From fbbdba1e4b5d5b542ec9a92883b4aaf798a94edd Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 21:54:26 -0400 Subject: [PATCH 01/13] cam net --- src/system/machines/server/system.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 5278443..761c826 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -143,7 +143,6 @@ interface = "enp2s0f1"; bind-interfaces = true; dhcp-range = "192.168.1.100,192.168.1.200,24h"; - # No gateway option = cameras can't route to internet }; }; From 1cfda9c67bd7b9cc3a8a2602895580957e4fb802 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 22:10:59 -0400 Subject: [PATCH 02/13] dhcp for cams --- src/system/machines/server/system.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 761c826..91db296 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -120,6 +120,7 @@ firewall = { enable = true; allowedTCPPorts = [ 22 ]; + allowedUDPPorts = [ 53 67 ]; # DNS + DHCP }; }; @@ -146,8 +147,6 @@ }; }; - networking.firewall.allowedUDPPorts = [ 53 ]; - services.fail2ban = { enable = true; maxretry = 5; From 1feef552daad528c9bd3d44ef10188a4e9329376 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 22:32:16 -0400 Subject: [PATCH 03/13] one --- src/system/machines/server/system.nix | 7 ++++++- src/system/modules/frigate/default.nix | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 91db296..30777dd 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -7,7 +7,7 @@ modules.system = { nginx.enable = true; forgejo.enable = true; - frigate.enable = false; + frigate.enable = true; immich.enable = true; bitcoin = { enable = true; @@ -144,6 +144,11 @@ interface = "enp2s0f1"; bind-interfaces = true; dhcp-range = "192.168.1.100,192.168.1.200,24h"; + + # Static DHCP reservations for cameras + dhcp-host = [ + "00:1f:54:c2:d1:b1,192.168.1.194,parking_lot" + ]; }; }; diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index 94e345c..38a88fe 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -43,7 +43,7 @@ in parking_lot = { detect.enabled = false; ffmpeg.inputs = [{ - path = "rtsp://admin:ocu?u3Su@192.168.0.59/cam/realmonitor?channel=1&subtype=0"; + path = "rtsp://admin:ocu?u3Su@192.168.1.194/cam/realmonitor?channel=1&subtype=0"; roles = [ "record" ]; }]; }; From 071f0fdca0359be19e23823f3706145ac7f09945 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 22:40:46 -0400 Subject: [PATCH 04/13] disable --- src/system/modules/frigate/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index 38a88fe..0b87446 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -20,6 +20,7 @@ in mqtt.enabled = false; cameras = { doorbell = { + enabled = false; detect.enabled = false; ffmpeg.inputs = [{ path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=0"; @@ -27,6 +28,7 @@ in }]; }; living_room = { + enabled = false; detect.enabled = false; ffmpeg.inputs = [{ path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=0"; @@ -34,6 +36,7 @@ in }]; }; kitchen = { + enabled = false; detect.enabled = false; ffmpeg.inputs = [{ path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=0"; @@ -41,6 +44,7 @@ in }]; }; parking_lot = { + enabled = true; detect.enabled = false; ffmpeg.inputs = [{ path = "rtsp://admin:ocu?u3Su@192.168.1.194/cam/realmonitor?channel=1&subtype=0"; @@ -48,6 +52,7 @@ in }]; }; porch = { + enabled = false; detect.enabled = false; ffmpeg.inputs = [{ path = "rtsp://admin:ocu?u3Su@192.168.0.43/cam/realmonitor?channel=1&subtype=0"; From ceed49531b07d9066605794f7cfc03aa3506ace8 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 22:49:23 -0400 Subject: [PATCH 05/13] hwacc --- src/system/machines/server/hardware.nix | 3 +++ src/system/modules/frigate/default.nix | 2 ++ 2 files changed, 5 insertions(+) diff --git a/src/system/machines/server/hardware.nix b/src/system/machines/server/hardware.nix index 8a9ebe5..14f8576 100644 --- a/src/system/machines/server/hardware.nix +++ b/src/system/machines/server/hardware.nix @@ -17,6 +17,9 @@ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # Enable VAAPI for hardware video acceleration + hardware.graphics.enable = true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index 0b87446..7eec5f8 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -16,8 +16,10 @@ in services.frigate = { enable = true; hostname = "frigate.