home server and manage it with Puppet.


Currently the module has only been tested on OpenBSD 5.6 though it should be trivial to port to other platforms for which a package is available.

The module itself is pretty straight forward, however there was one caveat…I had a File[''] which happened to be a template. After having setup the administrator user and upload my own map Puppet would come by and overwrite the file, triggering an Service['mfi'] notify and restart the service.

Oh well…wait…I need to setup a user again..and my maps are gone…

Turns out mfi writes a uuid= line into the file in order for it to be able to load the database again upon startup. But with a template overwriting the file, mfi would effectively forget everything every time it started.

Since it’s just a Java properties file augeas is the right tool for the job with the Properties.lns lens:

mfi::property { 'unifi.http.port': value =>  $unifi_http_port }


Since even in a home-environment I’m not too fond of exposing all the ports on which the mFi-controller listens to whoever wants to connect I initally added a new unifi.http.address parameter to to make the <Connector /> blocks in conf/server.xml listen on only. However this opened up a can of worms so I ended up just blocking all ports in the firewall and setup an nginx proxy in front of it.

The following code was tested with nginx 1.6.0:

    server {
        server_name     mfi;
        listen  443;
        listen  [::]443;

        ssl                     on;
        ssl_certificate         /etc/ssl/mfi.crt;
        ssl_certificate_key     /etc/ssl/private/mfi.key;

        location / {
            proxy_pass       https://localhost:6443;
            proxy_set_header Host;
            proxy_ssl_protocols SSLv3;

…which is of course lifted from Hiera. Thanks to this post on the UniFi-forums.

The module is available on the Puppet Forge and the source is over at GitHub; pull requests welcome!

PS: the module should also be a good base for anyone who wants to manage the more popular UniFi software with Puppet.