docs: improve documentation for 1.0.0 release (#75)

* docs: add examples and recreate TF documentation

* update readme

* add information about experimental support of firewall zones

examples/resources/unifi_firewall_zone/import.sh

@@ -0,0 +1,5 @@
+# import from provider configured site
+terraform import unifi_firewall_zone.myzone 5dc28e5e9106d105bdc87217
+
+# import from another site
+terraform import  unifi_firewall_zone.myzone another-site:5dc28e5e9106d105bdc87217

examples/resources/unifi_firewall_zone/resource.tf

@@ -0,0 +1,11 @@
+resource "unifi_network" "network" {
+    name    = "my-network"
+    purpose = "corporate"
+    subnet  = "10.0.10.0/24"
+    vlan_id = "400"
+}
+
+resource "unifi_firewall_zone" "zone" {
+    name     = "my-zone"
+    networks = [unifi_network.network.id]
+}

examples/resources/unifi_firewall_zone_policy/import.sh

@@ -0,0 +1,5 @@
+# import from provider configured site
+terraform import unifi_network.mynetwork 5dc28e5e9106d105bdc87217
+
+# import from another site
+terraform import unifi_network.mynetwork zone:5dc28e5e9106d105bdc87217

examples/resources/unifi_firewall_zone_policy/resource.tf

@@ -0,0 +1,63 @@
+resource "unifi_network" "network" {
+    name    = "my-network"
+    purpose = "corporate"
+    subnet  = "10.0.10.0/24"
+    vlan_id = "400"
+}
+
+resource "unifi_firewall_zone" "src" {
+    name = "my-source-zone"
+    networks = [unifi_network.network.id]
+}
+
+resource "unifi_firewall_zone" "dst" {
+    name = "my-destination-zone"
+}
+
+# Allow TCP/UDP traffic from any ip and port other than 192.168.1.1 and 443 in `src` zone to `dst` zone
+resource "unifi_firewall_zone_policy" "policy" {
+    name     = "my-zone-policy"
+    action   = "ALLOW"
+    protocol = "tcp_udp"
+
+    source = {
+        zone_id              = unifi_firewall_zone.src.id
+        ips = ["192.168.1.1"]
+        port                 = "443"
+        match_opposite_ips   = true
+        match_opposite_ports = true
+    }
+
+    destination = {
+        zone_id = unifi_firewall_zone.dst.id
+    }
+
+    schedule = {
+        mode         = "EVERY_DAY"
+        time_all_day = false
+        time_from    = "08:00"
+        time_to      = "17:00"
+    }
+}
+
+resource "unifi_firewall_group" "web-ports" {
+    name = "web-apps"
+    type = "port-group"
+    members = ["80", "443"]
+}
+
+# Block TCP/UDP traffic from any ip and port in `src` zone to `dst` zone ports 80 and 443 defined in port group
+resource "unifi_firewall_zone_policy" "policy2" {
+    name     = "my-policy-2"
+    action   = "BLOCK"
+    protocol = "tcp_udp"
+
+    source = {
+        zone_id = unifi_firewall_zone.src.id
+    }
+
+    destination = {
+        zone_id       = unifi_firewall_zone.dst.id
+        port_group_id = unifi_firewall_group.web-ports.id
+    }
+}

examples/resources/unifi_portal_file/resource.tf

@@ -0,0 +1,3 @@
+resource "unifi_portal_file" "file" {
+    file_path = "/Users/username/Downloads/portal.png"
+}

examples/resources/unifi_setting_auto_speedtest/resource.tf

@@ -0,0 +1,11 @@
+resource "unifi_setting_auto_speedtest" "example" {
+  # Enable automatic speedtest functionality
+  enabled = true
+  
+  # Schedule for running speedtests using cron syntax
+  # This example runs at midnight every day
+  cron = "0 0 * * *"
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_country/resource.tf

@@ -0,0 +1,8 @@
+resource "unifi_setting_country" "example" {
+  # Set the country code using ISO 3166-1 alpha-2 format
+  # This example sets the country to United States
+  code = "US"
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_dpi/resource.tf

@@ -0,0 +1,10 @@
+resource "unifi_setting_dpi" "example" {
+  # Enable Deep Packet Inspection
+  enabled = true
+  
+  # Enable DPI fingerprinting for more accurate application identification
+  fingerprinting_enabled = true
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_guest_access/resource.tf

