erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Frigate

Browse source
This commit is contained in:
Erwin Boskma 2023-03-21 17:20:22 +01:00
parent 26c1a66f1c
commit a2fe3e58f1
Signed by: erwin
SSH key fingerprint: SHA256:CyeNoWXd3kjX2Nwu6pDxxdS7OqmPVOy0NavA/KU/ntU
7 changed files with 245 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
machines/default.nix
View file

@ -12,6 +12,15 @@ inputs: {
system = "aarch64-linux"; system = "aarch64-linux";
config = import ./eitri/configuration.nix inputs; config = import ./eitri/configuration.nix inputs;
}; };
frigate = {
config = import ./frigate/configuration.nix inputs;
deploy = {
host = "10.0.0.205";
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
};
};
gitea = { gitea = {
config = import ./gitea/configuration.nix inputs; config = import ./gitea/configuration.nix inputs;
deploy = { deploy = {

57
machines/frigate/configuration.nix Normal file
View file

@ -0,0 +1,57 @@
{ self, ... }:
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin.enable = true;
services = {
frigate.enable = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
# hostName = "gitea";
# useDHCP = false;
# interfaces = {
# eth0 = {
# ipv4.addresses = [
# {
# address = "10.0.0.204";
# prefixLength = 24;
# }
# ];
# };
# };
# defaultGateway = "10.0.0.1";
nameservers = [ "10.0.0.254" ];
};
proxmoxLXC = {
privileged = true;
};
security.sudo.execWheelOnly = true;
# services.openssh.enable = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
frigate = { };
};
system.stateVersion = "23.05";
}

46
machines/frigate/main.tf Normal file
View file

@ -0,0 +1,46 @@
terraform {
required_providers {
proxmox = {
source = "Telmate/proxmox"
version = "2.9.11"
}
}
}
provider "proxmox" {
pm_api_url = var.proxmox_api_url
pm_api_token_id = var.proxmox_token_id
pm_api_token_secret = var.proxmox_token_secret
pm_tls_insecure = true
}
resource "proxmox_lxc" "minio" {
target_node = "pve"
hostname = "frigate"
ostemplate = "loki:vztmpl/nixos-23.05-default_20230318_amd64.tar.xz"
unprivileged = false
onboot = true
memory = 2048
swap = 2048
rootfs {
storage = "local-lvm"
size = "32G"
}
mountpoint {
key = "0"
slot = 0
storage = "local-lvm"
mp = "/data"
size = "256G"
}
network {
name = "eth0"
bridge = "vmbr0"
ip = "10.0.0.205/24"
gw = "10.0.0.1"
}
}

30
machines/frigate/secrets.yaml Normal file
View file

@ -0,0 +1,30 @@
frigate: ENC[AES256_GCM,data:IpnLY4KUpPs4PFlIDbH6Q+pvsRIUvvEbF5v0Vuwg9/acoHPaV2GlaSTQjIe/zLIWnIwFEWlnxSlXrcrE2QzMaYBKaAm27sxIMqA3Ga6J1u8afQccpq4sZXHC+oAEDyfwPvhMLly10xKaH/0okkfNxPc/xWmh5Q==,iv:ZUCdbYURgkr8sj0pa0iLkf2JSWefhArj7TTMZ2wvbtA=,tag:kLxf0tprebU7D8XUVmWQUQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYRmRpM0JFWjJBamt2ZzJr
aTJJQkJhZTdKaUJId050aW1QeFVGVEZsb0JBCkdRLzVBNnV2YU5mYUh0MnJJeGZM
bWo4RG9OK3Flc3RncTlmK21pbkFDRG8KLS0tIGVzSnVaRHpva3p2dTJkMkRuaURB
cnNZU2sxcTF5MkdROWV5aFlOQTFrU28Kr6eeqJcW8HnbwHJQIERwqrLkczONwRTZ
jXnnDjAn9Jm1gzLNyKRNTwUwQN8ax4oIZ7RYvWQZqFDwGcaJkWJNDQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pjfysx68zqhlhc5nnyesytgjzkqgdnflve49al6uzs2wtlhadehq4naggq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYzdpeU9ta3JwSGYxWHhz
N3g2Z0U0S3lQYUhNVU11TFRKTGVOSkFuV2xJCnhZY1pldG1vSjV6NkVXdXVSN1R5
cStZd2lIdXQydUMyQWtTMzFTOEFCSFkKLS0tIFl5RjdCRVRjSGhFbTQwOTZMc3pw
U0F4c2RNdVdBcXBPRFIxbkRrTzRlaTQKoNF6VemvxCrsqv+nh8GD3V2gC+K7GOT0
FreCqv6TskUWLbFbMSh6uPq9NlQfkQ2EbZjnS61TCh81ivkuzdqXTQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-20T11:13:16Z"
mac: ENC[AES256_GCM,data:CrounB6Xsme6h2JVjW9lN5/2CGxr1jj7VVDM5Ge79/SF0TY5OQen1Fghyhdj+RnHVm2ylJbgBUtKidUDR1jakxQ0PjA9dZ63NuKIQQv1wogQIiKO4OVNqmk04IxRfs1wxKxXtiy2K89E1+fsDlDbmZt592AvyF6WKeAK5rHx0yE=,iv:j8kpMF/LaoCpfHavI3Pip9ldlR4HeNBcWhLZp5HkiVM=,tag:9+6ZA98O5AJRPIjN18ymiA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

