integrated frigate

2026-03-24 00:29:43 -04:00 · 2025-10-06 22:09:42 -04:00 · 2025-10-06 22:09:42 -04:00 · 0bcd891c7c
commit 0bcd891c7c
parent f1de6cf3ee
6 changed files with 25 additions and 109 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,12 +0,0 @@
 keys:
  - &users:
    - &bryan F1F3466458452B2DF351F1E864D12BA95ACE1F2D
  - &hosts:
    - &server age1jvqcc984v5xr8yhwm72arsy2hx6rm9gvsr7zeeasvcl0k2l9efmsgys3eg
 creation_rules:
  - path_regex: src/system/modules/frigate/secrets.ya?ml$
    key_groups:
      - age:
        - *server
      - pgp:
        - *bryan
--- a/flake.lock
+++ b/flake.lock
@ -137,28 +137,7 @@
        "home-manager": "home-manager",
        "nixos-wsl": "nixos-wsl",
        "nixpkgs": "nixpkgs",
-        "nur": "nur",
+        "nur": "nur"
        "sops-nix": "sops-nix"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1752544651,
        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
        "owner": "mic92",
        "repo": "sops-nix",
        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
        "type": "github"
      },
      "original": {
        "owner": "mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "treefmt-nix": {
--- a/flake.nix
+++ b/flake.nix
@ -15,13 +15,9 @@
      url = "github:nix-community/NixOS-WSL/2411.6.0";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      url = "github:mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  outputs = { self, nixpkgs, nur, home-manager, nixos-wsl, sops-nix }:
+  outputs = { self, nixpkgs, nur, home-manager, nixos-wsl }:
  let
    system = "x86_64-linux";
    pkgs = import nixpkgs {
@ -60,7 +56,6 @@
        inherit system pkgs;
        modules = [
          ./src/system/machines/server
          sops-nix.nixosModules.sops
          home-manager.nixosModules.home-manager
            (import ./src/system/machines/server/modules/home-manager)
        ];
--- a/src/system/machines/server/secrets.yaml
+++ b/src/system/machines/server/secrets.yaml
@ -1,43 +0,0 @@
 camera_user: ENC[AES256_GCM,data:wEsLmNE=,iv:v+iPUD9pTMroUfCi6Q/fr38WUIV6nQkSKRwTlaWAE8g=,tag:YpHjExxYBN9h96rilf9oQg==,type:str]
 camera_pass: ENC[AES256_GCM,data:n2r7rGMoEZmWnsc=,iv:7pZvNvanU2XqSgKcPqKD+beqXbdkDP8e2bdO+xCACLA=,tag:zA426rjuUp6v6WfvSbiGJQ==,type:str]
 sops:
    shamir_threshold: 2
    key_groups:
        - hc_vault: []
          age:
            - recipient: age1jvqcc984v5xr8yhwm72arsy2hx6rm9gvsr7zeeasvcl0k2l9efmsgys3eg
              enc: |
                -----BEGIN AGE ENCRYPTED FILE-----
                YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJc3hwWEY1YlRCckM5cTRJ
                em1kMUtGZFdwMzkzek9MdlB1TGwyOHorb2l3ClpMYmtPQkNHcGphcnIrVVdQc1R3
                a3p4c1NvK2gvTEZRWEQ4VTR4OFpFZWMKLS0tIFpSdTRxcVl3WHgrVlk4N1VXOGUv
                YUYydFpLeUxENW1HeGlua1VMYnRlN2sKLq7rx6l5bkSdiAACJFlozCBjVJP2wiJQ
                jQAzLUzkOJVSc3Qnnbsn8FuQjCRp25HKMYKd2pxOfAbT0CCh+yFKU8s=
                -----END AGE ENCRYPTED FILE-----
        - pgp:
            - created_at: "2025-07-15T05:20:56Z"
              enc: |-
                -----BEGIN PGP MESSAGE-----
                hQIMAwTOId9Kyu/jAQ//bJERY8tWurpRZ8CScN6Wj/Q7fR1jUJzn2ZDwJll+/ooM
                fV1U6UJoD76hyrhNi8Nx1IGqVKooZ51PWaUy3EXuSlkECQ04ApxM37uiEFmgU2mH
                HYIveY1i7ebkaAsjD6a+BuK0Dj04KwQpzAZE+CphUTVgbzS8Z1F/ToYQY9taPcuz
                aYVbuETl1CRyEeJjuJbRnPdndINFgIhSOM/27cgZBSo/dzS6CQZbZXz4nBmSCXpM
                j/b6STe2dw/fr9wx8Xwqs520w2bmEBYTAaYP6pkQ2xrUiaGAGyHvqSIr97Dm/a5L
                i3PrXWmdfDLco+dKXtE0FnXa2lcANarIR9xd1QEzI8iby3VIvJx49ScrnETrOupW
                eekho9t0LwZFHP6PrWtKtB3WxKkvyXqu8f0BrUkEZ2aUFhZW15ax1k/kNiyZJFy6
                vevAjmYtLtHBTUomm9cKxZcxWbwKwDWn7sN5qWSyjz+rgiLE1Wi98K7pKwKzWTVs
                E8sb5MUf49KXEISBkQgfdAEV92Ia47aopg+S2RaNNBGbjfZahQhkrBsi5ap8VLMN
                skgbysaG+WY6sYYP4zoFrQFMXKvf146oAqNEs5/QoAi33oj0SZyaV+VgreDYGfrI
                VnpgUJM2OLSgcIej8eveT5Gu8MrPBqlKa8+n9gRdaVz7d0g4hdT1EpfJN8YXRaTS
                XQGTAxb9OoYD/KcTZAxhD0hYJKUHixFyOL96w+k06TXpkqdRveThthT0n6x8ynlO
                mxF9u6aLvfLpjZxgaDWYO/I3ypy5Fx0N/3JtC1wt8AGrEbHW4Y6iciFu2bPDig==
                =OBwx
                -----END PGP MESSAGE-----
              fp: F1F3466458452B2DF351F1E864D12BA95ACE1F2D
          hc_vault: []
          age: []
    lastmodified: "2025-07-15T05:21:09Z"
