From 098977ab6a7c49ab0d7903d818b413e9f79fecba Mon Sep 17 00:00:00 2001
From: rsynnest <contact@rsynnest.com>
Date: Thu, 22 Apr 2021 22:39:32 -0700
Subject: [PATCH 1/5] maintainers: add rsynnest

---
 maintainers/maintainer-list.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index b8de823c9af4..208635fbb46d 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -8563,6 +8563,12 @@
     githubId = 1387224;
     name = "Richard Szibele";
   };
+  rsynnest = {
+    email = "contact@rsynnest.com";
+    github = "rsynnest";
+    githubId = 4392850;
+    name = "Roland Synnestvedt";
+  };
   rtburns-jpl = {
     email = "rtburns@jpl.nasa.gov";
     github = "rtburns-jpl";

From e1438cae539544ce5117f9d6a1ed8d8fcabdd70a Mon Sep 17 00:00:00 2001
From: rsynnest <contact@rsynnest.com>
Date: Thu, 22 Apr 2021 22:17:24 -0700
Subject: [PATCH 2/5] jsvc: init at 1.2.4

---
 pkgs/tools/system/jsvc/default.nix | 40 ++++++++++++++++++++++++++++++
 pkgs/top-level/all-packages.nix    |  2 ++
 2 files changed, 42 insertions(+)
 create mode 100644 pkgs/tools/system/jsvc/default.nix

diff --git a/pkgs/tools/system/jsvc/default.nix b/pkgs/tools/system/jsvc/default.nix
new file mode 100644
index 000000000000..442f8d904195
--- /dev/null
+++ b/pkgs/tools/system/jsvc/default.nix
@@ -0,0 +1,40 @@
+{ lib, stdenv, fetchurl, commonsDaemon, jdk, makeWrapper, jre }:
+
+stdenv.mkDerivation rec {
+  pname = "jsvc";
+  version = "1.2.4";
+
+  src = fetchurl {
+    url = "https://downloads.apache.org//commons/daemon/source/commons-daemon-${version}-src.tar.gz";
+    sha256 = "1nrr6ggy6h20r9zyv14vx6vc9p1w6l8fl9fn6i8dx2hrq6kk2bjw";
+  };
+
+  buildInputs = [ commonsDaemon ];
+  nativeBuildInputs = [ jdk makeWrapper ];
+
+  preConfigure = ''
+    cd ./src/native/unix/
+    sh ./support/buildconf.sh
+  '';
+
+  preBuild = ''
+    export JAVA_HOME=${jre}
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/bin
+    cp jsvc $out/bin/jsvc
+    chmod +x $out/bin/jsvc
+    wrapProgram $out/bin/jsvc --set JAVA_HOME "${jre}"
+    runHook postInstall
+  '';
+
+  meta = {
+    homepage    = "https://commons.apache.org/proper/commons-daemon";
+    description = "JSVC is part of the Apache Commons Daemon software, a set of utilities and Java support classes for running Java applications as server processes.";
+    maintainers = with lib.maintainers; [ rsynnest ];
+    license     = lib.licenses.asl20;
+    platforms = with lib.platforms; unix;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e90dcf0345fe..b124f2dae5b7 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -5740,6 +5740,8 @@ in
 
   jnettop = callPackage ../tools/networking/jnettop { };
 
+  jsvc = callPackage ../tools/system/jsvc { };
+
   jumpnbump = callPackage ../games/jumpnbump { };
 
   junkie = callPackage ../tools/networking/junkie { };

From 7659fca548e36a81cf33c74cc7d67a20a5b61d17 Mon Sep 17 00:00:00 2001
From: rsynnest <contact@rsynnest.com>
Date: Thu, 22 Apr 2021 22:18:32 -0700
Subject: [PATCH 3/5] commonsDaemon: init at 1.2.4

---
 .../libraries/java/commons/daemon/default.nix | 25 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 ++
 2 files changed, 27 insertions(+)
 create mode 100644 pkgs/development/libraries/java/commons/daemon/default.nix

diff --git a/pkgs/development/libraries/java/commons/daemon/default.nix b/pkgs/development/libraries/java/commons/daemon/default.nix
new file mode 100644
index 000000000000..f6f909904cf5
--- /dev/null
+++ b/pkgs/development/libraries/java/commons/daemon/default.nix
@@ -0,0 +1,25 @@
+{ lib, stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+  version = "1.2.4";
+  pname = "commons-daemon";
+
+  src = fetchurl {
+    url    = "mirror://apache/commons/daemon/binaries/commons-daemon-${version}-bin.tar.gz";
+    sha256 = "0bsy4xn3gncgrxj3vkpplvyhx06c1470kycj0j5gwq46ylgady9s";
+  };
+
+  installPhase = ''
+    tar xf ${src}
+    mkdir -p $out/share/java
+    cp *.jar $out/share/java/
+  '';
+
+  meta = {
+    homepage    = "https://commons.apache.org/proper/commons-daemon";
+    description = "Apache Commons Daemon software is a set of utilities and Java support classes for running Java applications as server processes.";
+    maintainers = with lib.maintainers; [ rsynnest ];
+    license     = lib.licenses.asl20;
+    platforms = with lib.platforms; unix;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index b124f2dae5b7..c526c3706ab1 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -18110,6 +18110,8 @@ in
 
   commonsCompress = callPackage ../development/libraries/java/commons/compress { };
 