17
machines/frigate/variables.tf Normal file
View file

@ -0,0 +1,17 @@
variable "proxmox_token_id" {
description = "Proxmox API token ID"
type = string
sensitive = true
}
variable "proxmox_token_secret" {
description = "Proxmox API token secret"
type = string
sensitive = true
}
variable "proxmox_api_url" {
description = "Proxmox API URL"
type = string
sensitive = true
}

35
modules/frigate/config.yml Normal file
View file

@ -0,0 +1,35 @@
mqtt:
host: mqtt.datarift.nl
port: 8883
user: frigate
password: "{FRIGATE_MQTT_PASSWORD}"
logger:
default: info
record:
enabled: true
retain:
days: 7
snapshots:
enabled: true
detect:
enabled: False
# ffmpeg:
# hwaccel_args: -hwaccel vaapi -hwaccel_device /dev/dri/renderD128 -hwaccel_output_format yuv420p
cameras:
hobby:
ffmpeg:
inputs:
- path: http://10.0.0.161:8080/
roles:
- record
- rtmp
input_args: -avoid_negative_ts make_zero -fflags nobuffer -flags low_delay -strict experimental -fflags +genpts+discardcorrupt -use_wallclock_as_timestamps 1 -c:v mjpeg
output_args:
record: -f segment -segment_time 10 -segment_format mp4 -reset_timestamps 1 -strftime 1 -c:v libx264 -an
rtmp: -c:v libx264 -an -f flv

51
modules/frigate/default.nix Normal file
View file

@ -0,0 +1,51 @@
{ config, lib, ... }:
with lib;
let
cfg = config.eboskma.services.frigate;
in
{
options.eboskma.services.frigate = { enable = mkEnableOption "frigate"; };
config = mkIf cfg.enable {
# docker run -d \
# --name frigate \
# --restart=unless-stopped \
# --mount type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000 \
# --device /dev/bus/usb:/dev/bus/usb \
# --device /dev/dri/renderD128 \
# --shm-size=64m \
# -v /path/to/your/storage:/media/frigate \
# -v /path/to/your/config.yml:/config/config.yml:ro \
# -v /etc/localtime:/etc/localtime:ro \
# -e FRIGATE_RTSP_PASSWORD='password' \
# -p 5000:5000 \
# -p 1935:1935 \
# blakeblackshear/frigate:stable
virtualisation.oci-containers.containers = {
frigate = {
autoStart = true;
image = "blakeblackshear/frigate:0.11.1";
ports = [
"5000:5000"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${./config.yml}:/config/config.yml:ro"
"/data/frigate:/media/frigate"
];
extraOptions = [
# "--device" "/dev/bus/usb:/dev/bus/usb"
"--device"
"/dev/dri/renderD128"
"--shm-size=128m"
"--mount"
"type=tmpfs,target=/tmp/cache,tmpfs-size=1G"
];
environmentFiles = [
config.sops.secrets.frigate.path
];
};
};
};
}