TheWanderingCrow/CrOS
1
0
Fork 0
mirror of https://github.com/TheWanderingCrow/CrOS.git synced 2026-01-10 17:34:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

unset readonly for frigate configuration for ease of setting up new things, just need to remember to move it to nix when I add stuff

Browse source
This commit is contained in:
TheWanderingCrow 2025-10-26 09:36:48 -04:00
parent d4084a869a
commit 1792a4f149
1 changed files with 65 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

126
modules/services/frigate/default.nix
View file

@ -1,13 +1,15 @@
let
volumePath = "/overseer/services";
in
{
pkgs,
lib,
config,
...
}: let
frigateConfig = pkgs.writeText "config.yaml" (lib.generators.toYAML {} {
{
pkgs,
lib,
config,
...
}:
let
frigateConfig = pkgs.writeText "config.yaml" (
lib.generators.toYAML { } {
auth.reset_admin_password = true; # roll the admin password every restart, depend on user accounts for long-lived access
tls.enabled = false; # off because we're doing ssl through the proxy
mqtt = {
@ -96,11 +98,11 @@ in
inputs = [
{
path = "rtsp://127.0.0.1:8554/wce-0001";
roles = ["record"];
roles = [ "record" ];
}
{
path = "rtsp://127.0.0.1:8554/wce-0001_sub";
roles = ["detect"];
roles = [ "detect" ];
}
];
};
@ -119,7 +121,7 @@ in
};
};
review = {
alerts.labels = [];
alerts.labels = [ ];
detections.labels = [
"person"
"cat"
@ -131,11 +133,11 @@ in
inputs = [
{
path = "rtsp://127.0.0.1:8554/wce-0002";
roles = ["record"];
roles = [ "record" ];
}
{
path = "rtsp://127.0.0.1:8554/wce-0002_sub";
roles = ["detect"];
roles = [ "detect" ];
}
];
};
@ -153,11 +155,11 @@ in
inputs = [
{
path = "rtsp://127.0.0.1:8554/wce-0003";
roles = ["record"];
roles = [ "record" ];
}
{
path = "rtsp://127.0.0.1:8554/wce-0003_sub";
roles = ["detect"];
roles = [ "detect" ];
}
];
};
@ -189,53 +191,55 @@ in
# detect.enabled = true;
# };
};
});
in {
sops = {
templates."frigate_env".content = ''
FRIGATE_JWT_SECRET=${config.sops.placeholder."frigate/jwt"}
'';
secrets = {
"frigate/jwt" = {};
}
);
in
{
sops = {
templates."frigate_env".content = ''
FRIGATE_JWT_SECRET=${config.sops.placeholder."frigate/jwt"}
'';
secrets = {
"frigate/jwt" = { };
};
};
systemd.tmpfiles.rules = [
"d ${volumePath}/frigate"
"d ${volumePath}/frigate/media/frigate"
"d ${volumePath}/frigate/db"
"f ${volumePath}/frigate/db/frigate.db"
];
###########
# Service #
###########
virtualisation.oci-containers = {
backend = "podman";
containers = {
"frigate" = {
image = "ghcr.io/blakeblackshear/frigate:stable";
environmentFiles = [ config.sops.templates."frigate_env".path ];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${volumePath}/frigate/media/frigate:/media/frigate"
"${frigateConfig}:/config/config.yaml" # :ro to set to readonly
"${volumePath}/frigate/db/frigate.db:/config/frigate.db"
];
extraOptions = [
"--shm-size=612m"
"--ip=10.88.0.10"
];
devices = [
"/dev/bus/usb:/dev/bus/usb"
];
};
};
systemd.tmpfiles.rules = [
"d ${volumePath}/frigate"
"d ${volumePath}/frigate/media/frigate"
"d ${volumePath}/frigate/db"
"f ${volumePath}/frigate/db/frigate.db"
];
###########
# Service #
###########
};
virtualisation.oci-containers = {
backend = "podman";
containers = {
"frigate" = {
image = "ghcr.io/blakeblackshear/frigate:stable";
environmentFiles = [config.sops.templates."frigate_env".path];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${volumePath}/frigate/media/frigate:/media/frigate"
"${frigateConfig}:/config/config.yaml:ro"
"${volumePath}/frigate/db/frigate.db:/config/frigate.db"
];
extraOptions = [
"--shm-size=612m"
"--ip=10.88.0.10"
];
devices = [
"/dev/bus/usb:/dev/bus/usb"
];
};
};
};
services.caddy = {
enable = true;
virtualHosts."frigate.wanderingcrow.net".extraConfig = ''
reverse_proxy http://10.88.0.10:8971
'';
};
}
services.caddy = {
enable = true;
virtualHosts."frigate.wanderingcrow.net".extraConfig = ''
reverse_proxy http://10.88.0.10:8971
'';
};
}