Extracting a Full Day’s Video from UniFi NVR

There are plenty of people looking to extract full-length video from their UniFi Protect instances, either for archival purposes, or (as in my case) to create full and multi-day timelapse videos. The iOS app and the web app both allow limited download of video, but the interface to define your clips is clumsy at best, crashy at worst, and in my experience extracting an entire day seems to fail more often than it succeeds. Given these limitations, I went looking for a more robust way to dump video from the devices – read on for my findings.

Continue reading

Conditional DNS on UniFi’s UDM-Pro

A quick How To for getting conditional DNS forwarding working on the UDM-PRO hardware. Before this upgrade I ran a CloudKey Gen 2 controller and a USG-PRO-4 for routing – this allowed me to deploy custom configuration via the config.gateway.json to insert extra options to the running config.

The options I needed were to force the DNS server on the gateway to check against my Active Directory DNS for those entries that arrive with the correct suffix – ad.durdle.com. This allows the lookup of clients from the UniFi’s DHCP lease table as well as AD DNS entries.

The UDM-PRO is a completely different beast from the old controller and gateway, running an entirely different OS. It doesn’t support config via json. So what’s a geek to do?

Continue reading

UniFi, VLANs, Sonos and igmp-proxy

As an exercise in good network health, I spent some time last month moving all the “Internet of Things” devices in my network onto their own segregated VLAN. I’ve configured things so that by default no traffic can leave the IoT network without my adding explicit rules to permit it. This protects the trusted side of my network from potentially dodgy traffic from the IoT devices with cheap WiFi chips and Chinese hosted servers. (I’m looking at you ThermoGroup.)

Logically, my network ends up looking something like this, with separate networks for the trusted kit, the IoT devices and the guest wireless network.

One wrinkle with this approach is that – by design – each VLAN is its own broadcast domain. That means the devices on my primary trusted VLAN can no longer use multicast to discover devices on the IoT VLAN. The most obvious victim of this was Sonos – none of the controllers could see the Sonos devices once I separated the LANs.  Enter igmpproxy running on my router – the UniFi USG-PRO-4.

Continue reading

Faking Web to SMS so Synology can Notify via Slack

As bits of hackery go, this is pretty niche. I have a bunch of storage in a Synology Diskstation – this can send various notifications in case disks fail, components get too hot, or other bits of the system break down in ways that require immediate attention. It can send emails, you can use their app to enable push notifications to your phone and if you really want to you can have it send you SMS (actual SMS, in 2017?!). What it can’t do out of the box is send a message to a Slack channel.

I really like Slack. As well as running a paid instance of Slack with my teams at FISCAL, I have a separate (free) one for friends and family and for running experiments with bots and other integrations. So I wanted the Synology, like most of my other house/home automation devices, to talk to Slack. The easy way would be to make the Synology send an email to the Slack email integration – except the email->Slack integration is only available to paid Slack instances. So what to do? Continue reading

Connect IFTTT to Internal Node Server

I spent a bit of time last night putting together the final pieces of code that’ll connect alerts on IFTTT to devices and systems on my internal network, via a simple node.js server. It sits on the edge of my network listening for some JSON to be POSTed at it, and then relays the JSON to a machine inside the network. Initially just one machine – the Plex HTPC in the living room, but eventually I’ll add more logic. Continue reading