From 8d617d3bd3c9648691e193105a731471b29476f2 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Fri, 7 Mar 2025 14:16:07 -0500
Subject: [PATCH] working config until we can get a hardware accelerator on
 frigate

---
 flake.lock                                  |  8 ++++----
 modules/users/overseer/services/frigate.nix | 13 ++++++++++---
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/flake.lock b/flake.lock
index e3e4940..337078d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -172,11 +172,11 @@
     },
     "nix-secrets": {
       "locked": {
-        "lastModified": 1739808207,
-        "narHash": "sha256-zIUNDAM1bpto8VYWF9y+4KLxWZlEiFnUynjofbQX6vI=",
+        "lastModified": 1741374154,
+        "narHash": "sha256-O/51DBBSrqx8yD9iQ5q1UBRwFTHdwrvng873h/KtPeU=",
         "ref": "refs/heads/master",
-        "rev": "5794fabd27b350f7787b666b255acdffdc8aef6f",
-        "revCount": 48,
+        "rev": "8f0feec3a43a68641fa85d95b05ec3f4bd4468a3",
+        "revCount": 50,
         "type": "git",
         "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
       },
diff --git a/modules/users/overseer/services/frigate.nix b/modules/users/overseer/services/frigate.nix
index b79d6f4..e4ce24d 100644
--- a/modules/users/overseer/services/frigate.nix
+++ b/modules/users/overseer/services/frigate.nix
@@ -8,6 +8,7 @@ in
     ...
   }: let
     frigateConfig = pkgs.writeText "config.yaml" (lib.generators.toYAML {} {
+      auth.reset_admin_password = true; # roll the admin password every restart, depend on user accounts for long-lived access
       tls.enabled = false; # off because we're doing ssl through nginx
       mqtt = {
         # TODO: add mqtt broker
@@ -35,9 +36,6 @@ in
       #############
       # Detectors #
       #############
-      detectors = {
-        onnx_0.type = "onnx";
-      };
       #################
       # Camera config #
       #################
@@ -90,6 +88,14 @@ in
     });
   in
     lib.mkIf config.user.overseer.enable {
+      sops = {
+        templates."frigate_env".content = ''
+          FRIGATE_JWT_SECRET=${config.sops.placeholder."frigate/jwt"}
+        '';
+        secrets = {
+          "frigate/jwt" = {};
+        };
+      };
       systemd.tmpfiles.rules = [
         "d ${volumePath}/frigate"
         "d ${volumePath}/frigate/config"
@@ -104,6 +110,7 @@ in
         containers = {
           "frigate" = {
             image = "ghcr.io/blakeblackshear/frigate:stable";
+            environmentFiles = [config.sops.templates."frigate_env".path];
             volumes = [
               "/etc/localtime:/etc/localtime:ro"
               "${volumePath}/frigate/media/frigate:/media/frigate"