+  commonsDaemon = callPackage ../development/libraries/java/commons/daemon { };
+
   commonsFileUpload = callPackage ../development/libraries/java/commons/fileupload { };
 
   commonsLang = callPackage ../development/libraries/java/commons/lang { };

From 73609958b5282f512a11664898f2f2752d6fbc0b Mon Sep 17 00:00:00 2001
From: rsynnest <contact@rsynnest.com>
Date: Thu, 22 Apr 2021 21:39:09 -0700
Subject: [PATCH 4/5] unifi-video: init at 3.10.13

---
 pkgs/servers/unifi-video/default.nix | 61 ++++++++++++++++++++++++++++
 pkgs/top-level/all-packages.nix      |  2 +
 2 files changed, 63 insertions(+)
 create mode 100755 pkgs/servers/unifi-video/default.nix

diff --git a/pkgs/servers/unifi-video/default.nix b/pkgs/servers/unifi-video/default.nix
new file mode 100755
index 000000000000..4c55d5102591
--- /dev/null
+++ b/pkgs/servers/unifi-video/default.nix
@@ -0,0 +1,61 @@
+{ dpkg
+, stdenv
+, lib
+, fetchurl
+, jre8
+, jsvc
+, lsb-release
+, libcap
+, util-linux
+, makeWrapper
+, autoPatchelfHook
+, glibc
+, gcc-unwrapped
+}:
+
+stdenv.mkDerivation rec {
+  pname = "unifi-video";
+  version = "3.10.13";
+  src = fetchurl {
+    urls = [ "https://dl.ui.com/firmwares/ufv/v${version}/unifi-video.Debian9_amd64.v${version}.deb" "https://archive.org/download/unifi-video.Debian9_amd64.v${version}/unifi-video.Debian9_amd64.v${version}.deb" ];
+    sha256 = "06mxjdizs4mhm1by8kj4pg5hhdi8ns6x75ggwyp1k6zb26jvvdny";
+  };
+
+  buildInputs = [ jre8 jsvc lsb-release libcap util-linux ];
+  nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook glibc gcc-unwrapped ];
+
+  unpackCmd = ''
+    runHook preUnpack
+
+    dpkg-deb -x $src .
+    rm -r etc
+
+    runHook postUnpack
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out
+    cp -ar sbin $out/bin
+    cp -ar lib share $out
+    chmod +x $out/bin/*
+    wrapProgram $out/bin/unifi-video --set JAVA_HOME "${jre8}" --prefix PATH : ${lib.makeBinPath [ jre8 lsb-release libcap util-linux]}
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Unifi Video NVR (aka Airvision) is a software package for controlling Unifi cameras";
+    longDescription = ''
+      Unifi Video is the NVR server software which can monitor and
+      record footage from supported Unifi video cameras
+    '';
+    homepage = "https://www.ui.com";
+    downloadPage = "https://www.ui.com/download/unifi-video/";
+    license = licenses.unfree;
+    maintainers = [ maintainers.rsynnest ];
+    platforms = [ "x86_64-linux" ];
+    knownVulnerabilities = [ "Upstream support for Unifi Video ended January 1st, 2021." ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index c526c3706ab1..7045912fb33c 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -19328,6 +19328,8 @@ in
     unifi6;
   unifi = unifi6;
 
+  unifi-video = callPackage ../servers/unifi-video { };
+
   urserver = callPackage ../servers/urserver { };
 
   victoriametrics = callPackage ../servers/nosql/victoriametrics { };

From b562ae6c319a0ee47f297c3b71ed13385c4549d8 Mon Sep 17 00:00:00 2001
From: rsynnest <contact@rsynnest.com>
Date: Thu, 22 Apr 2021 21:39:47 -0700
Subject: [PATCH 5/5] nixos/unifi-video: init at 3.10.13

