diff --git a/machines/frigate/configuration.nix b/machines/frigate/configuration.nix index f1b9103..d9ac358 100644 --- a/machines/frigate/configuration.nix +++ b/machines/frigate/configuration.nix @@ -1,5 +1,10 @@ -{ self, nixos-hardware, ... }: -{ modulesPath, ... }: +{ + self, + nixos-hardware, + caddy-with-plugins, + ... +}: +{ pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/lxc-container.nix") @@ -23,6 +28,16 @@ }; podman.enable = true; tailscale.enable = true; + caddy-proxy = { + enable = true; + package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + proxyHosts = [ + { + externalHostname = "frigate.datarift.nl"; + proxyAddress = "localhost:8971"; + } + ]; + }; }; time.timeZone = "Europe/Amsterdam"; @@ -73,6 +88,7 @@ sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { frigate = { }; + caddy-env = { }; }; system.stateVersion = "24.05"; diff --git a/machines/frigate/frigate/config/config.yml b/machines/frigate/frigate/config/config.yml index 17fe486..930547c 100644 --- a/machines/frigate/frigate/config/config.yml +++ b/machines/frigate/frigate/config/config.yml @@ -62,6 +62,9 @@ go2rtc: - 100.84.124.27:8555 # Tailscale - stun:8555 +tls: + enabled: False + cameras: deurbel: ffmpeg: @@ -70,7 +73,7 @@ cameras: input_args: preset-rtsp-restream roles: - record - - path: rtsp://127.0.0.1:8554/reolink_sub?video=copy + - path: rtsp://127.0.0.1:8554/reolink_sub?video=copy&audio=aac input_args: preset-rtsp-restream roles: - audio @@ -79,8 +82,8 @@ cameras: stream_name: reolink audio: enabled: True - record: - events: + review: + detections: required_zones: - erf snapshots: @@ -88,15 +91,13 @@ cameras: - erf zones: erf: - coordinates: 0,480,640,480,640,480,640,259,513,255,323,254,211,254,144,353,79,325,0,325 + coordinates: 0,1,1,1,1,1,1,0.487,0.806,0.471,0.52,0.464,0.303,0.466,0.217,0.64,0.156,0.677,0,0.677 objects: - person - cat oprit: - coordinates: 28,279,0,282,0,325,91,324 + coordinates: 0.04,0.576,0,0.578,0,0.677,0.148,0.673 objects: - car -ui: - live_mode: webrtc diff --git a/machines/frigate/frigate/default.nix b/machines/frigate/frigate/default.nix index a25e9a3..02975ec 100644 --- a/machines/frigate/frigate/default.nix +++ b/machines/frigate/frigate/default.nix @@ -1,26 +1,20 @@ -{ - pkgs, - config, - lib, - ... -}: -with lib; +{ config, ... }: { virtualisation.oci-containers.containers = { frigate = { autoStart = true; - image = "ghcr.io/blakeblackshear/frigate:0.13.2"; + image = "ghcr.io/blakeblackshear/frigate:0.14.0"; ports = [ "1984:1984" # go2rtc - "5000:5000" # Frigate + "5000:5000" # Unauthenticated Frigate endpoint "8554:8554" # RTSP feeds "8555:8555/tcp" # WebRTC over tcp "8555:8555/udp" # WebRTC over udp + "8971:8971" # Authenticated Frigate endpoint ]; volumes = [ "/etc/localtime:/etc/localtime:ro" "${./config/config.yml}:/config/config.yml:ro" - "${pkgs.go2rtc}/bin/go2rtc:/config/go2rtc" "/data/frigate:/media/frigate" ]; extraOptions = [ diff --git a/machines/frigate/secrets.yaml b/machines/frigate/secrets.yaml index 2380c81..6723d4f 100644 --- a/machines/frigate/secrets.yaml +++ b/machines/frigate/secrets.yaml @@ -1,4 +1,5 @@ frigate: ENC[AES256_GCM,data:c83JfsPcB/lMiDjgq2Rsqr4oquHWyL9jlOxf4w/MFSxMLcx/u2Bw6WvsVCTYpN44Cy3mNZPJRa+T5X3Q8XjvQDVzIBo6dSBZ7nTZ3A9VOKhWtqcxvrWZdgkyb7GrsDrhy594DHOlBouo5JsGSb12ja3rAsl6lUA1xc5UV6V5cjlNgS1wHf4ZfutOSk3xP/Vq5tcXP6vFqQPofFmEb60BJ2DnLLdU7AVuxtHeY5uiA4DtsJVsdpaSq65EOm6PlpbhNbA53YBKMq2SXsQI636g8jb/SE1Zk2FWt8t8YqlVn/VIi7eG54dORxyX8fE=,iv:mRpO7d7RbOGIymRXtjMPDZKhPs16hqDC0CuAYKP7b1Y=,tag:ZD3sPd4n9X5DeqfuHdoOuQ==,type:str] +caddy-env: ENC[AES256_GCM,data:E4Lkeh6rGw/f0CU07QT3a9vpXM4OTy9BkQ+or/pKYH3FmbSIk/kEz8IUOOF8aKl5GjoHxvmf,iv:MWRvMQY1/kTnAFspAuJytjLoSs3NR4WYkPy6FCbd18A=,tag:nTk60BUWpxJiSSLP73FIUw==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +33,8 @@ sops: YkFoWUpBNGhMRUloYzYvMlhPalBnSTgKXUV6iEE5ZU0tlaAAMDg4hrJSCoUkLA/B 6WOwLvfq1/JTgyD58LVsJOqMJ8cqvG/4uHIcaHq17F9CFZykBprJqQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-06T14:55:31Z" - mac: ENC[AES256_GCM,data:FISkEbL1HWQ+Du5z4ueeGZuEmvXywU+Rj2WKm+V8xVBEPWa/7+JDi4a51m8u6//ikr5F2XluCYTF5LOPJWVY3oSVMvM6l4sOFBzSLpbnhGOsy+qGnHwJcYHjgLL/XFh9UFZ8j7K78tFnGAOikJCmZhBOrf+7w2VqJrF56dpkoas=,iv:o+FCQN+YjkJTjScVozw97IT/ZWjHovkCoh5iIWa9rgA=,tag:8FU/GpiJfdTfm/UHBd/GbA==,type:str] + lastmodified: "2024-08-14T12:50:35Z" + mac: ENC[AES256_GCM,data:uwhqZYteEABKUj3hdw3TZBZaxbnwNYqM240EEprJnnEiVUczGbICipp6MgAW05T4JXYoPRvf1ZSeUfciubHfbY5dwxuoA4kPbO60MropNDW3FiUGRp3iBLnNPnCZKrDS+p72dhmGdQs+ToyzzUhCwSXN0Kbm2vwR8jLwpuGrkhc=,iv:B/NFi+1+pDC68zwrC9NfqWkxzxrdwGr0LNfJZ6O2iAY=,tag:Fs+ooTYnWyexJDHnfcph8Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/machines/proxy/configuration.nix b/machines/proxy/configuration.nix index 0440f33..87950f0 100644 --- a/machines/proxy/configuration.nix +++ b/machines/proxy/configuration.nix @@ -27,7 +27,7 @@ } { externalHostname = "frigate.datarift.nl"; - proxyAddress = "frigate.barn-beaver.ts.net:5000"; + proxyAddress = "frigate.barn-beaver.ts.net:8971"; } { externalHostname = "minio.datarift.nl";