unifi-security-report/docker-compose.yml at main · trek-e/unifi-security-report · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# UniFi Security Report - Docker Compose Configuration
# v0.6.1b - API efficiency optimizations, IPS endpoint caching

services:
  unifi-security-report:
    image: ghcr.io/trek-e/unifi-security-report:latest
    container_name: unifi-security-report
    restart: unless-stopped
    network_mode: host

    environment:
      # Connection (required)
      UNIFI_HOST: 192.168.0.1
      UNIFI_USERNAME: admin
      UNIFI_VERIFY_SSL: "false"
      # UNIFI_PORT: "443"              # Auto-detected (443, 8443, 11443)
      # UNIFI_SITE: default            # Auto-detected
      # UNIFI_CONNECT_TIMEOUT: "10"    # Connection timeout (seconds)
      # UNIFI_MAX_RETRIES: "5"         # Retry attempts on failure

      # Schedule (runs daily at 8am Eastern)
      UNIFI_SCHEDULE_PRESET: daily_8am
      UNIFI_SCHEDULE_TIMEZONE: America/New_York
      # UNIFI_SCHEDULE_CRON: "0 8 * * *"         # Custom cron (overrides preset)
      # UNIFI_POLL_INTERVAL: "300"                # Seconds between cycles
      # UNIFI_INITIAL_LOOKBACK_HOURS: "24"        # History on first run (1-720)

      # File Output
      UNIFI_FILE_ENABLED: "true"
      UNIFI_FILE_OUTPUT_DIR: /app/reports
      UNIFI_FILE_FORMAT: both
      UNIFI_FILE_RETENTION_DAYS: "30"

      # SSH for IPS via MongoDB (v0.5.5b+)
      # UniFi API doesn't expose IPS events, so we query MongoDB directly via SSH
      # Requires SSH key authentication (password auth is disabled on UDM Pro)
      UNIFI_SSH_ENABLED: "true"
      UNIFI_SSH_KEY_PATH: /run/secrets/ssh_key
      UNIFI_SSH_USERNAME: root
      # UNIFI_SSH_KEY_PASSPHRASE: ""  # Uncomment if key is encrypted

      # Email Delivery (uncomment to enable)
      # UNIFI_EMAIL_ENABLED: "true"
      # UNIFI_SMTP_HOST: smtp.gmail.com
      # UNIFI_SMTP_PORT: "587"
      # UNIFI_SMTP_USER: your-email@gmail.com
      # UNIFI_SMTP_PASSWORD: your-app-password
      # UNIFI_SMTP_USE_TLS: "true"
      # UNIFI_EMAIL_FROM: your-email@gmail.com
      # UNIFI_EMAIL_RECIPIENTS: recipient@example.com
      # UNIFI_TIMEZONE: America/New_York

      # WebSocket (UniFi 10.x+ — enabled by default)
      # UNIFI_WEBSOCKET_ENABLED: "true"
      # UNIFI_WEBSOCKET_BUFFER_SIZE: "10000"

      # Cloudflare Integration (optional)
      # UNIFI_CLOUDFLARE_API_TOKEN: your-api-token
      # UNIFI_CLOUDFLARE_ACCOUNT_ID: your-account-id  # Auto-detected from zones

      # Logging
      UNIFI_LOG_LEVEL: INFO
      UNIFI_LOG_FORMAT: json

    secrets:
      - unifi_password
      - ssh_key

    volumes:
      - ./reports:/app/reports:rw

secrets:
  unifi_password:
    file: ./secrets/unifi_password.txt
  ssh_key:
    file: ./secrets/unifi_ssh_key
    # Generate with: ssh-keygen -t ed25519 -f ./secrets/unifi_ssh_key
    # Copy public key to UDM: cat ./secrets/unifi_ssh_key.pub | ssh root@192.168.0.1 "cat >> ~/.ssh/authorized_keys"