---
 nixos/modules/module-list.nix                |   1 +
 nixos/modules/services/video/unifi-video.nix | 265 +++++++++++++++++++
 2 files changed, 266 insertions(+)
 create mode 100644 nixos/modules/services/video/unifi-video.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 11c18a9df4b4..b7d00582dccc 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -822,6 +822,7 @@
   ./services/networking/tvheadend.nix
   ./services/networking/unbound.nix
   ./services/networking/unifi.nix
+  ./services/video/unifi-video.nix
   ./services/networking/v2ray.nix
   ./services/networking/vsftpd.nix
   ./services/networking/wakeonlan.nix
diff --git a/nixos/modules/services/video/unifi-video.nix b/nixos/modules/services/video/unifi-video.nix
new file mode 100644
index 000000000000..d4c0268ed66c
--- /dev/null
+++ b/nixos/modules/services/video/unifi-video.nix
@@ -0,0 +1,265 @@
+{ config, lib, pkgs, utils, ... }:
+with lib;
+let
+  cfg = config.services.unifi-video;
+  mainClass = "com.ubnt.airvision.Main";
+  cmd = ''
+    ${pkgs.jsvc}/bin/jsvc \
+    -cwd ${stateDir} \
+    -debug \
+    -verbose:class \
+    -nodetach \
+    -user unifi-video \
+    -home ${cfg.jrePackage}/lib/openjdk \
+    -cp ${pkgs.commonsDaemon}/share/java/commons-daemon-1.2.4.jar:${stateDir}/lib/airvision.jar \
+    -pidfile ${cfg.pidFile} \
+    -procname unifi-video \
+    -Djava.security.egd=file:/dev/./urandom \
+    -Xmx${cfg.maximumJavaHeapSize}M \
+    -Xss512K \
+    -XX:+UseG1GC \
+    -XX:+UseStringDeduplication \
+    -XX:MaxMetaspaceSize=768M \
+    -Djava.library.path=${stateDir}/lib \
+    -Djava.awt.headless=true \
+    -Djavax.net.ssl.trustStore=${stateDir}/etc/ufv-truststore \
+    -Dfile.encoding=UTF-8 \
+    -Dav.tempdir=/var/cache/unifi-video
+  '';
+
+  mongoConf = pkgs.writeTextFile {
+    name = "mongo.conf";
+    executable = false;
+    text = ''
+      # for documentation of all options, see http://docs.mongodb.org/manual/reference/configuration-options/
+
+      storage:
+         dbPath: ${cfg.dataDir}/db
+         journal:
+            enabled: true
+         syncPeriodSecs: 60
+
+      systemLog:
+         destination: file
+         logAppend: true
+         path: ${stateDir}/logs/mongod.log
+
+      net:
+         port: 7441
+         bindIp: 127.0.0.1
+         http:
+            enabled: false
+
+      operationProfiling:
+         slowOpThresholdMs: 500
+         mode: off
+    '';
+  };
+
+
+  mongoWtConf = pkgs.writeTextFile {
+    name = "mongowt.conf";
+    executable = false;
+    text = ''
+      # for documentation of all options, see:
+      #   http://docs.mongodb.org/manual/reference/configuration-options/
+
+      storage:
+         dbPath: ${cfg.dataDir}/db-wt
+         journal:
+            enabled: true
+         wiredTiger:
+            engineConfig:
+               cacheSizeGB: 1
+
+      systemLog:
+         destination: file
+         logAppend: true
+         path: logs/mongod.log
+
+      net:
+         port: 7441
+         bindIp: 127.0.0.1
+
+      operationProfiling:
+         slowOpThresholdMs: 500
+         mode: off
+    '';
+  };
+
+  stateDir = "/var/lib/unifi-video";
+
+in
+  {
+
+    options.services.unifi-video = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether or not to enable the unifi-video service.
+        '';
+      };
+
+      jrePackage = mkOption {
+        type = types.package;
+        default = pkgs.jre8;
+        defaultText = "pkgs.jre8";
+        description = ''
+          The JRE package to use. Check the release notes to ensure it is supported.
+        '';
+      };
+
+      unifiVideoPackage = mkOption {
+        type = types.package;
+        default = pkgs.unifi-video;
+        defaultText = "pkgs.unifi-video";
+        description = ''
+          The unifi-video package to use.
+        '';
+      };
+
+      mongodbPackage = mkOption {
+        type = types.package;
+        default = pkgs.mongodb-4_0;
+        defaultText = "pkgs.mongodb";
+        description = ''
+          The mongodb package to use.
+        '';
+      };
+
+      logDir = mkOption {
+        type = types.str;
+        default = "${stateDir}/logs";
+        description = ''
+          Where to store the logs.
+        '';
+      };
+
+      dataDir = mkOption {
+        type = types.str;
+        default = "${stateDir}/data";
+        description = ''
+          Where to store the database and other data.
+        '';
+      };
+
+      openPorts = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether or not to open the required ports on the firewall.
+        '';
+      };
+
+      maximumJavaHeapSize = mkOption {
+        type = types.nullOr types.int;
+        default = 1024;
+        example = 4096;
+        description = ''
+          Set the maximimum heap size for the JVM in MB.
+        '';
+      };
+
+      pidFile = mkOption {
+        type = types.path;
+        default = "${cfg.dataDir}/unifi-video.pid";
