An ansible way
The config.gateway.json is a file that sits in the UniFi Network application filesystem and allows custom changes to the USG that aren't available in the web GUI.
see: UniFi - USG Advanced Configuration Using config.gateway.json
Check/Diff changes
ansible-playbook unifi-config.yml --check --diffApply config if usefull
ansible-playbook unifi-config.ymlgit clone <repourl>
Files hosts and config_gateway_json.yml are ansible-vault encrypted.
The ansible.cfg defines a file vault_password which is in .gitignore and will hold the password for the encrypted files.
- Create the
vault_passwordfile. E.g. interactive shell example:
unset -v password
set +o allexport
IFS= read -rsp 'Ansible Vault Password: ' password < /dev/tty &&
printf '%s' "$password" > vault_password-
(optional)
export EDITOR='code --wait';this allows you to edit vault files in an editor called viacode. -
Create or edit
hostswithansible-vault edit hosts.- If that fails, check your vault password.
- Or if you are not the owner of the repo you need to create a your own
hostsfile.rm hosts;touch hosts;ansible-vault encrypt hostsansible-vault edit hosts- example:
[USG_3P] USG-3P ansible_user=username ansible_password=password [uck] unifi-cloudkey ansible_user=username ansible_password=password
-
Create or edit
config_gateway_json.ymlwithansible-vault edit config_gateway_json.yml.- If that fails, check your vault password.
- Or if you are not the owner of the repo you need to create a your own
config_gateway_json.ymlfile.rm hosts;touch hosts;ansible-vault encrypt hostsansible-vault edit config_gateway_json.yml- example based on a IPv6 und UniFi USG mit Telekom DSL[German]:
--- config_gateway_json: unifi-cloudkey: interfaces: ethernet: eth0: pppoe: "0": dhcpv6-pd: prefix-only: "''" sitepath: unifi-cloudkey: ~