working config until we can get a hardware accelerator on frigate

2026-01-20 05:54:13 -05:00 · 2025-03-07 14:16:07 -05:00 · 2025-03-07 14:16:07 -05:00 · 8d617d3bd3
commit 8d617d3bd3
parent 16773814c9
2 changed files with 14 additions and 7 deletions
--- a/flake.lock
+++ b/flake.lock
@ -172,11 +172,11 @@
    },
    "nix-secrets": {
      "locked": {
-        "lastModified": 1739808207,
-        "narHash": "sha256-zIUNDAM1bpto8VYWF9y+4KLxWZlEiFnUynjofbQX6vI=",
+        "lastModified": 1741374154,
+        "narHash": "sha256-O/51DBBSrqx8yD9iQ5q1UBRwFTHdwrvng873h/KtPeU=",
        "ref": "refs/heads/master",
-        "rev": "5794fabd27b350f7787b666b255acdffdc8aef6f",
-        "revCount": 48,
+        "rev": "8f0feec3a43a68641fa85d95b05ec3f4bd4468a3",
+        "revCount": 50,
        "type": "git",
        "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
      },
--- a/modules/users/overseer/services/frigate.nix
+++ b/modules/users/overseer/services/frigate.nix
@ -8,6 +8,7 @@ in
    ...
  }: let
    frigateConfig = pkgs.writeText "config.yaml" (lib.generators.toYAML {} {
+      auth.reset_admin_password = true; # roll the admin password every restart, depend on user accounts for long-lived access
      tls.enabled = false; # off because we're doing ssl through nginx
      mqtt = {
        # TODO: add mqtt broker
@ -35,9 +36,6 @@ in
      #############
      # Detectors #
      #############
-      detectors = {
-        onnx_0.type = "onnx";
-      };
      #################
      # Camera config #
      #################
@ -90,6 +88,14 @@ in
    });
  in
    lib.mkIf config.user.overseer.enable {
+      sops = {
+        templates."frigate_env".content = ''
+          FRIGATE_JWT_SECRET=${config.sops.placeholder."frigate/jwt"}
+        '';
+        secrets = {
+          "frigate/jwt" = {};
+        };
+      };
      systemd.tmpfiles.rules = [
        "d ${volumePath}/frigate"
        "d ${volumePath}/frigate/config"
@ -104,6 +110,7 @@ in
        containers = {
          "frigate" = {
            image = "ghcr.io/blakeblackshear/frigate:stable";
+            environmentFiles = [config.sops.templates."frigate_env".path];
            volumes = [
              "/etc/localtime:/etc/localtime:ro"
              "${volumePath}/frigate/media/frigate:/media/frigate"