diff --git a/.sops.yaml b/.sops.yaml deleted file mode 100644 index afee4a8..0000000 --- a/.sops.yaml +++ /dev/null @@ -1,12 +0,0 @@ -keys: - - &users: - - &bryan F1F3466458452B2DF351F1E864D12BA95ACE1F2D - - &hosts: - - &server age1jvqcc984v5xr8yhwm72arsy2hx6rm9gvsr7zeeasvcl0k2l9efmsgys3eg -creation_rules: - - path_regex: src/system/modules/frigate/secrets.ya?ml$ - key_groups: - - age: - - *server - - pgp: - - *bryan diff --git a/flake.lock b/flake.lock index 63f0545..107b007 100644 --- a/flake.lock +++ b/flake.lock @@ -137,28 +137,7 @@ "home-manager": "home-manager", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", - "nur": "nur", - "sops-nix": "sops-nix" - } - }, - "sops-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", - "owner": "mic92", - "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", - "type": "github" - }, - "original": { - "owner": "mic92", - "repo": "sops-nix", - "type": "github" + "nur": "nur" } }, "treefmt-nix": { diff --git a/flake.nix b/flake.nix index f7d6588..071b675 100644 --- a/flake.nix +++ b/flake.nix @@ -15,13 +15,9 @@ url = "github:nix-community/NixOS-WSL/2411.6.0"; inputs.nixpkgs.follows = "nixpkgs"; }; - sops-nix = { - url = "github:mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; - outputs = { self, nixpkgs, nur, home-manager, nixos-wsl, sops-nix }: + outputs = { self, nixpkgs, nur, home-manager, nixos-wsl }: let system = "x86_64-linux"; pkgs = import nixpkgs { @@ -60,7 +56,6 @@ inherit system pkgs; modules = [ ./src/system/machines/server - sops-nix.nixosModules.sops home-manager.nixosModules.home-manager (import ./src/system/machines/server/modules/home-manager) ]; diff --git a/src/system/machines/server/secrets.yaml b/src/system/machines/server/secrets.yaml deleted file mode 100644 index ca9e5ad..0000000 --- a/src/system/machines/server/secrets.yaml +++ /dev/null @@ -1,43 +0,0 @@ -camera_user: ENC[AES256_GCM,data:wEsLmNE=,iv:v+iPUD9pTMroUfCi6Q/fr38WUIV6nQkSKRwTlaWAE8g=,tag:YpHjExxYBN9h96rilf9oQg==,type:str] -camera_pass: ENC[AES256_GCM,data:n2r7rGMoEZmWnsc=,iv:7pZvNvanU2XqSgKcPqKD+beqXbdkDP8e2bdO+xCACLA=,tag:zA426rjuUp6v6WfvSbiGJQ==,type:str] -sops: - shamir_threshold: 2 - key_groups: - - hc_vault: [] - age: - - recipient: age1jvqcc984v5xr8yhwm72arsy2hx6rm9gvsr7zeeasvcl0k2l9efmsgys3eg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc3hwWEY1YlRCckM5cTRJ - em1kMUtGZFdwMzkzek9MdlB1TGwyOHorb2l3ClpMYmtPQkNHcGphcnIrVVdQc1R3 - a3p4c1NvK2gvTEZRWEQ4VTR4OFpFZWMKLS0tIFpSdTRxcVl3WHgrVlk4N1VXOGUv - YUYydFpLeUxENW1HeGlua1VMYnRlN2sKLq7rx6l5bkSdiAACJFlozCBjVJP2wiJQ - jQAzLUzkOJVSc3Qnnbsn8FuQjCRp25HKMYKd2pxOfAbT0CCh+yFKU8s= - -----END AGE ENCRYPTED FILE----- - - pgp: - - created_at: "2025-07-15T05:20:56Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAwTOId9Kyu/jAQ//bJERY8tWurpRZ8CScN6Wj/Q7fR1jUJzn2ZDwJll+/ooM - fV1U6UJoD76hyrhNi8Nx1IGqVKooZ51PWaUy3EXuSlkECQ04ApxM37uiEFmgU2mH - HYIveY1i7ebkaAsjD6a+BuK0Dj04KwQpzAZE+CphUTVgbzS8Z1F/ToYQY9taPcuz - aYVbuETl1CRyEeJjuJbRnPdndINFgIhSOM/27cgZBSo/dzS6CQZbZXz4nBmSCXpM - j/b6STe2dw/fr9wx8Xwqs520w2bmEBYTAaYP6pkQ2xrUiaGAGyHvqSIr97Dm/a5L - i3PrXWmdfDLco+dKXtE0FnXa2lcANarIR9xd1QEzI8iby3VIvJx49ScrnETrOupW - eekho9t0LwZFHP6PrWtKtB3WxKkvyXqu8f0BrUkEZ2aUFhZW15ax1k/kNiyZJFy6 - vevAjmYtLtHBTUomm9cKxZcxWbwKwDWn7sN5qWSyjz+rgiLE1Wi98K7pKwKzWTVs - E8sb5MUf49KXEISBkQgfdAEV92Ia47aopg+S2RaNNBGbjfZahQhkrBsi5ap8VLMN - skgbysaG+WY6sYYP4zoFrQFMXKvf146oAqNEs5/QoAi33oj0SZyaV+VgreDYGfrI - VnpgUJM2OLSgcIej8eveT5Gu8MrPBqlKa8+n9gRdaVz7d0g4hdT1EpfJN8YXRaTS - XQGTAxb9OoYD/KcTZAxhD0hYJKUHixFyOL96w+k06TXpkqdRveThthT0n6x8ynlO - mxF9u6aLvfLpjZxgaDWYO/I3ypy5Fx0N/3JtC1wt8AGrEbHW4Y6iciFu2bPDig== - =OBwx - -----END PGP MESSAGE----- - fp: F1F3466458452B2DF351F1E864D12BA95ACE1F2D - hc_vault: [] - age: [] - lastmodified: "2025-07-15T05:21:09Z" - mac: ENC[AES256_GCM,data:JDlohVG3MM6KwrnWhBXAiM5dCNtmDyyO03vrbAG32JbWjXbdnzqgG95cTe+X17pbilc3p3F/IQRjNxt1EziIDeLmrTszLPxpdBUEUuNUOJ2RBZ6IlBdBo4gitTOwlOAxh/Uo7qr+gvJCsyiyHvr4Zti27ZDcExe2oVxcLf3M988=,iv:ntCT1a+FSpOKCtmCXyXIdQJ08qrONaMu/+qMUiz0DRQ=,tag:d6T9BpVdy1cnYVHb7PczBw==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 36a3b5d..a66d221 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -109,6 +109,13 @@ }; }; + + virtualisation.vmVariant = { + virtualisation.forwardPorts = [ + { from = "host"; host.port = 5000; guest.port = 5000; } + ]; + }; + services.openssh = { enable = true; startWhenNeeded = true; @@ -117,13 +124,4 @@ PasswordAuthentication = false; }; }; - - sops = { - defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; - age = { - keyFile = "/var/lib/sops-nix/key.txt"; - generateKey = true; - }; - }; } diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index 8909d2e..2be689f 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -8,17 +8,14 @@ let in { options.modules.system.frigate = { enable = mkEnableOption "Enable Frigate NVR"; }; config = mkIf cfg.enable { - sops = { - secrets = { - camera_user = {}; - camera_pass = {}; - }; - }; - services.frigate = { enable = true; hostname = "frigate"; settings = { + web = { + bind_address = "0.0.0.0"; + port = "5000"; + }; mqtt = { enabled = true; host = "localhost"; @@ -28,11 +25,11 @@ in ffmpeg = { inputs = [ { - path = "rtsp://user:password@192.168.0.108/cam/realmonitor?channel=1&subtype=0"; + path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=0"; roles = [ "record" ]; } { - path = "rtsp://user:password@192.168.0.108/cam/realmonitor?channel=1&subtype=1"; + path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=1"; roles = [ "detect" ]; } ]; @@ -42,11 +39,11 @@ in ffmpeg = { inputs = [ { - path = "rtsp://user:password@192.168.0.181/cam/realmonitor?channel=1&subtype=0"; + path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=0"; roles = [ "record" ]; } { - path = "rtsp://user:password@192.168.0.181/cam/realmonitor?channel=1&subtype=1"; + path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=1"; roles = [ "detect" ]; } ]; @@ -56,11 +53,11 @@ in ffmpeg = { inputs = [ { - path = "rtsp://user:password@192.168.0.181/cam/realmonitor?channel=2&subtype=0"; + path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=0"; roles = [ "record" ]; } { - path = "rtsp://user:password@192.168.0.181/cam/realmonitor?channel=2&subtype=1"; + path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=1"; roles = [ "detect" ]; } ]; @@ -70,11 +67,11 @@ in ffmpeg = { inputs = [ { - path = "rtsp://user:password@192.168.0.59/cam/realmonitor?channel=1&subtype=0"; + path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=0"; roles = [ "record" ]; } { - path = "rtsp://user:password@192.168.0.59/cam/realmonitor?channel=1&subtype=1"; + path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=1"; roles = [ "detect" ]; } ]; @@ -84,11 +81,11 @@ in ffmpeg = { inputs = [ { - path = "rtsp://user:password@192.168.0.108/cam/realmonitor?channel=1&subtype=0"; + path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=0"; roles = [ "record" ]; } { - path = "rtsp://user:password@192.168.0.108/cam/realmonitor?channel=1&subtype=1"; + path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=1"; roles = [ "detect" ]; } ]; @@ -97,5 +94,7 @@ in }; }; }; + + networking.firewall.allowedTCPPorts = [ 5000 ]; }; }