wiki: cross-link uos-server <-> pfsense (unifi-wifi skill halves); add uos-server to index
This commit is contained in:
@@ -88,6 +88,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
|
||||
| [Uranus](systems/uranus.md) | 172.16.3.21 — Unraid secondary (Dell R730xd); OwnCloud archive storage only; formerly Saturn's IP (reused Apr 2026); RAM too low for VMs | 2026-05-24 |
|
||||
| [IX Web Hosting Server](systems/ix-server.md) | 172.16.3.10 / 72.194.62.5 — cPanel/WHM 134 on CloudLinux 9.7 (64-core Xeon, 4.4 T /home); **72 cPanel accounts / 185 domains / 101 WordPress** + ACG sites (radio Astro, Flarum community, Matomo analytics); GuruRMM-enrolled; SSH key auth from GURU-5070; behind Cloudflare tunnel `acg-origin`; **backups look unconfigured (gap)**. Live SSH inventory 2026-06-05 — full account→domain map in the article | 2026-06-05 |
|
||||
| [pfsense (ACG Gateway/Firewall)](systems/pfsense.md) | 172.16.0.1 (SSH :2248) — ACG office FreeBSD gateway/firewall + Tailscale subnet router. ALSO the home of the **fleet-wide pfSense management tooling** in the `unifi-wifi` skill: SSH backend (`pfsense-ssh.sh` + `pfsense-gwc.php`) that audits/controls ANY client pfSense — `audit`/`pf-*`/`fw-*`/`block-ips`, DRY-RUN default, cred `clients/<slug>/pfsense-firewall`. Validated on Cascades (Plus 25.07) 2026-06-21 | 2026-06-21 |
|
||||
| [UOS Server (UniFi OS Server)](systems/uos-server.md) | 172.16.3.29 (web/API :11443 via NPM, **not** 8443) — self-hosted UniFi OS controller (~49 sites), virsh "Unifi" VM on Jupiter; UniFi Network `ace` MongoDB in rootless podman; query via `.claude/scripts/uos-mongo.sh` (root SSH key `infrastructure/uos-server-ssh-key`). UniFi half of the `unifi-wifi` skill — pairs with [pfsense](systems/pfsense.md) at UniFi-behind-pfSense sites | 2026-06-21 |
|
||||
|
||||
## Patterns
|
||||
|
||||
|
||||
@@ -2,8 +2,15 @@
|
||||
type: system
|
||||
name: uos-server
|
||||
display_name: UOS Server (UniFi OS Server)
|
||||
last_compiled: 2026-06-15
|
||||
compiled_by: GURU-5070/claude-main
|
||||
last_compiled: 2026-06-21
|
||||
compiled_by: HOWARD-HOME/claude-main
|
||||
sources:
|
||||
- session-logs/2026-06/2026-06-21-howard-unifi-pfsense-control-verbs.md
|
||||
backlinks:
|
||||
- systems/jupiter
|
||||
- systems/pfsense
|
||||
- clients/cascades-tucson
|
||||
- clients/internal-infrastructure
|
||||
---
|
||||
|
||||
# UOS Server (UniFi OS Server)
|
||||
@@ -78,6 +85,25 @@ There is **no mongo client on the guest host**; the shell is `/usr/bin/mongo` *i
|
||||
- **`rogue`** — neighbor/over-the-air BSSIDs seen by APs. **Not ACG gear** — a MAC hit here is someone else's WiFi, ignore it for device hunts.
|
||||
- **Pending/unadopted devices:** the controller only persists a discovered device into `device` with `adopted:false`. If `db.device.count({adopted:false})` is `0`, there are **no** pending devices controller-wide — an "unadopted" device that returns nothing here simply has not reached this controller (not on a network it can discover, or managed by a different console). The cloud API and integration API show adopted gear only, so they cannot find it either; locating it then needs L2/DHCP/ARP on the gateway of the site it is physically cabled to.
|
||||
|
||||
## Related tooling — pfSense gateway layer (works together)
|
||||
|
||||
This UOS controller and the **pfSense gateway tooling** are the two halves of the **`unifi-wifi`
|
||||
skill**, and they're designed to be used together at a single site:
|
||||
|
||||
- **This UOS server** = the UniFi side — APs/switches/clients across ~49 sites, queried via the
|
||||
Mongo path above (and the `gw-audit`/`gw-control` verbs for UniFi *gateways*).
|
||||
- **[[pfsense]]** = the gateway side — when a site's gateway is a pfSense (not a UniFi USG/UXG/UCG),
|
||||
the same `gw-audit`/`gw-control` verbs auto-dispatch to the pfSense SSH backend
|
||||
(`pfsense-ssh.sh` + `pfsense-gwc.php`, cred `clients/<slug>/pfsense-firewall`).
|
||||
|
||||
A very common ACG topology is **UniFi APs/switches on this controller behind a pfSense gateway** —
|
||||
e.g. [[cascades-tucson]] and the ACG office itself. At such a site you drive WiFi/switch work
|
||||
through this UOS Mongo path and gateway work (WAN/firewall/port-forwards/blocking) through the
|
||||
pfSense backend; `gw-audit <site>` covers both because it reports `num_gw=0` (no UniFi gateway) and
|
||||
then runs the pfSense audit. So one skill spans the whole site regardless of gateway vendor.
|
||||
|
||||
## Backlinks
|
||||
- [[jupiter]] — hypervisor (virsh "Unifi" VM) + NPM (`172.16.3.20:7818`, the `:11443` proxy).
|
||||
- [[internal-infrastructure]] — ACG internal infra index.
|
||||
- [[pfsense]] — the gateway half of the `unifi-wifi` skill (pfSense SSH backend); pairs with this UOS controller.
|
||||
- [[cascades-tucson]] — example UniFi-on-UOS-behind-pfSense site (the pfSense backend was validated there).
|
||||
|
||||
Reference in New Issue
Block a user