# services/frigate.nix — Local NVR with AI object detection # Consumes go2rtc streams; no MQTT / Home Assistant dependency. # Authentication delegated to Authelia by hijacking the /auth location # that the upstream Frigate module bakes into every nginx location block. { config, lib, ... }: { config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { services.frigate = { enable = true; hostname = "frigate.nordhammer.it"; settings = { mqtt.enabled = false; # Delegate authentication to Authelia via reverse proxy headers. # The nginx /auth location sends requests to Authelia, which returns # Remote-User on success. Frigate picks this up via proxy header_map. auth.proxy.header_map.user = "Remote-User"; cameras.kids_bedroom = { enabled = true; ffmpeg.inputs = [{ path = "rtsp://127.0.0.1:8554/kids_bedroom"; roles = [ "detect" "record" ]; }]; detect = { enabled = true; width = 1920; height = 1080; }; }; record = { enabled = true; retain = { days = 7; mode = "motion"; }; }; snapshots = { enabled = true; retain.default = 14; }; }; }; services.nginx.virtualHosts."frigate.nordhammer.it" = { useACMEHost = "nordhammer.it"; forceSSL = true; # The Frigate module puts `auth_request /auth` on every location. # Override that internal /auth location to verify via Authelia # instead of Frigate's built-in auth, so one login covers everything. locations."/auth" = lib.mkForce { proxyPass = "http://127.0.0.1:9091/api/verify"; extraConfig = '' internal; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Forwarded-Method $request_method; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Uri $request_uri; proxy_set_header X-Forwarded-For $remote_addr; ''; }; # Redirect 401 → Authelia login portal extraConfig = lib.mkAfter '' error_page 401 =302 https://auth.nordhammer.it/?rd=$scheme://$http_host$request_uri; ''; }; # GPU access for hardware-accelerated ffmpeg decoding users.users.frigate.extraGroups = [ "video" "render" ]; }; }