@@ -0,0 +1,94 @@
+# Configure guest access settings for your UniFi network
+# This example demonstrates a comprehensive guest portal setup with various authentication options
+
+resource "unifi_portal_file" "logo" {
+    file_path = "logo.png"
+}
+
+resource "unifi_setting_guest_access" "guest_portal" {
+  # Basic configuration
+  auth            = "hotspot"  # Authentication type: none, hotspot, custom, or external
+  portal_enabled  = true      # Enable the guest portal
+  portal_use_hostname = true  # Use hostname for the portal
+  portal_hostname = "guest.example.com"  # Portal hostname
+  template_engine = "angular" # Portal template engine (angular or jsp)
+  
+  # Expiration settings for guest access
+  expire        = 1440       # Minutes until expiration
+  expire_number = 1          # Number of time units
+  expire_unit   = 1440       # Time unit in minutes
+  
+  # Enable external captive portal detection
+  ec_enabled    = true
+  
+  # Password protection for guest access
+  password = "guest-access-password"
+  
+  # Google authentication
+  google {
+    client_id     = "your-google-client-id"
+    client_secret = "your-google-client-secret"
+    domain        = "example.com"  # Optional: limit sign-ins to a specific domain
+    scope_email   = true         # Request email addresses during sign-in
+  }
+  
+  # Payment option (PayPal)
+  payment_gateway = "paypal"
+  paypal {
+    username    = "business@example.com"
+    password    = "paypal-api-password"
+    signature   = "paypal-api-signature"
+    use_sandbox = true  # Set to false for production
+  }
+  
+  # Redirecting guests after authentication
+  redirect {
+    url      = "https://example.com/welcome"
+    use_https = true
+    to_https  = true
+  }
+  
+  # Restricted DNS for guests   
+  restricted_dns_servers = [
+    "1.1.1.1",
+    "8.8.8.8"
+  ]
+  
+  # Portal customization options
+  portal_customization {
+    customized = true
+    
+    # Portal appearance
+    title = "Welcome to Our Guest Network"
+    welcome_text = "Thanks for visiting our location. Please enjoy our complimentary WiFi."
+    welcome_text_enabled = true
+    welcome_text_position = "top"
+    
+    # Color scheme
+    bg_color = "#f5f5f5"
+    text_color = "#333333"
+    link_color = "#0078d4"
+    
+    # Authentication dialog box
+    box_color = "#ffffff"
+    box_text_color = "#333333"
+    box_link_color = "#0078d4"
+    box_opacity = 90
+    box_radius = 5
+
+    # Logo
+    logo_file_id = unifi_portal_file.logo.id
+    
+    # Button styling
+    button_color = "#0078d4"
+    button_text_color = "#ffffff"
+    button_text = "Connect"
+    
+    # Legal information / Terms of Service
+    tos_enabled = true
+    tos = "By using this service, you agree to our terms and conditions. Unauthorized use is prohibited."
+    
+    # Languages supported
+    languages = ["PL"]
+  }
+}

examples/resources/unifi_setting_ips/resource.tf

@@ -0,0 +1,67 @@
+
+resource "unifi_network" "test" {
+  name = "My Network"
+  purpose = "corporate"
+  subnet = "192.168.1.0/24"
+  vlan_id = 10
+}
+
+resource "unifi_setting_ips" "example" {
+  # Set IPS mode to "ips" (Intrusion Prevention System)
+  # Other valid options: "ids" (Intrusion Detection System) or "disabled"
+  ips_mode = "ips"
+  
+  # Networks on which IPS/IDS should be enabled
+  enabled_networks = [unifi_network.test.id]
+  
+  # Advanced filtering preference
+  # Valid options: "disabled", "manual", or "auto"
+  advanced_filtering_preference = "manual"
+  
+  # Categories of threats to detect/prevent
+  enabled_categories = [
+    "emerging-dos",
+    "emerging-exploit",
+    "emerging-malware"
+  ]
+  
+  # Ad blocking configuration
+  ad_blocked_networks = [unifi_network.test.id]
+  
+  # Honeypot configuration
+  honeypots = [
+    {
+      ip_address = "192.168.1.10"
+      network_id = unifi_network.test.id
+    }
+  ]
+  
+  # DNS filtering configuration
+  dns_filters = [
+    {
+      name        = "Work Filter"
+      filter      = "work"
+      description = "Block non-work related sites"
+      
+      # Sites that are always allowed
+      allowed_sites = [
+        "example.com",
+        "company.com"
+      ]
+      
+      # Sites that are always blocked
+      blocked_sites = [
+        "gaming.example.com",
+        "social.example.com"
+      ]
+      
+      # Top-level domains to block
+      blocked_tld = [
+        "xyz"
+      ]
+    }
+  ]
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_lcm/resource.tf

