From 1792a4f1497d3331abd0aa45d96e25fb73ff1b65 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Sun, 26 Oct 2025 09:36:48 -0400
Subject: [PATCH] unset readonly for frigate configuration for ease of setting
 up new things, just need to remember to move it to nix when I add stuff

---
 modules/services/frigate/default.nix | 126 ++++++++++++++-------------
 1 file changed, 65 insertions(+), 61 deletions(-)

diff --git a/modules/services/frigate/default.nix b/modules/services/frigate/default.nix
index 40f63de..047763a 100644
--- a/modules/services/frigate/default.nix
+++ b/modules/services/frigate/default.nix
@@ -1,13 +1,15 @@
 let
   volumePath = "/overseer/services";
 in
-  {
-    pkgs,
-    lib,
-    config,
-    ...
-  }: let
-    frigateConfig = pkgs.writeText "config.yaml" (lib.generators.toYAML {} {
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  frigateConfig = pkgs.writeText "config.yaml" (
+    lib.generators.toYAML { } {
       auth.reset_admin_password = true; # roll the admin password every restart, depend on user accounts for long-lived access
       tls.enabled = false; # off because we're doing ssl through the proxy
       mqtt = {
@@ -96,11 +98,11 @@ in
             inputs = [
               {
                 path = "rtsp://127.0.0.1:8554/wce-0001";
-                roles = ["record"];
+                roles = [ "record" ];
               }
               {
                 path = "rtsp://127.0.0.1:8554/wce-0001_sub";
-                roles = ["detect"];
+                roles = [ "detect" ];
               }
             ];
           };
@@ -119,7 +121,7 @@ in
             };
           };
           review = {
-            alerts.labels = [];
+            alerts.labels = [ ];
             detections.labels = [
               "person"
               "cat"
@@ -131,11 +133,11 @@ in
             inputs = [
               {
                 path = "rtsp://127.0.0.1:8554/wce-0002";
-                roles = ["record"];
+                roles = [ "record" ];
               }
               {
                 path = "rtsp://127.0.0.1:8554/wce-0002_sub";
-                roles = ["detect"];
+                roles = [ "detect" ];
               }
             ];
           };
@@ -153,11 +155,11 @@ in
             inputs = [
               {
                 path = "rtsp://127.0.0.1:8554/wce-0003";
-                roles = ["record"];
+                roles = [ "record" ];
               }
               {
                 path = "rtsp://127.0.0.1:8554/wce-0003_sub";
-                roles = ["detect"];
+                roles = [ "detect" ];
               }
             ];
           };
@@ -189,53 +191,55 @@ in
         #   detect.enabled = true;
         # };
       };
-    });
-  in {
-    sops = {
-      templates."frigate_env".content = ''
-        FRIGATE_JWT_SECRET=${config.sops.placeholder."frigate/jwt"}
-      '';
-      secrets = {
-        "frigate/jwt" = {};
+    }
+  );
+in
+{
+  sops = {
+    templates."frigate_env".content = ''
+      FRIGATE_JWT_SECRET=${config.sops.placeholder."frigate/jwt"}
+    '';
+    secrets = {
+      "frigate/jwt" = { };
+    };
+  };
+  systemd.tmpfiles.rules = [
+    "d ${volumePath}/frigate"
+    "d ${volumePath}/frigate/media/frigate"
+    "d ${volumePath}/frigate/db"
+    "f ${volumePath}/frigate/db/frigate.db"
+  ];
+  ###########
+  # Service #
+  ###########
+
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers = {
+      "frigate" = {
+        image = "ghcr.io/blakeblackshear/frigate:stable";
+        environmentFiles = [ config.sops.templates."frigate_env".path ];
+        volumes = [
+          "/etc/localtime:/etc/localtime:ro"
+          "${volumePath}/frigate/media/frigate:/media/frigate"
+          "${frigateConfig}:/config/config.yaml" # :ro to set to readonly
+          "${volumePath}/frigate/db/frigate.db:/config/frigate.db"
+        ];
+        extraOptions = [
+          "--shm-size=612m"
+          "--ip=10.88.0.10"
+        ];
+        devices = [
+          "/dev/bus/usb:/dev/bus/usb"
+        ];
       };
     };
-    systemd.tmpfiles.rules = [
-      "d ${volumePath}/frigate"
-      "d ${volumePath}/frigate/media/frigate"
-      "d ${volumePath}/frigate/db"
-      "f ${volumePath}/frigate/db/frigate.db"
-    ];
-    ###########
-    # Service #
-    ###########
+  };
 
-    virtualisation.oci-containers = {
-      backend = "podman";
-      containers = {
-        "frigate" = {
-          image = "ghcr.io/blakeblackshear/frigate:stable";
-          environmentFiles = [config.sops.templates."frigate_env".path];
-          volumes = [
-            "/etc/localtime:/etc/localtime:ro"
-            "${volumePath}/frigate/media/frigate:/media/frigate"
-            "${frigateConfig}:/config/config.yaml:ro"
-            "${volumePath}/frigate/db/frigate.db:/config/frigate.db"
-          ];
-          extraOptions = [
-            "--shm-size=612m"
-            "--ip=10.88.0.10"
-          ];
-          devices = [
-            "/dev/bus/usb:/dev/bus/usb"
-          ];
-        };
-      };
-    };
-
-    services.caddy = {
-      enable = true;
-      virtualHosts."frigate.wanderingcrow.net".extraConfig = ''
-        reverse_proxy http://10.88.0.10:8971
-      '';
-    };
-  }
+  services.caddy = {
+    enable = true;
+    virtualHosts."frigate.wanderingcrow.net".extraConfig = ''
+      reverse_proxy http://10.88.0.10:8971
+    '';
+  };
+}