coilyco-flight-deck/infrastructure
1
0
Fork 0
Code Issues 101 Pull requests Projects Releases Packages Wiki Activity Actions 1

Evaluate and migrate to current-gen Ubiquiti hardware (2026) #111

New issue
Closed
opened 2026-05-24 21:46:09 +00:00 by coilysiren · 1 comment
coilysiren commented 2026-05-24 21:46:09 +00:00
Owner
Copy link

Goal

Replace the TP-Link Archer A20 with current-gen Ubiquiti hardware sometime in 2026. Kai has used Ubiquiti before and liked the experience; the A20 is approaching end-of-support (last firmware 20250919 likely the final security backport, see #107 thread).

Why

  1. Lifecycle. Consumer TP-Link gets 3-5 years of patches; Ubiquiti publishes a stated security-support window and ships updates for far longer. A router replaced today on a sane lifecycle outlasts two consumer routers.
  2. Automation surface. Ubiquiti has a real API (UniFi controller + official API + community Terraform providers). Obviates the Playwright-scraping path tentatively proposed in #107.
  3. Segmentation. Native VLAN / firewall-rule support enables the LAN hardening tracked in the sibling 'treat LAN as semi-hostile' ticket.
  4. Operational ergonomics. UniFi UI + mobile app fits Kai's mobile-first ops posture.

Scope - in

  1. Pick the hardware tier. Likely candidates: UniFi Dream Router 7, Cloud Gateway Max, or Dream Machine Pro depending on whether Kai wants integrated WiFi or rack-mount + separate APs.
  2. Inventory current network: connected devices, port forwards, DHCP reservations, SSIDs, special configs (so the cutover is faithful).
  3. Plan the cutover window. Minimize tailnet-ingress downtime for kai-server.
  4. After cutover: re-do the admin-surface audit from the sibling ticket against UniFi defaults; UniFi has its own set of 'cloud' features (Site Manager, remote access) that need a conscious decision.

Scope - out

  • Replacing APs immediately if the chosen gateway has integrated WiFi good enough for the apartment. Separate ticket if needed later.
  • Migrating any in-flight Playwright work from #107. If #107 is still open at cutover time, close it as obsolete.

Open question

Budget/timing. Kai said 'at some point this year' - left intentionally loose. Re-tighten when hardware tier is picked.

Filed by Claude.

**Goal** Replace the TP-Link Archer A20 with current-gen Ubiquiti hardware sometime in 2026. Kai has used Ubiquiti before and liked the experience; the A20 is approaching end-of-support (last firmware 20250919 likely the final security backport, see #107 thread). **Why** 1. **Lifecycle.** Consumer TP-Link gets 3-5 years of patches; Ubiquiti publishes a stated security-support window and ships updates for far longer. A router replaced today on a sane lifecycle outlasts two consumer routers. 2. **Automation surface.** Ubiquiti has a real API (UniFi controller + official API + community Terraform providers). Obviates the Playwright-scraping path tentatively proposed in #107. 3. **Segmentation.** Native VLAN / firewall-rule support enables the LAN hardening tracked in the sibling 'treat LAN as semi-hostile' ticket. 4. **Operational ergonomics.** UniFi UI + mobile app fits Kai's mobile-first ops posture. **Scope - in** 1. Pick the hardware tier. Likely candidates: UniFi Dream Router 7, Cloud Gateway Max, or Dream Machine Pro depending on whether Kai wants integrated WiFi or rack-mount + separate APs. 2. Inventory current network: connected devices, port forwards, DHCP reservations, SSIDs, special configs (so the cutover is faithful). 3. Plan the cutover window. Minimize tailnet-ingress downtime for kai-server. 4. After cutover: re-do the admin-surface audit from the sibling ticket against UniFi defaults; UniFi has its own set of 'cloud' features (Site Manager, remote access) that need a conscious decision. **Scope - out** - Replacing APs immediately if the chosen gateway has integrated WiFi good enough for the apartment. Separate ticket if needed later. - Migrating any in-flight Playwright work from #107. If #107 is still open at cutover time, close it as obsolete. **Open question** Budget/timing. Kai said 'at some point this year' - left intentionally loose. Re-tighten when hardware tier is picked. **Filed by Claude.**
coilysiren commented 2026-05-30 05:43:25 +00:00
Author
Owner
Copy link

Iceboxed in the 2026-05-29 backlog burn-down: migrate to Ubiquiti hardware someday 2026. Reopen anytime if it becomes real.

Iceboxed in the 2026-05-29 backlog burn-down: migrate to Ubiquiti hardware someday 2026. Reopen anytime if it becomes real.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dispatch/issue-294
tangled-knot
dispatch/issue-216
No results found.
Labels
Clear labels
  
P0
now / blocking / urgent

  
P1
next / important

  
P2
backlog / will do

  
P3
someday / low

  
P4
icebox / frozen / reopen if it becomes real

No labels
P0
P1
P2
P3
P4
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/infrastructure#111
No description provided.