${domain}"; + vaapiDriver = "i965"; # Haswell (4th gen Intel) settings = { mqtt.enabled = false; + ffmpeg.hwaccel_args = "preset-vaapi"; cameras = { doorbell = { enabled = false; From 6ded432df0878c40e67502c4ae6caf5c520da559 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 22:56:19 -0400 Subject: [PATCH 06/13] vaapi driver --- src/system/machines/server/hardware.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/system/machines/server/hardware.nix b/src/system/machines/server/hardware.nix index 14f8576..fb45e7f 100644 --- a/src/system/machines/server/hardware.nix +++ b/src/system/machines/server/hardware.nix @@ -1,4 +1,4 @@ -{ config, lib, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, ... }: { imports = [ @@ -18,7 +18,12 @@ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # Enable VAAPI for hardware video acceleration - hardware.graphics.enable = true; + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-vaapi-driver # i965 driver for Haswell + ]; + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; From a85f993041b2708b2f42c7e4a01bea21df475690 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 23:00:41 -0400 Subject: [PATCH 07/13] thing --- src/system/modules/frigate/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index 7eec5f8..5b5df16 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -16,10 +16,10 @@ in services.frigate = { enable = true; hostname = "frigate.${domain}"; - vaapiDriver = "i965"; # Haswell (4th gen Intel) + # vaapiDriver = "i965"; # Haswell only supports H.264, not HEVC settings = { mqtt.enabled = false; - ffmpeg.hwaccel_args = "preset-vaapi"; + # ffmpeg.hwaccel_args = "preset-vaapi"; # Disabled - camera uses HEVC which Haswell can't decode cameras = { doorbell = { enabled = false; From b36c53fdeae3dc104d887238c02c2e515ab852cf Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 23:53:31 -0400 Subject: [PATCH 08/13] frigate configs --- src/system/machines/server/system.nix | 8 ++ src/system/modules/backup/default.nix | 9 +- src/system/modules/frigate/README.md | 119 +++++++++++++++++++++++++ src/system/modules/frigate/default.nix | 29 ++++++ 4 files changed, 164 insertions(+), 1 deletion(-) create mode 100644 src/system/modules/frigate/README.md diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 30777dd..6420a4e 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -121,6 +121,14 @@ enable = true; allowedTCPPorts = [ 22 ]; allowedUDPPorts = [ 53 67 ]; # DNS + DHCP + extraCommands = '' + # Block specific camera MACs from forwarding (instant DROP, no timeouts) + # Add each camera MAC here as you set them up + iptables -A FORWARD -m mac --mac-source 00:1f:54:c2:d1:b1 -j DROP # parking_lot + ''; + extraStopCommands = '' + iptables -D FORWARD -m mac --mac-source 00:1f:54:c2:d1:b1 -j DROP || true + ''; }; }; diff --git a/src/system/modules/backup/default.nix b/src/system/modules/backup/default.nix index 07a3895..511b332 100644 --- a/src/system/modules/backup/default.nix +++ b/src/system/modules/backup/default.nix @@ -9,6 +9,7 @@ let # Convert absolute paths to relative for tar, preserving structure # e.g., /var/lib/forgejo -> var/lib/forgejo tarPaths = map (p: removePrefix "/" p) cfg.paths; + excludeArgs = concatMapStrings (e: "--exclude='${e}' ") cfg.exclude; backupScript = pkgs.writeShellScript "backup" '' set -euo pipefail @@ -22,7 +23,7 @@ let echo "Paths: ${concatStringsSep " " cfg.paths}" export PATH="${pkgs.age-plugin-yubikey}/bin:$PATH" - ${pkgs.gnutar}/bin/tar -C / -cf - ${concatStringsSep " " tarPaths} | \ + ${pkgs.gnutar}/bin/tar -C / ${excludeArgs}-cf - ${concatStringsSep " " tarPaths} | \ ${pkgs.age}/bin/age ${recipientArgs} -o "$TEMP_DIR/$BACKUP_NAME" ${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf copy "$TEMP_DIR/$BACKUP_NAME" "${cfg.destination}" @@ -49,6 +50,12 @@ in description = "Absolute paths to include in backup (structure preserved)"; }; + exclude = mkOption { + type = types.listOf types.str; + default = []; + description = "Patterns to exclude (passed to tar --exclude)"; + }; + recipients = mkOption { type = types.listOf types.str; default = []; diff --git a/src/system/modules/frigate/README.md b/src/system/modules/frigate/README.md new file mode 100644 index 0000000..24cb6fa --- /dev/null +++ b/src/system/modules/frigate/README.md @@ -0,0 +1,119 @@ +# Frigate Camera Setup + +## Camera Models + +| Camera | Model | MAC | IP | +|--------|-------|-----|-----| +| parking_lot | W461ASC | 00:1f:54:c2:d1:b1 | 192.168.1.194 | +| doorbell | B463AJ | | | | +| living_room | W463AQ | | | | +| kitchen | W463AQ | | | | +| porch | SL300 | | | | + +## Network Architecture + +- Camera network: 192.168.1.0/24 (isolated, no internet) +- Server NIC: enp2s0f1 @ 192.168.1.1 +- WiFi AP: TP-Link RE315 @ 192.168.1.254 +- DHCP range: 192.168.1.100-200 + +## RTSP URL Format + +``` +rtsp://admin:ocu?u3Su@/cam/realmonitor?channel=&subtype=0 +``` + +- channel=1 for single-camera devices +- channel=1,2 for dual-camera devices (W463AQ) +- subtype=0 for main stream, subtype=1 for sub stream + +## Camera Reset Procedures + +### W461ASC (parking_lot) +1. Keep camera powered on +2. Reset button is on the back of the camera +3. Press and hold reset button for 30-60 seconds until chime sounds + +### B463AJ (doorbell) +1. Remove doorbell from mount +2. Locate reset button on the back +3. Press and hold until you hear chime reset sound +4. Reconnect via Lorex app as new device + +### W463AQ (living_room/kitchen) +1. Keep camera powered on +2. Rotate the lens upwards to reveal hidden reset button +3. Press and hold reset button until you hear audio prompt +4. Flashing green Smart Security Lighting confirms reset +5. Solid green = not fully reset, repeat if needed + +### SL300 (porch) +1. Keep camera powered on +2. Tilt camera lens upwards to reveal reset/microSD card cover +3. Remove the cover +4. Press and hold reset button until audio prompt +5. Replace cover quickly +6. Wait for green LED flash + audio confirmation + +## Initial Setup + +1. Temporarily enable internet for camera network: + ```bash + sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o enp2s0f0 -j MASQUERADE + sudo sysctl -w net.ipv4.ip_forward=1 + ``` + +2. Connect camera to "cams" WiFi network + +3. Use Lorex app to configure camera (requires cloud - CCP middleman) + +4. Get camera MAC from DHCP leases: + ```bash + cat /var/lib/dnsmasq/dnsmasq.leases + ``` + +5. Add DHCP reservation in `system.nix`: + ```nix + dhcp-host = [ + "aa:bb:cc:dd:ee:ff,192.168.1.XXX,camera_name" + ]; + ``` + +6. Add MAC to firewall block list in `system.nix`: + ```nix + iptables -A FORWARD -m mac --mac-source aa:bb:cc:dd:ee:ff -j DROP + ``` + +7. Update camera IP in `frigate/default.nix` and enable + +8. Deploy and disable internet: + ```bash + nixos-rebuild switch --flake .#server --target-host server + sudo iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -o enp2s0f0 -j MASQUERADE + sudo sysctl -w net.ipv4.ip_forward=0 + ``` + +## Storage + +Frigate data is stored on /data to avoid filling root partition: + +| Path | Bind Mount | Contents | +|------|------------|----------| +| /var/lib/frigate | /data/frigate/lib | Database, recordings, clips | +| /var/cache/frigate | /data/frigate/cache | Temporary cache | +| /var/cache/nginx/frigate | /data/frigate/nginx-cache | API response cache | + +## Notes + +- Lorex cameras are cloud-only for configuration (no local web UI responds) +- RTSP works locally without internet +- Cameras phone home aggressively when internet is available - keep isolated +- Haswell CPU cannot hardware decode HEVC - using CPU decode +- Consider T400 GPU for hardware acceleration if scaling to more cameras + +## Port Scan Results (W461ASC) + +- 80/tcp - HTTP (non-responsive, proprietary) +- 554/tcp - RTSP (working) +- 8086/tcp - Proprietary +- 35000/tcp - Proprietary diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index 5b5df16..955338a 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -71,5 +71,34 @@ in forceSSL = true; }; + # Store frigate data on /data instead of root + systemd.tmpfiles.rules = [ + "d /data/frigate 0750 frigate frigate -" + "d /data/frigate/lib 0750 frigate frigate -" + "d /data/frigate/cache 0750 frigate frigate -" + "d /data/frigate/nginx-cache 0750 nginx nginx -" + ]; + + fileSystems."