@@ -0,0 +1,19 @@
+resource "unifi_setting_lcd_monitor" "example" {
+  # Enable LCD monitor functionality
+  enabled = true
+  
+  # Set the brightness level (0-100)
+  brightness = 75
+  
+  # Set the idle timeout in seconds before the display dims
+  idle_timeout = 300
+  
+  # Enable synchronization of settings across all devices
+  sync = true
+  
+  # Enable touch events on the LCD screen
+  touch_event = true
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_locale/resource.tf

@@ -0,0 +1,7 @@
+resource "unifi_setting_locale" "example" {
+  # Set the timezone using IANA timezone identifier format
+  timezone = "America/New_York"
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_magic_site_to_site_vpn/resource.tf

@@ -0,0 +1,7 @@
+resource "unifi_setting_magic_site_to_site_vpn" "example" {
+  # Enable Magic Site-to-Site VPN functionality
+  enabled = true
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_mgmt/resource.tf

@@ -3,6 +3,37 @@ resource "unifi_site" "example" {
 }
 
 resource "unifi_setting_mgmt" "example" {
-  site         = unifi_site.example.name
+  # Reference a specific site (optional, defaults to site configured in provider, otherwise "default")
+  site = unifi_site.example.name
+  
+  # Auto upgrade settings
   auto_upgrade = true
+  auto_upgrade_hour = 3
+  
+  # Device management settings
+  advanced_feature_enabled = true
+  alert_enabled = true
+  boot_sound = false
+  debug_tools_enabled = true
+  direct_connect_enabled = false
+  led_enabled = true
+  outdoor_mode_enabled = false
+  unifi_idp_enabled = false
+  wifiman_enabled = true
+  
+  # SSH access configuration
+  ssh_enabled = true
+  ssh_auth_password_enabled = true
+  ssh_bind_wildcard = false
+  ssh_username = "admin"
+  
+  # Optional: SSH key configuration
+  ssh_key = [
+    {
+      name = "Admin Key"
+      type = "ssh-rsa"
+      key = "AAAAB3NzaC1yc2EAAAADAQABAAABAQCxxx..."
+      comment = "admin@example.com"
+    }
+  ]
 }

examples/resources/unifi_setting_network_optimization/resource.tf

@@ -0,0 +1,7 @@
+resource "unifi_setting_network_optimization" "example" {
+  # Enable network optimization features
+  enabled = true
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_ntp/resource.tf

@@ -0,0 +1,14 @@
+resource "unifi_setting_ntp" "example" {
+  # Set NTP mode to manual to specify custom NTP servers
+  # Valid options: "auto" or "manual"
+  mode = "manual"
+  
+  # Configure up to four NTP servers
+  ntp_server_1 = "time.cloudflare.com"
+  ntp_server_2 = "pool.ntp.org"
+  ntp_server_3 = "time.google.com"
+  ntp_server_4 = "0.pool.ntp.org"
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_radius/resource.tf

@@ -0,0 +1,17 @@
+resource "unifi_setting_radius" "example" {
+  # Enable RADIUS functionality
+  enabled = true
+  
+  # RADIUS server secret
+  secret = "your-secure-secret"
+  
+  # Optional: Enable RADIUS accounting
+  accounting_enabled = true
+  
+  # Optional: Configure custom ports
+  auth_port = 1812
+  accounting_port = 1813
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_rsyslogd/resource.tf

@@ -0,0 +1,25 @@
+resource "unifi_setting_rsyslogd" "example" {
+  # Enable remote syslog functionality
+  enabled = true
+  
+  # Remote syslog server IP address
+  ip = "192.168.1.200"
+  
+  # Remote syslog server port
+  port = 514
+  
+  # Types of log content to send
+  # Valid options: "device", "client", "admin_activity"
+  contents = ["device", "client", "admin_activity"]
+  
+  # Enable debug logging
+  debug = true
+  
+  # Netconsole configuration (optional)
+  netconsole_enabled = true
+  netconsole_host = "192.168.1.150"
+  netconsole_port = 1514
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_ssl_inspection/resource.tf

@@ -0,0 +1,8 @@
+resource "unifi_setting_ssl_inspection" "example" {
+  # Configure SSL inspection state
+  # Valid options: "off", "simple", "advanced"
+  state = "advanced"
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_teleport/resource.tf

@@ -0,0 +1,11 @@
+resource "unifi_setting_teleport" "example" {
+  # Enable Teleport remote access functionality
+  enabled = true
+  
+  # Optional subnet configuration for Teleport
+  # Specify a CIDR notation subnet for Teleport to use
+  subnet = "192.168.100.0/24"
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}

examples/resources/unifi_setting_usg/resource.tf

@@ -0,0 +1,89 @@
+resource "unifi_setting_usg" "example" {
+  # Geo IP Filtering Configuration
+  geo_ip_filtering = {
+    block            = "block"  # Options: "block" or "allow"
+    countries        = ["UK", "CN", "AU"]
+    traffic_direction = "both"  # Options: "both", "ingress", or "egress"
+  }
+
+  # UPNP Configuration
+  upnp = {
+    nat_pmp_enabled = true
+    secure_mode     = true
+    wan_interface   = "WAN"
+  }
+
+  # DNS Verification Settings
+  dns_verification = {
+    domain              = "example.com"
+    primary_dns_server  = "1.1.1.1"
+    secondary_dns_server = "1.0.0.1"
+    setting_preference  = "manual"  # Options: "auto" or "manual"
+  }
+
+  # TCP Timeout Settings
+  tcp_timeouts = {
+    close_timeout       = 10
+    established_timeout = 3600
+    close_wait_timeout  = 20
+    fin_wait_timeout    = 30
+    last_ack_timeout    = 30
+    syn_recv_timeout    = 60
+    syn_sent_timeout    = 120
+    time_wait_timeout   = 120
+  }
+
+  # ARP Cache Configuration
+  arp_cache_timeout = "custom"  # Options: "auto" or "custom"
+  arp_cache_base_reachable = 60
+
+  # DHCP Configuration
+  broadcast_ping = true
+  dhcpd_hostfile_update = true
+  dhcpd_use_dnsmasq = true
+  dnsmasq_all_servers = true
+
+  # DHCP Relay Configuration
+  dhcp_relay = {
+    agents_packets = "forward"  # Options: "forward" or "replace"
+    hop_count = 5
+  }
+  dhcp_relay_servers = ["10.1.2.3", "10.1.2.4"]
+
+  # Network Tools
+  echo_server = "echo.example.com"
+
+  # Protocol Modules
+  ftp_module = true
+  gre_module = true
+  tftp_module = true
+
+  # ICMP & LLDP Settings
+  icmp_timeout = 20
+  lldp_enable_all = true
+
+  # MSS Clamp Settings
+  mss_clamp = "auto"  # Options: "auto" or "custom"
+  mss_clamp_mss = 1452
+
+  # Offload Settings
+  offload_accounting = true
+  offload_l2_blocking = true
+  offload_scheduling = false
+
+  # Timeout Settings
+  other_timeout = 600
+  timeout_setting_preference = "auto"  # Options: "auto" or "custom"
+
+  # Security Settings
+  receive_redirects = false
+  send_redirects = true
+  syn_cookies = true
+
+  # UDP Timeout Settings
+  udp_other_timeout = 30
+  udp_stream_timeout = 120
+
+  # Specify the site (optional)
+  # site = "default"
+}

examples/resources/unifi_setting_usw/resource.tf

@@ -0,0 +1,7 @@
+resource "unifi_setting_usw" "example" {
+  # Enable DHCP snooping to protect against rogue DHCP servers
+  dhcp_snoop = true
+  
+  # Specify the site (optional, defaults to site configured in provider, otherwise "default")
+  # site = "default"
+}