2026-05-22 21:08:50 +01:00
|
|
|
# services/frigate.nix — Local NVR with AI object detection
|
|
|
|
|
# Consumes go2rtc streams; no MQTT / Home Assistant dependency.
|
|
|
|
|
# Authentication delegated to Authelia by hijacking the /auth location
|
|
|
|
|
# that the upstream Frigate module bakes into every nginx location block.
|
|
|
|
|
{ config, lib, ... }:
|
|
|
|
|
{
|
|
|
|
|
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
|
|
|
|
|
|
|
|
|
|
services.frigate = {
|
|
|
|
|
enable = true;
|
|
|
|
|
hostname = "frigate.nordhammer.it";
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
mqtt.enabled = false;
|
2026-05-22 21:18:03 +01:00
|
|
|
auth.enabled = false;
|
2026-05-22 21:08:50 +01:00
|
|
|
|
|
|
|
|
cameras.kids_bedroom = {
|
|
|
|
|
enabled = true;
|
|
|
|
|
ffmpeg.inputs = [{
|
|
|
|
|
path = "rtsp://127.0.0.1:8554/kids_bedroom";
|
|
|
|
|
roles = [ "detect" "record" ];
|
|
|
|
|
}];
|
|
|
|
|
detect = {
|
|
|
|
|
enabled = true;
|
|
|
|
|
width = 1920;
|
|
|
|
|
height = 1080;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
record = {
|
|
|
|
|
enabled = true;
|
|
|
|
|
retain = {
|
|
|
|
|
days = 7;
|
|
|
|
|
mode = "motion";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
snapshots = {
|
|
|
|
|
enabled = true;
|
|
|
|
|
retain.default = 14;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."frigate.nordhammer.it" = {
|
|
|
|
|
useACMEHost = "nordhammer.it";
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
|
|
|
|
|
# The Frigate module puts `auth_request /auth` on every location.
|
|
|
|
|
# Override that internal /auth location to verify via Authelia
|
|
|
|
|
# instead of Frigate's built-in auth, so one login covers everything.
|
|
|
|
|
locations."/auth" = lib.mkForce {
|
|
|
|
|
proxyPass = "http://127.0.0.1:9091/api/verify";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
internal;
|
|
|
|
|
proxy_pass_request_body off;
|
|
|
|
|
proxy_set_header Content-Length "";
|
|
|
|
|
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
|
|
|
|
proxy_set_header X-Forwarded-Method $request_method;
|
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
proxy_set_header X-Forwarded-Host $http_host;
|
|
|
|
|
proxy_set_header X-Forwarded-Uri $request_uri;
|
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Redirect 401 → Authelia login portal
|
|
|
|
|
extraConfig = lib.mkAfter ''
|
|
|
|
|
error_page 401 =302 https://auth.nordhammer.it/?rd=$scheme://$http_host$request_uri;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# GPU access for hardware-accelerated ffmpeg decoding
|
|
|
|
|
users.users.frigate.extraGroups = [ "video" "render" ];
|
|
|
|
|
};
|
|
|
|
|
}
|