Recently I bought a Ubiquiti mPower which is part of their mFi-line of products for home automation. This comes with the mFi controller software which is a standalone Tomcat application used to control various mFi components. These can be smart powerbars, temperature/current/motion sensors, but also custom sensors (more on that later).

Since this controller would need to be running 24/7 it seemed like a logical choice to install it on my home server and manage it with Puppet.

###jasper/mfi

Currently the module has only been tested on OpenBSD 5.6 though it should be trivial to port to other platforms for which a package is available.

The module itself is pretty straight forward, however there was one caveat…I had a File['system.properties'] which happened to be a template. After having setup the administrator user and upload my own map Puppet would come by and overwrite the file, triggering an Service['mfi'] notify and restart the service.

Oh well…wait…I need to setup a user again..and my maps are gone…

Turns out mfi writes a uuid= line into the system.properties file in order for it to be able to load the database again upon startup. But with a template overwriting the file, mfi would effectively forget everything every time it started.

Since it’s just a Java properties file augeas is the right tool for the job with the Properties.lns lens:

mfi::property { 'unifi.http.port': value =>  $unifi_http_port }

nginx-frontend

Since even in a home-environment I’m not too fond of exposing all the ports on which the mFi-controller listens to whoever wants to connect I initally added a new unifi.http.address parameter to system.properties to make the <Connector /> blocks in conf/server.xml listen on 127.0.0.1 only. However this opened up a can of worms so I ended up just blocking all ports in the firewall and setup an nginx proxy in front of it.

The following code was tested with nginx 1.6.0:

    server {
        server_name     mfi mfi.office.jasper.la;
        listen  443;
        listen  [::]443;

        ssl                     on;
        ssl_certificate         /etc/ssl/mfi.crt;
        ssl_certificate_key     /etc/ssl/private/mfi.key;


        location / {
            proxy_pass       https://localhost:6443;
            proxy_set_header Host mfi.office.jasper.la;
            proxy_ssl_protocols SSLv3;
        }
    }

…which is of course lifted from Hiera. Thanks to this post on the UniFi-forums.

The module is available on the Puppet Forge and the source is over at GitHub; pull requests welcome!

PS: the module should also be a good base for anyone who wants to manage the more popular UniFi software with Puppet.