frigate: initial setup

2024-09-15 17:59:59 +01:00
6 changed files with 57 additions and 63 deletions
--- a/flake.lock
+++ b/flake.lock
@ -34,11 +34,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1726188813,
-        "narHash": "sha256-Vop/VRi6uCiScg/Ic+YlwsdIrLabWUJc57dNczp0eBc=",
+        "lastModified": 1725189302,
+        "narHash": "sha256-IhXok/kwQqtusPsoguQLCHA+h6gKvgdCrkhIaN+kByA=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "21fe31f26473c180390cfa81e3ea81aca0204c80",
+        "rev": "7c4b53a7d9f3a3df902b3fddf2ae245ef20ebcda",
        "type": "github"
      },
      "original": {
@ -72,11 +72,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1725703823,
-        "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=",
+        "lastModified": 1720042825,
+        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba",
+        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
        "type": "github"
      },
      "original": {
@ -93,11 +93,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1726357542,
-        "narHash": "sha256-p4OrJL2weh0TRtaeu1fmNYP6+TOp/W2qdaIJxxQay4c=",
+        "lastModified": 1724435763,
+        "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f",
+        "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
        "type": "github"
      },
      "original": {
@ -108,11 +108,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1725690722,
-        "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=",
+        "lastModified": 1724489415,
+        "narHash": "sha256-ey8vhwY/6XCKoh7fyTn3aIQs7WeYSYtLbYEG87VCzX4=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5",
+        "rev": "c7f5b394397398c023000cf843986ee2571a1fd7",
        "type": "github"
      },
      "original": {
@ -124,11 +124,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1725885300,
-        "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
+        "lastModified": 1724878143,
+        "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
+        "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef",
        "type": "github"
      },
      "original": {
@ -139,11 +139,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1726320982,
-        "narHash": "sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw=",
+        "lastModified": 1724855419,
+        "narHash": "sha256-WXHSyOF4nBX0cvHN3DfmEMcLOVdKH6tnMk9FQ8wTNRc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8f7492cce28977fbf8bd12c72af08b1f6c7c3e49",
+        "rev": "ae2fc9e0e42caaf3f068c1bfdc11c71734125e06",
        "type": "github"
      },
      "original": {
@ -155,11 +155,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1726243404,
-        "narHash": "sha256-sjiGsMh+1cWXb53Tecsm4skyFNag33GPbVgCdfj3n9I=",
+        "lastModified": 1724819573,
+        "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059",
+        "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
        "type": "github"
      },
      "original": {
--- a/hosts/router.home.ts.hillion.co.uk/default.nix
+++ b/hosts/router.home.ts.hillion.co.uk/default.nix
@ -32,14 +32,6 @@
      nat.enable = lib.mkForce false;

      useDHCP = false;
-
-      vlans = {
-        cameras = {
-          id = 3;
-          interface = "eth2";
-        };
-      };
-
      interfaces = {
        enp1s0 = {
          name = "eth0";
@ -64,14 +56,6 @@
            }
          ];
        };
-        cameras /* cameras@eth2 */ = {
-          ipv4.addresses = [
-            {
-              address = "10.133.145.1";
-              prefixLength = 24;
-            }
-          ];
-        };
        enp4s0 = { name = "eth3"; };
        enp5s0 = { name = "eth4"; };
        enp6s0 = { name = "eth5"; };
@ -98,8 +82,8 @@

              ip protocol icmp counter accept comment "accept all ICMP types"

-              iifname { "eth0", "cameras" } ct state { established, related } counter accept
-              iifname { "eth0", "cameras" } drop
+              iifname "eth0" ct state { established, related } counter accept
+              iifname "eth0" drop
            }

            chain forward {
@ -154,7 +138,7 @@

          settings = {
            interfaces-config = {
-              interfaces = [ "eth1" "eth2" "cameras" ];
+              interfaces = [ "eth1" "eth2" ];
            };
            lease-database = {
              type = "memfile";
@ -259,29 +243,6 @@
                  }
                ];
              }
-              {
-                subnet = "10.133.145.0/24";
-                interface = "cameras";
-                pools = [{
-                  pool = "10.133.145.64 - 10.133.145.254";
-                }];
-                option-data = [
-                  {
-                    name = "routers";
-                    data = "10.133.145.1";
-                  }
-                  {
-                    name = "broadcast-address";
-                    data = "10.133.145.255";
-                  }
-                  {
-                    name = "domain-name-servers";
-                    data = "1.1.1.1, 8.8.8.8";
-                  }
-                ];
-                reservations = [
-                ];
-              }
            ];
          };
        };
--- a/modules/locations.nix
+++ b/modules/locations.nix
@ -21,6 +21,7 @@ in
        services = {
          authoritative_dns = [ "boron.cx.ts.hillion.co.uk" ];
          downloads = "tywin.storage.ts.hillion.co.uk";
+	  frigate = "boron.cx.ts.hillion.co.uk";
          gitea = "boron.cx.ts.hillion.co.uk";
          homeassistant = "microserver.home.ts.hillion.co.uk";
          mastodon = "";
--- a/modules/services/authoritative_dns.nix
+++ b/modules/services/authoritative_dns.nix
@ -40,6 +40,7 @@ in
              restic.tywin.storage  21600 CNAME tywin.storage.ts.hillion.co.uk.
              sonarr.downloads      21600 CNAME tywin.storage.ts.hillion.co.uk.
              zigbee2mqtt.home      21600 CNAME router.home.ts.hillion.co.uk.
+              frigate               21600 CNAME boron.cx.ts.hillion.co.uk.

            '' + (makeRecords "A" config.custom.dns.authoritative.ipv4.uk.co.hillion.ts) + "\n\n" + (makeRecords "AAAA" config.custom.dns.authoritative.ipv6.uk.co.hillion.ts);
        };
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -4,6 +4,7 @@
  imports = [
    ./authoritative_dns.nix
    ./downloads.nix
+    ./frigate.nix
    ./gitea/default.nix
    ./homeassistant.nix
    ./mastodon/default.nix
--- a/modules/services/frigate.nix
+++ b/modules/services/frigate.nix
@ -0,0 +1,30 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.custom.services.frigate;
+in
+{
+  options.custom.services.frigate = {
+    enable = true;
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.frigate = {
+      enable = true;
+    };
+
+    services.caddy = {
+      enable = true;
+
+      virtualHosts = [{
+        name = "frigate.ts.hillion.co.uk";
+        extraConfig = ''
+          reverse_proxy SOMEWHERE
+          tls {
+            ca https://ca.ts.hillion.co.uk:8443/acme/acme/directory
+          }
+        '';
+      }];
+    };
+  };
+}