Commit b0395df0 authored by Emily's avatar Emily
Browse files

unifi7: drop

parent e2094114

nixos/doc/manual/release-notes/rl-2411.section.md

+3 −0
Original line number Diff line number Diff line
@@ -173,6 +173,9 @@ 
  - `transmission-gtk`: `~/.config/transmission`

  - `transmission-daemon` using NixOS module: `${config.services.transmission.home}/.config/transmission-daemon` (defaults to `/var/lib/transmission/.config/transmission-daemon`)



- `unifi` has been updated to UniFi 8.

  `unifi7` was removed as it is vulnerable to CVE-2024-42025 and required a version of MongoDB that has reached end of life.



- `androidenv.androidPkgs_9_0` has been removed, and replaced with `androidenv.androidPkgs` for a more complete Android SDK including support for Android 9 and later.



- `grafana` has been updated to version 11.1. This version doesn't support setting `http_addr` to a hostname anymore, an IP address is expected.

nixos/modules/services/networking/unifi.nix

+33 −15
Original line number Diff line number Diff line
@@ -2,8 +2,8 @@ 
let

  cfg = config.services.unifi;

  stateDir = "/var/lib/unifi";

  cmd = lib.escapeShellArgs ([ "@${cfg.jrePackage}/bin/java" "java" ]

    ++ lib.optionals (lib.versionAtLeast (lib.getVersion cfg.jrePackage) "16") [

  cmd = lib.escapeShellArgs ([

      "@${cfg.jrePackage}/bin/java" "java"

      "--add-opens=java.base/java.lang=ALL-UNNAMED"

      "--add-opens=java.base/java.time=ALL-UNNAMED"

      "--add-opens=java.base/sun.security.util=ALL-UNNAMED"
@@ -27,24 +27,19 @@ in 
      '';

    };



    services.unifi.jrePackage = lib.mkOption {

      type = lib.types.package;

      default = if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3") then pkgs.jdk11 else pkgs.jre8;

      defaultText = lib.literalExpression ''if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3" then pkgs.jdk11 else pkgs.jre8'';

      description = ''

        The JRE package to use. Check the release notes to ensure it is supported.

    services.unifi.jrePackage = lib.mkPackageOption pkgs "jdk" {

      default = "jdk17_headless";

      extraDescription = ''

        Check the UniFi controller release notes to ensure it is supported.

      '';

    };



    services.unifi.unifiPackage = lib.mkPackageOption pkgs "unifi5" { };

    services.unifi.unifiPackage = lib.mkPackageOption pkgs "unifi" {

      default = "unifi8";

    };



    services.unifi.mongodbPackage = lib.mkPackageOption pkgs "mongodb" {

      default = "mongodb-5_0";

      extraDescription = ''

        ::: {.note}

        unifi7 officially only supports mongodb up until 4.4 but works with 5.0.

        :::

      '';

      default = "mongodb-7_0";

    };



    services.unifi.openFirewall = lib.mkOption {
@@ -92,6 +87,29 @@ in 


  config = lib.mkIf cfg.enable {



    assertions = [

      {

        assertion = lib.versionAtLeast config.system.stateVersion "24.11"

        || (

          options.services.unifi.unifiPackage.highestPrio < (lib.mkOptionDefault { }).priority

          && options.services.unifi.mongodbPackage.highestPrio < (lib.mkOptionDefault { }).priority

        );

        message = ''

          Support for UniFi < 8 has been dropped; please explicitly set

          `services.unifi.unifiPackage` and `services.unifi.mongodbPackage`.



          Note that the previous default MongoDB version was 5.0 and MongoDB

          only supports migrating one major version at a time; therefore, you

          may wish to set `services.unifi.mongodbPackage = pkgs.mongodb-6_0;`

          and activate your configuration before upgrading again to the default

          `mongodb-7_0` supported by `unifi8`.



          For more information, see the MongoDB upgrade notes:

          <https://www.mongodb.com/docs/manual/release-notes/7.0-upgrade-standalone/#upgrade-recommendations-and-checklists>

        '';

      }

    ];



    users.users.unifi = {

      isSystemUser = true;

      group = "unifi";

nixos/tests/unifi.nix

+0 −1
Original line number Diff line number Diff line
@@ -31,6 +31,5 @@ let 
    '';

  };

in with pkgs; {

  unifi7 = makeAppTest unifi7;

  unifi8 = makeAppTest unifi8;

}

pkgs/servers/unifi/default.nix

+0 −7
Original line number Diff line number Diff line
@@ -46,13 +46,6 @@ let 
in rec {

  # see https://community.ui.com/releases / https://www.ui.com/download/unifi



  unifi7 = generic {

    version = "7.5.187";

    suffix = "-f57f5bf7ab";

    sha256 = "sha256-a5kl8gZbRnhS/p1imPl7soM0/QSFHdM0+2bNmDfc1mY=";

    knownVulnerabilities = [ "CVE-2024-42025" ];

  };



  unifi8 = generic {

    version = "8.4.62";

    suffix = "-i3q2j125cz";

pkgs/top-level/aliases.nix

+1 −0
Original line number Diff line number Diff line
@@ -1606,6 +1606,7 @@ mapAliases { 
  unifi-video = throw "unifi-video has been removed as it has been unsupported upstream since 2021"; # Added 2024-10-01

  unifi5 = throw "'unifi5' has been removed since its required MongoDB version is EOL."; # Added 2024-04-11

  unifi6 = throw "'unifi6' has been removed since its required MongoDB version is EOL."; # Added 2024-04-11

  unifi7 = throw "'unifi7' has been removed since it is vulnerable to CVE-2024-42025 and its required MongoDB version is EOL."; # Added 2024-10-01

  unifiLTS = throw "'unifiLTS' has been removed since UniFi no longer has LTS and stable releases. Use `pkgs.unifi` instead."; # Added 2024-04-11

  unifiStable = throw "'unifiStable' has been removed since UniFi no longer has LTS and stable releases. Use `pkgs.unifi` instead."; # Converted to throw 2024-04-11

  untrunc = untrunc-anthwlock; # Added 2021-02-01