rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update go2rtc.nix

Browse source
This commit is contained in:
ediblerope 2026-01-21 11:25:18 +00:00 committed by GitHub
parent c7ae80e7f4
commit be79eec917
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 21 additions and 153 deletions
Download patch file Download diff file Expand all files Collapse all files

174
services/go2rtc.nix
View file

@ -1,161 +1,29 @@
{ config, pkgs, lib, ... }:
let
sops-nix = builtins.fetchTarball {
url = "https://github.com/Mic92/sops-nix/archive/master.tar.gz";
};
in
{
imports = [
"${sops-nix}/modules/sops"
];
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
virtualisation.oci-containers = {
backend = "docker";
containers."authelia" = {
image = "authelia/authelia:latest";
volumes = [
"/home/fred/docker/authelia/config.yml:/config/config.yml:ro"
"/home/fred/docker/authelia/secrets:/secrets:ro"
];
ports = [ "9091:9091" ];
extraOptions = "--restart unless-stopped";
};
# Configure sops
sops = {
defaultSopsFile = ../secrets/camera.yaml;
age.keyFile = "/var/lib/sops-nix/key.txt";
secrets = {
authelia_session_secret = { };
authelia_encryption_key = { };
authelia_jwt_secret = { };
camera_rtsp_url = { };
fredrik_password_hash = { };
kayla_password_hash = { };
};
};
virtualisation.oci-containers = {
backend = "docker";
containers."go2rtc" = {
image = "alexxit/go2rtc:latest";
ports = [ "1984:1984" ];
volumes = [
"/var/lib/go2rtc:/config"
];
extraOptions = [
#"--network=nginx-proxy-manager_default"
];
};
containers."authelia" = {
image = "authelia/authelia:latest";
ports = [ "9091:9091" ];
environment = {
TZ = "Europe/London";
};
volumes = [
"/var/lib/authelia:/config"
];
extraOptions = [
#"--network=nginx-proxy-manager_default"
];
};
};
systemd.tmpfiles.rules = [
"d /var/lib/go2rtc 0755 root root -"
"d /var/lib/authelia 0755 root root -"
];
# Generate go2rtc config with secrets
systemd.services.go2rtc-config = {
description = "Generate go2rtc config with secrets";
wantedBy = [ "docker-go2rtc.service" ];
before = [ "docker-go2rtc.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /var/lib/go2rtc
cat > /var/lib/go2rtc/go2rtc.yaml <<EOF
streams:
bedroom_cam:
- $(cat ${config.sops.secrets.camera_rtsp_url.path})
api:
listen: ":1984"
webrtc:
listen: ":8555"
EOF
'';
};
# Generate Authelia config with secrets
systemd.services.authelia-config = {
description = "Generate authelia config with secrets";
wantedBy = [ "docker-authelia.service" ];
before = [ "docker-authelia.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /var/lib/authelia
cat > /var/lib/authelia/configuration.yml <<EOF
---
theme: light
server:
address: 'tcp://0.0.0.0:9091/'
log:
level: info
authentication_backend:
file:
path: /config/users_database.yml
access_control:
default_policy: deny
rules:
- domain: camera.nordhammer.it
policy: one_factor
session:
secret: $(cat ${config.sops.secrets.authelia_session_secret.path})
cookies:
- domain: nordhammer.it
authelia_url: https://auth.nordhammer.it
expiration: 1h
inactivity: 5m
storage:
encryption_key: $(cat ${config.sops.secrets.authelia_encryption_key.path})
local:
path: /config/db.sqlite3
notifier:
filesystem:
filename: /config/notification.txt
identity_validation:
reset_password:
jwt_secret: $(cat ${config.sops.secrets.authelia_jwt_secret.path})
EOF
cat > /var/lib/authelia/users_database.yml <<EOF
---
users:
fredrik:
displayname: "Fredrik"
password: "$(cat ${config.sops.secrets.fredrik_password_hash.path})"
email: fredrik@nordhammer.it
groups: []
kayla:
displayname: "Kayla"
password: "$(cat ${config.sops.secrets.kayla_password_hash.path})"
email: kaylavds@hotmail.co.uk
groups: []
EOF
chmod 600 /var/lib/authelia/users_database.yml
'';
};
containers."go2rtc" = {
image = "blakeblackshear/go2rtc:latest";
volumes = [
"/home/fred/docker/go2rtc/config.yml:/config/config.yml:ro"
];
ports = [ "1984:1984" ];
extraOptions = "--restart unless-stopped";
};
};
};
}