JakeHillion/nixos
1
0
Fork 0
Code Issues 10 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

frigate: initial setup
Some checks failed
flake / flake (push) Failing after 20s
Details

Browse Source
This commit is contained in:
Jake Hillion 2024-09-08 17:35:41 +01:00
parent 8933d38d36
commit 3d01efc0db
8 changed files with 66 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hosts/microserver.home.ts.hillion.co.uk/default.nix
View File

@ -23,12 +23,6 @@
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets."tailscale/microserver.home.ts.hillion.co.uk".path;
useRoutingFeatures = "server";
extraUpFlags = [
"--advertise-routes"
"10.64.50.0/24,10.239.19.0/24"
"--advertise-exit-node"
];
};
## Enable IoT VLAN
@ -43,11 +37,6 @@
bluetooth.enable = true;
};
## Enable IP forwarding for Tailscale
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = true;
};
## Run a persistent iperf3 server
services.iperf3.enable = true;
services.iperf3.openFirewall = true;

6
hosts/router.home.ts.hillion.co.uk/default.nix
View File

@ -324,6 +324,12 @@
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets."tailscale/router.home.ts.hillion.co.uk".path;
useRoutingFeatures = "server";
extraSetFlags = [
"--advertise-routes"
"10.64.50.0/24,10.239.19.0/24,10.133.145.0/24"
"--advertise-exit-node"
];
};
## Enable btrfs compression

1
modules/locations.nix
View File

@ -21,6 +21,7 @@ in
services = {
authoritative_dns = [ "boron.cx.ts.hillion.co.uk" ];
downloads = "tywin.storage.ts.hillion.co.uk";
frigate = "boron.cx.ts.hillion.co.uk";
gitea = "boron.cx.ts.hillion.co.uk";
homeassistant = "microserver.home.ts.hillion.co.uk";
mastodon = "";

1
modules/services/authoritative_dns.nix
View File

@ -40,6 +40,7 @@ in
restic.tywin.storage 21600 CNAME tywin.storage.ts.hillion.co.uk.
sonarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
zigbee2mqtt.home 21600 CNAME router.home.ts.hillion.co.uk.
frigate 21600 CNAME boron.cx.ts.hillion.co.uk.
'' + (makeRecords "A" config.custom.dns.authoritative.ipv4.uk.co.hillion.ts) + "\n\n" + (makeRecords "AAAA" config.custom.dns.authoritative.ipv6.uk.co.hillion.ts);
};

1
modules/services/default.nix
View File

@ -4,6 +4,7 @@
imports = [
./authoritative_dns.nix
./downloads.nix
./frigate.nix
./gitea/default.nix
./homeassistant.nix
./mastodon/default.nix

54
modules/services/frigate.nix Normal file
View File

@ -0,0 +1,54 @@
{ config, pkgs, lib, ... }:
let
cfg = config.custom.services.frigate;
in
{
options.custom.services.frigate = {
enable = lib.mkEnableOption "frigate";
};
config = lib.mkIf cfg.enable {
age.secrets."frigate/secrets.env".file = ../../secrets/frigate/secrets.env.age;
services.frigate = {
enable = true;
settings = {
tls.enabled = false;
auth.trusted_proxies = [ "127.0.0.1" ];
cameras = {
living_room = {
enabled = true;
ffmpeg.inputs = [
{
path = "rtsp://admin:{FRIGATE_RTSP_PASSWORD}@10.133.145.2:554/h264Preview_01_sub";
roles = [ "detect" "audio" ];
}
{
path = "rtsp://admin:{FRIGATE_RTSP_PASSWORD}@10.133.145.2:554/";
roles = [ "record" ];
}
];
};
};
};
};
systemd.services.frigate.unitConfig.EnvironmentFile = config.age.secrets."frigate/secrets.env".path;
services.caddy = {
enable = true;
virtualHosts = [{
name = "frigate.ts.hillion.co.uk";
extraConfig = ''
reverse_proxy SOMEWHERE
tls {
ca https://ca.ts.hillion.co.uk:8443/acme/acme/directory
}
'';
}];
};
};
}

BIN
secrets/frigate/secrets.env.age Normal file
View File

Binary file not shown.

3
secrets/secrets.nix
View File

@ -131,4 +131,7 @@ in
"certs/gitea.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"certs/homeassistant.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"certs/links.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
# Frigate secrets
"frigate/secrets.env.age".publicKeys = jake_users ++ [ ts.cx.boron ];
}