+        description = "Location of unifi-video pid file.";
+      };
+
+};
+
+config = mkIf cfg.enable {
+  users = {
+    users.unifi-video = {
+      description = "UniFi Video controller daemon user";
+      home = stateDir;
+      group = "unifi-video";
+      isSystemUser = true;
+    };
+    groups.unifi-video = {};
+  };
+
+  networking.firewall = mkIf cfg.openPorts {
+      # https://help.ui.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used
+      allowedTCPPorts = [
+        7080 # HTTP portal
+        7443 # HTTPS portal
+        7445 # Video over HTTP (mobile app)
+        7446 # Video over HTTPS (mobile app)
+        7447 # RTSP via the controller
+        7442 # Camera management from cameras to NVR over WAN
+      ];
+      allowedUDPPorts = [
+        6666 # Inbound camera streams sent over WAN
+      ];
+    };
+
+    systemd.tmpfiles.rules = [
+      "d '${stateDir}' 0700 unifi-video unifi-video - -"
+      "d '/var/cache/unifi-video' 0700 unifi-video unifi-video - -"
+
+      "d '${stateDir}/logs' 0700 unifi-video unifi-video - -"
+      "C '${stateDir}/etc' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/etc"
+      "C '${stateDir}/webapps' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/webapps"
+      "C '${stateDir}/email' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/email"
+      "C '${stateDir}/fw' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/fw"
+      "C '${stateDir}/lib' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/lib"
+
+      "d '${stateDir}/data' 0700 unifi-video unifi-video - -"
+      "d '${stateDir}/data/db' 0700 unifi-video unifi-video - -"
+      "C '${stateDir}/data/system.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/etc/system.properties"
+
+      "d '${stateDir}/bin' 0700 unifi-video unifi-video - -"
+      "f '${stateDir}/bin/evostreamms' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/evostreamms"
+      "f '${stateDir}/bin/libavcodec.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavcodec.so.54"
+      "f '${stateDir}/bin/libavformat.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavformat.so.54"
+      "f '${stateDir}/bin/libavutil.so.52' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavutil.so.52"
+      "f '${stateDir}/bin/ubnt.avtool' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.avtool"
+      "f '${stateDir}/bin/ubnt.updater' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.updater"
+      "C '${stateDir}/bin/mongo' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongo"
+      "C '${stateDir}/bin/mongod' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongod"
+      "C '${stateDir}/bin/mongoperf' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongoperf"
+      "C '${stateDir}/bin/mongos' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongos"
+
+      "d '${stateDir}/conf' 0700 unifi-video unifi-video - -"
+      "C '${stateDir}/conf/evostream' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/evostream"
+      "Z '${stateDir}/conf/evostream' 0700 unifi-video unifi-video - -"
+      "L+ '${stateDir}/conf/mongodv3.0+.conf' 0700 unifi-video unifi-video - ${mongoConf}"
+      "L+ '${stateDir}/conf/mongodv3.6+.conf' 0700 unifi-video unifi-video - ${mongoConf}"
+      "L+ '${stateDir}/conf/mongod-wt.conf' 0700 unifi-video unifi-video - ${mongoWtConf}"
+      "L+ '${stateDir}/conf/catalina.policy' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.policy"
+      "L+ '${stateDir}/conf/catalina.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.properties"
+      "L+ '${stateDir}/conf/context.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/context.xml"
+      "L+ '${stateDir}/conf/logging.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/logging.properties"
+      "L+ '${stateDir}/conf/server.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/server.xml"
+      "L+ '${stateDir}/conf/tomcat-users.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/tomcat-users.xml"
+      "L+ '${stateDir}/conf/web.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/web.xml"
+
+    ];
+
+    systemd.services.unifi-video = {
+      description = "UniFi Video NVR daemon";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ] ;
+      unitConfig.RequiresMountsFor = stateDir;
+      # Make sure package upgrades trigger a service restart
+      restartTriggers = [ cfg.unifiVideoPackage cfg.mongodbPackage ];
+      path = with pkgs; [ gawk coreutils busybox which jre8 lsb-release libcap util-linux ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${(removeSuffix "\n" cmd)} ${mainClass} start";
+        ExecStop = "${(removeSuffix "\n" cmd)} stop ${mainClass} stop";
+        Restart = "on-failure";
+        UMask = "0077";
+        User = "unifi-video";
+        WorkingDirectory = "${stateDir}";
+      };
+    };
+
+  };
+
+  meta = {
+    maintainers = with lib.maintainers; [ rsynnest ];
+  };
+}