    mac: ENC[AES256_GCM,data:JDlohVG3MM6KwrnWhBXAiM5dCNtmDyyO03vrbAG32JbWjXbdnzqgG95cTe+X17pbilc3p3F/IQRjNxt1EziIDeLmrTszLPxpdBUEUuNUOJ2RBZ6IlBdBo4gitTOwlOAxh/Uo7qr+gvJCsyiyHvr4Zti27ZDcExe2oVxcLf3M988=,iv:ntCT1a+FSpOKCtmCXyXIdQJ08qrONaMu/+qMUiz0DRQ=,tag:d6T9BpVdy1cnYVHb7PczBw==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2
--- a/src/system/machines/server/system.nix
+++ b/src/system/machines/server/system.nix
@ -109,6 +109,13 @@
    };
  };
  virtualisation.vmVariant = {
    virtualisation.forwardPorts = [
      { from = "host"; host.port = 5000; guest.port = 5000; }
    ];
  };
  services.openssh = {
    enable = true;
    startWhenNeeded = true;
@ -117,13 +124,4 @@
      PasswordAuthentication = false;
    };
  };
  sops = {
    defaultSopsFile = ./secrets.yaml;
    defaultSopsFormat = "yaml";
    age = {
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = true;
    };
  };
 }
--- a/src/system/modules/frigate/default.nix
+++ b/src/system/modules/frigate/default.nix
@ -8,17 +8,14 @@ let
 in
 { options.modules.system.frigate = { enable = mkEnableOption "Enable Frigate NVR"; };
  config = mkIf cfg.enable {
    sops = {
      secrets = {
        camera_user = {};
        camera_pass = {};
      };
    };
    services.frigate = {
      enable = true;
      hostname = "frigate";
      settings = {
        web = {
          bind_address = "0.0.0.0";
          port = "5000";
        };
        mqtt = {
          enabled = true;
          host = "localhost";
@ -28,11 +25,11 @@ in
            ffmpeg = {
              inputs = [
                {
-                  path = "rtsp://user:password@192.168.0.108/cam/realmonitor?channel=1&subtype=0";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=0";
                  roles = [ "record" ];
                }
                {
-                  path = "rtsp://user:password@192.168.0.108/cam/realmonitor?channel=1&subtype=1";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=1";
                  roles = [ "detect" ];
                }
              ];
@ -42,11 +39,11 @@ in
            ffmpeg = {
              inputs = [
                {
-                  path = "rtsp://user:password@192.168.0.181/cam/realmonitor?channel=1&subtype=0";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=0";
                  roles = [ "record" ];
                }
                {
-                  path = "rtsp://user:password@192.168.0.181/cam/realmonitor?channel=1&subtype=1";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=1";
                  roles = [ "detect" ];
                }
              ];
@ -56,11 +53,11 @@ in
            ffmpeg = {
              inputs = [
                {
-                  path = "rtsp://user:password@192.168.0.181/cam/realmonitor?channel=2&subtype=0";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=0";
                  roles = [ "record" ];
                }
                {
-                  path = "rtsp://user:password@192.168.0.181/cam/realmonitor?channel=2&subtype=1";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=1";
                  roles = [ "detect" ];
                }
              ];
@ -70,11 +67,11 @@ in
            ffmpeg = {
              inputs = [
                {
-                  path = "rtsp://user:password@192.168.0.59/cam/realmonitor?channel=1&subtype=0";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=0";
                  roles = [ "record" ];
                }
                {
-                  path = "rtsp://user:password@192.168.0.59/cam/realmonitor?channel=1&subtype=1";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=1";
                  roles = [ "detect" ];
                }
              ];
@ -84,11 +81,11 @@ in
            ffmpeg = {
              inputs = [
                {
-                  path = "rtsp://user:password@192.168.0.108/cam/realmonitor?channel=1&subtype=0";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=0";
                  roles = [ "record" ];
                }
                {
-                  path = "rtsp://user:password@192.168.0.108/cam/realmonitor?channel=1&subtype=1";
+                  path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=1";
                  roles = [ "detect" ];
                }
              ];
@ -97,5 +94,7 @@ in
        };
      };
    };
    networking.firewall.allowedTCPPorts = [ 5000 ];
  };
 }