Weeknotes 134

21st January, 2024

“Extinct cheese”

I’ve got so many small tasks to do at the moment that I’m feeling pretty overwhelmed at times.
The door button on my ancient microwave looked shabby. Years of pressing had worn away the fake metal finish revealing the black plastic beneath.

I thought replacing this button shouldn’t be too difficult, but finding the parts might be tricky. I got lucky though, so now I have rejuvenated microwave!
True Detective is back and it’s good!
Say what now?! (via @thomaspaulmann)

TIL: If you prefix an emoji with “+” in @SlackHQ , you can react to the previous message
I received an email from Monzo this week saying they were doing “Know Your Customer” checks.

As a regulated bank, from time to time we need to reach out to our customers to gain further information. We need to ask you some questions as part of our ongoing Know Your Customer (KYC) checks.

Naturally I thought this was fake, because why would a bank be asking me to send sensitive personal information to them by email? We have banks who are training people to believe phishing emails. Neat.
Corporations Are Not To Be Loved by Brent Simmons

But I need to remember, now and again, that Apple is a corporation, and corporations aren’t people, and they can’t love you back. You wouldn’t love GE or Exxon or Comcast — and you shouldn’t love Apple. It’s not an exception to the rule: there are no exceptions.

Apple doesn’t care about you personally in the least tiny bit, and if you were in their way somehow, they would do whatever their might — effectively infinite compared to your own — enables them to deal with you.

Same goes for any business.
How a Cheese Goes Extinct

My UniFi controller software was both out-of-date and deprecated, so I decided to upgrade and migrate in one step to unifi-network-application.

The new image uses an external MongoDB, which means a little more setup. As some people have pointed out it would be nice if the docs had a complete example of how to setup MongoDB even though it was easy enough to figure out.

What wasn’t easy to figure out was why the UniFi controller was trying to connect to MongoDB over TLS, as I thought I had told it not to by setting MONGO_TLS=false. Eventually I realised that it was because I must have had it set to true when I first tried to start the container, and MONGO_TLS is only evaluated on first run (as the docs say).

But what does “evaluated on first run” mean, and how do you reset the state if you do something wrong? When you start the container for the first time there is a shell script which inspects the values of various MONGO_* environment variables. Those are used to decide what the UniFi controller configuration file should look like, and that is written to wherever you’ve set /config to (this is /opt/appdata/unifi in my case).

Once I edited the config file directly to turn off TLS the rest was straightforward. I restored a backup from the old controller and everything worked.

This is my complete docker-compose.yml edits:

unifi-db:
  image: docker.io/mongo:4.4.27
  container_name: unifi-db
  volumes:
    - /opt/appdata/mongodb/data:/data/db
    - /opt/appdata/mongodb/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
  restart: unless-stopped

unifi-network-application:
  image: lscr.io/linuxserver/unifi-network-application:latest
  container_name: unifi-network-application
  environment:
    - PUID=1000
    - PGID=1000
    - TZ=Etc/UTC
    - MONGO_USER=unifi
    - MONGO_PASS=password
    - MONGO_HOST=unifi-db
    - MONGO_PORT=27017
    - MONGO_DBNAME=unifi
    # - MONGO_TLS= # Mongodb enable TLS. Only evaluated on first run.
    # - MEM_LIMIT=1024 # Change the Java memory limit (in megabytes). Set to default to reset to default
    # - MEM_STARTUP=1024 # Change the Java initial/minimum memory (in megabytes). Set to default to reset to default
    # - MONGO_AUTHSOURCE= # Mongodb authSource. For Atlas set to admin. Defaults to MONGO_DBNAME. Only evaluated on first run.
  volumes:
    - /opt/appdata/unifi:/config
  ports:
    - 8443:8443 # UniFi web admin port
    - 3478:3478/udp # UniFi STUN port
    - 10001:10001/udp # Required for AP discovery
    - 8080:8080 # Required for device communication
    - 1900:1900/udp # Required for Make controller discoverable on L2 network option
    - 8843:8843 # UniFi guest portal HTTPS redirect port
    - 8880:8880 # UniFi guest portal HTTP redirect port
    - 6789:6789 # For mobile throughput test
    # - 5514:5514/udp # Remote syslog port
  restart: unless-stopped

A reminder that SSH agent forwarding is very cool if you need to access a git repo (in this case) from a remote host with which you don’t want to share SSH keys.