mirror of https://github.com/itme-brain/nixos.git synced 2026-03-23 16:29:42 -04:00

History

Bryan Ramos 14efa80cab refactor: reorganize flake structure and consolidate user config Directory structure: - Move from src/ to root level (system/, user/) - Remove unused machines (workstation, vm, laptop) User configuration: - Add user/home.nix for shared defaults (pass, essentials, default modules) - Centralize user options in user/default.nix - Move submodules to consistent paths (bash/bash, git/git, neovim/nvim, vim/vim) Module reorganization: - Flatten nested module structures (remove /modules/ subdirs) - Split CLI vs GUI tools (dev/ for CLI, gui/dev/ for GUI) - Move neovim/vim to top-level modules (not under utils/) - Remove security.enable - pass now in user/home.nix - Remove utils.enable - essentials now in user/home.nix - Add security/yubikey module with yubikey-manager, age-plugin-yubikey - Move pcb, design to gui/dev/ - Replace penpot docker wrapper with nixpkgs penpot-desktop - Remove i3 config - Remove deprecated wsl.nativeSystemd option GUI improvements: - Browser-focused mimeApps in gui/default.nix - Each WM handles its own auto-start via profileExtra Cleanup: - Update README with new structure - Update justfile paths and valid systems - Fix submodule paths in .gitmodules	2026-03-14 15:50:57 -04:00
..
default.nix	refactor: reorganize flake structure and consolidate user config	2026-03-14 15:50:57 -04:00
README.md	refactor: reorganize flake structure and consolidate user config	2026-03-14 15:50:57 -04:00

Bryan Ramos 14efa80cab refactor: reorganize flake structure and consolidate user config

Directory structure:
- Move from src/ to root level (system/, user/)
- Remove unused machines (workstation, vm, laptop)

User configuration:
- Add user/home.nix for shared defaults (pass, essentials, default modules)
- Centralize user options in user/default.nix
- Move submodules to consistent paths (bash/bash, git/git, neovim/nvim, vim/vim)

Module reorganization:
- Flatten nested module structures (remove /modules/ subdirs)
- Split CLI vs GUI tools (dev/ for CLI, gui/dev/ for GUI)
- Move neovim/vim to top-level modules (not under utils/)
- Remove security.enable - pass now in user/home.nix
- Remove utils.enable - essentials now in user/home.nix
- Add security/yubikey module with yubikey-manager, age-plugin-yubikey
- Move pcb, design to gui/dev/
- Replace penpot docker wrapper with nixpkgs penpot-desktop
- Remove i3 config
- Remove deprecated wsl.nativeSystemd option

GUI improvements:
- Browser-focused mimeApps in gui/default.nix
- Each WM handles its own auto-start via profileExtra

Cleanup:
- Update README with new structure
- Update justfile paths and valid systems
- Fix submodule paths in .gitmodules

2026-03-14 15:50:57 -04:00

default.nix

refactor: reorganize flake structure and consolidate user config

2026-03-14 15:50:57 -04:00

README.md

refactor: reorganize flake structure and consolidate user config

2026-03-14 15:50:57 -04:00

README.md

Frigate Camera Setup

Camera Models

Camera	Model	MAC	IP
parking_lot	W461ASC	00:1f:54:c2:d1:b1	192.168.1.194
doorbell	B463AJ	00:1f:54:a9:81:d1	192.168.1.167
living_room	W463AQ (ch1)	00:1f:54:b2:9b:1d	192.168.1.147
kitchen	W463AQ (ch2)	00:1f:54:b2:9b:1d	192.168.1.147
porch	SL300

Network Architecture

Camera network: 192.168.1.0/24 (isolated, no internet)
Server NIC: enp2s0f1 @ 192.168.1.1
WiFi AP: TP-Link RE315 @ 192.168.1.254
DHCP range: 192.168.1.100-200

RTSP URL Format

rtsp://admin:ocu?u3Su@<IP>/cam/realmonitor?channel=<CH>&subtype=0

channel=1 for single-camera devices
channel=1,2 for dual-camera devices (W463AQ)
subtype=0 for main stream, subtype=1 for sub stream

Camera Reset Procedures

W461ASC (parking_lot)

Keep camera powered on
Reset button is on the back of the camera
Press and hold reset button for 30-60 seconds until chime sounds

B463AJ (doorbell)

Remove doorbell from mount
Locate reset button on the back
Press and hold until you hear chime reset sound
Reconnect via Lorex app as new device

W463AQ (living_room/kitchen)

Keep camera powered on
Rotate the lens upwards to reveal hidden reset button
Press and hold reset button until you hear audio prompt
Flashing green Smart Security Lighting confirms reset
Solid green = not fully reset, repeat if needed

SL300 (porch)

Keep camera powered on
Tilt camera lens upwards to reveal reset/microSD card cover
Remove the cover
Press and hold reset button until audio prompt
Replace cover quickly
Wait for green LED flash + audio confirmation

Initial Setup

Temporarily enable internet for camera network:

sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o enp2s0f0 -j MASQUERADE
sudo sysctl -w net.ipv4.ip_forward=1

Connect camera to "cams" WiFi network
Use Lorex app to configure camera (requires cloud - CCP middleman)
Get camera MAC from DHCP leases:
```
cat /var/lib/dnsmasq/dnsmasq.leases
```

Add DHCP reservation in system.nix:

dhcp-host = [
  "aa:bb:cc:dd:ee:ff,192.168.1.XXX,camera_name"
];

Add MAC to firewall block list in system.nix:

iptables -A FORWARD -m mac --mac-source aa:bb:cc:dd:ee:ff -j DROP

Update camera IP in frigate/default.nix and enable

Deploy and disable internet:

nixos-rebuild switch --flake .#server --target-host server
sudo iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -o enp2s0f0 -j MASQUERADE
sudo sysctl -w net.ipv4.ip_forward=0

Storage

Frigate data is stored on /data to avoid filling root partition:

Path	Bind Mount	Contents
/var/lib/frigate	/data/frigate/lib	Database, recordings, clips
/var/cache/frigate	/data/frigate/cache	Temporary cache
/var/cache/nginx/frigate	/data/frigate/nginx-cache	API response cache

Notes

Lorex cameras are cloud-only for configuration (no local web UI responds)
RTSP works locally without internet
Cameras phone home aggressively when internet is available - keep isolated
Haswell CPU cannot hardware decode HEVC - using CPU decode
Consider T400 GPU for hardware acceleration if scaling to more cameras

Port Scan Results (W461ASC)

80/tcp - HTTP (non-responsive, proprietary)
554/tcp - RTSP (working)
8086/tcp - Proprietary
35000/tcp - Proprietary