/var/lib/frigate" = { + device = "/data/frigate/lib"; + options = [ "bind" ]; + }; + + fileSystems."/var/cache/frigate" = { + device = "/data/frigate/cache"; + options = [ "bind" ]; + }; + + fileSystems."/var/cache/nginx/frigate" = { + device = "/data/frigate/nginx-cache"; + options = [ "bind" ]; + }; + + # Backup recordings/database, exclude caches + modules.system.backup = { + paths = [ "/data/frigate" ]; + exclude = [ "*/cache" "*/nginx-cache" ]; + }; + }; } From 60d4e53a6f839bbf77c0032cad7369a86de817af Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 23:56:01 -0400 Subject: [PATCH 09/13] upd --- src/system/modules/frigate/default.nix | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index 955338a..1462283 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -71,32 +71,25 @@ in forceSSL = true; }; - # Store frigate data on /data instead of root + # Bind mount caches into the 3TB frigate LVM volume systemd.tmpfiles.rules = [ - "d /data/frigate 0750 frigate frigate -" - "d /data/frigate/lib 0750 frigate frigate -" - "d /data/frigate/cache 0750 frigate frigate -" - "d /data/frigate/nginx-cache 0750 nginx nginx -" + "d /var/lib/frigate/cache 0750 frigate frigate -" + "d /var/lib/frigate/nginx-cache 0750 nginx nginx -" ]; - fileSystems."/var/lib/frigate" = { - device = "/data/frigate/lib"; - options = [ "bind" ]; - }; - fileSystems."/var/cache/frigate" = { - device = "/data/frigate/cache"; + device = "/var/lib/frigate/cache"; options = [ "bind" ]; }; fileSystems."/var/cache/nginx/frigate" = { - device = "/data/frigate/nginx-cache"; + device = "/var/lib/frigate/nginx-cache"; options = [ "bind" ]; }; # Backup recordings/database, exclude caches modules.system.backup = { - paths = [ "/data/frigate" ]; + paths = [ "/var/lib/frigate" ]; exclude = [ "*/cache" "*/nginx-cache" ]; }; From 95f2454465d9225361829b60d1b2eedb5a4a8b96 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Sat, 14 Mar 2026 00:02:16 -0400 Subject: [PATCH 10/13] disable btc --- src/system/machines/server/system.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 6420a4e..a35fbd3 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -9,11 +9,11 @@ forgejo.enable = true; frigate.enable = true; immich.enable = true; - bitcoin = { - enable = true; - electrum.enable = true; - clightning.enable = true; - }; + # bitcoin = { + # enable = true; + # electrum.enable = true; + # clightning.enable = true; + # }; backup = { enable = true; From 247b8e20662e4f28c031f49f7a1553da06236c5a Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Sat, 14 Mar 2026 00:17:49 -0400 Subject: [PATCH 11/13] added cam --- src/system/machines/server/system.nix | 3 +++ src/system/modules/frigate/README.md | 6 +++--- src/system/modules/frigate/default.nix | 8 ++++---- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index a35fbd3..fc30148 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -125,9 +125,11 @@ # Block specific camera MACs from forwarding (instant DROP, no timeouts) # Add each camera MAC here as you set them up iptables -A FORWARD -m mac --mac-source 00:1f:54:c2:d1:b1 -j DROP # parking_lot + iptables -A FORWARD -m mac --mac-source 00:1f:54:b2:9b:1d -j DROP # living_room/kitchen ''; extraStopCommands = '' iptables -D FORWARD -m mac --mac-source 00:1f:54:c2:d1:b1 -j DROP || true + iptables -D FORWARD -m mac --mac-source 00:1f:54:b2:9b:1d -j DROP || true ''; }; }; @@ -156,6 +158,7 @@ # Static DHCP reservations for cameras dhcp-host = [ "00:1f:54:c2:d1:b1,192.168.1.194,parking_lot" + "00:1f:54:b2:9b:1d,192.168.1.147,living_room_kitchen" ]; }; }; diff --git a/src/system/modules/frigate/README.md b/src/system/modules/frigate/README.md index 24cb6fa..3e2ac53 100644 --- a/src/system/modules/frigate/README.md +++ b/src/system/modules/frigate/README.md @@ -5,9 +5,9 @@ | Camera | Model | MAC | IP | |--------|-------|-----|-----| | parking_lot | W461ASC | 00:1f:54:c2:d1:b1 | 192.168.1.194 | -| doorbell | B463AJ | | | | -| living_room | W463AQ | | | | -| kitchen | W463AQ | | | | +| doorbell | B463AJ | | | +| living_room | W463AQ (ch1) | 00:1f:54:b2:9b:1d | 192.168.1.147 | +| kitchen | W463AQ (ch2) | 00:1f:54:b2:9b:1d | 192.168.1.147 | | porch | SL300 | | | | ## Network Architecture diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index 1462283..ca3be7f 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -30,18 +30,18 @@ in }]; }; living_room = { - enabled = false; + enabled = true; detect.enabled = false; ffmpeg.inputs = [{ - path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=0"; + path = "rtsp://admin:ocu?u3Su@192.168.1.147/cam/realmonitor?channel=1&subtype=0"; roles = [ "record" ]; }]; }; kitchen = { - enabled = false; + enabled = true; detect.enabled = false; ffmpeg.inputs = [{ - path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=0"; + path = "rtsp://admin:ocu?u3Su@192.168.1.147/cam/realmonitor?channel=2&subtype=0"; roles = [ "record" ]; }]; }; From 87687d61708e358dd580ff67a0bd8defa318a108 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Sat, 14 Mar 2026 00:52:49 -0400 Subject: [PATCH 12/13] doorbell --- src/system/machines/server/system.nix | 3 +++ src/system/modules/frigate/README.md | 2 +- src/system/modules/frigate/default.nix | 5 +++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index fc30148..c290f9d 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -126,10 +126,12 @@ # Add each camera MAC here as you set them up iptables -A FORWARD -m mac --mac-source 00:1f:54:c2:d1:b1 -j DROP # parking_lot iptables -A FORWARD -m mac --mac-source 00:1f:54:b2:9b:1d -j DROP # living_room/kitchen + iptables -A FORWARD -m mac --mac-source 00:1f:54:a9:81:d1 -j DROP # doorbell ''; extraStopCommands = '' iptables -D FORWARD -m mac --mac-source 00:1f:54:c2:d1:b1 -j DROP || true iptables -D FORWARD -m mac --mac-source 00:1f:54:b2:9b:1d -j DROP || true + iptables -D FORWARD -m mac --mac-source 00:1f:54:a9:81:d1 -j DROP || true ''; }; }; @@ -159,6 +161,7 @@ dhcp-host = [ "00:1f:54:c2:d1:b1,192.168.1.194,parking_lot" "00:1f:54:b2:9b:1d,192.168.1.147,living_room_kitchen" + "00:1f:54:a9:81:d1,192.168.1.167,doorbell" ]; }; }; diff --git a/src/system/modules/frigate/README.md b/src/system/modules/frigate/README.md index 3e2ac53..0166264 100644 --- a/src/system/modules/frigate/README.md +++ b/src/system/modules/frigate/README.md @@ -5,7 +5,7 @@ | Camera | Model | MAC | IP | |--------|-------|-----|-----| | parking_lot | W461ASC | 00:1f:54:c2:d1:b1 | 192.168.1.194 | -| doorbell | B463AJ | | | +| doorbell | B463AJ | 00:1f:54:a9:81:d1 | 192.168.1.167 | | living_room | W463AQ (ch1) | 00:1f:54:b2:9b:1d | 192.168.1.147 | | kitchen | W463AQ (ch2) | 00:1f:54:b2:9b:1d | 192.168.1.147 | | porch | SL300 | | | | diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index ca3be7f..5d8d9a7 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -20,12 +20,13 @@ in settings = { mqtt.enabled = false; # ffmpeg.hwaccel_args = "preset-vaapi"; # Disabled - camera uses HEVC which Haswell can't decode + record.enabled = true; cameras = { doorbell = { - enabled = false; + enabled = true; detect.enabled = false; ffmpeg.inputs = [{ - path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=0"; + path = "rtsp://admin:ocu?u3Su@192.168.1.167/cam/realmonitor?channel=1&subtype=0"; roles = [ "record" ]; }]; }; From ac95d1c23d75dd095083e4b914562279b67bf140 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Sat, 14 Mar 2026 01:17:58 -0400 Subject: [PATCH 13/13] disabled until hwacc --- src/system/modules/frigate/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix index 5d8d9a7..11c14d3 100644 --- a/src/system/modules/frigate/default.nix +++ b/src/system/modules/frigate/default.nix @@ -31,7 +31,7 @@ in }]; }; living_room = { - enabled = true; + enabled = false; detect.enabled = false; ffmpeg.inputs = [{ path = "rtsp://admin:ocu?u3Su@192.168.1.147/cam/realmonitor?channel=1&subtype=0"; @@ -39,7 +39,7 @@ in }]; }; kitchen = { - enabled = true; + enabled = false; detect.enabled = false; ffmpeg.inputs = [{ path = "rtsp://admin:ocu?u3Su@192.168.1.147/cam/realmonitor?channel=2&subtype=0";