I've been considering my options to replace the Unifi controller if things get much worse and OPNsense + some terraform magic sounds like a great option.
What do you use to synchronise the APs and switch configuration? I'm talking things like SSIDs, VLANs, DHCP options etc.
Two SSIDs with RADIUS on one (which assigns VLANs) and guest access on the other.
VLANs at the switch level are handled by consumer NetGear switches. They have an HTTP interface around which one can build a simple API.
Configuration is driven by pushing from a single script. Push is not nearly as malleable as pull but it’s a very stable system. The script handles IPAM and DHCP allocations but almost everything that needs a static address is accessed via the DNS entry for its IPv6 EUI64 address.
Firewall rules between devices and other networks happen at the VLAN / subnet level — the actual IPv4 addresses aren’t needed for the rules themselves.
What do you use to synchronise the APs and switch configuration? I'm talking things like SSIDs, VLANs, DHCP options etc.