From 0b3322afdafd198ee286b7173407d760180626f2 Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Sat, 29 Jun 2024 10:13:03 -0600
Subject: [PATCH] First VLAN camera in frigate

---
 machines/storage/s0/home-automation.nix | 65 ++++++++++++++++++-------
 machines/storage/s0/properties.nix      |  1 +
 secrets/frigate-credentials.age         |  7 +++
 secrets/secrets.nix                     |  3 ++
 4 files changed, 58 insertions(+), 18 deletions(-)
 create mode 100644 secrets/frigate-credentials.age

diff --git a/machines/storage/s0/home-automation.nix b/machines/storage/s0/home-automation.nix
index 65ca49a..07b1749 100644
--- a/machines/storage/s0/home-automation.nix
+++ b/machines/storage/s0/home-automation.nix
@@ -7,25 +7,12 @@ let
     ffmpeg = {
       input_args = "";
       inputs = [{
-        path = address;
+        path = "http://${address}:8080";
         roles = [ "detect" "record" ];
       }];
 
       output_args.record = "-f segment -pix_fmt yuv420p -segment_time 10 -segment_format mp4 -reset_timestamps 1 -strftime 1 -c:v libx264 -preset ultrafast -an ";
     };
-    rtmp.enabled = false;
-    snapshots = {
-      enabled = true;
-      bounding_box = true;
-    };
-    record = {
-      enabled = true;
-      retain.days = 10; # Keep video for 10 days
-      events.retain = {
-        default = 30; # Keep video with detections for 30 days
-        mode = "active_objects";
-      };
-    };
     detect = {
       enabled = true;
       width = 800;
@@ -36,6 +23,25 @@ let
       track = [ "person" ];
     };
   };
+
+  mkDahuaCam = address: {
+    ffmpeg = {
+      inputs = [
+        {
+          path = "rtsp://admin:{FRIGATE_RTSP_PASSWORD}@${address}/cam/realmonitor?channel=1&subtype=0";
+          roles = [ "record" ];
+        }
+        {
+          path = "rtsp://admin:{FRIGATE_RTSP_PASSWORD}@${address}/cam/realmonitor?channel=1&subtype=1";
+          roles = [ "detect" ];
+        }
+      ];
+    };
+    detect.enabled = true;
+    objects = {
+      track = [ "person" "dog" ];
+    };
+  };
 in
 {
   networking.firewall.allowedTCPPorts = [
@@ -50,8 +56,29 @@ in
         enabled = true;
         host = "localhost:1883";
       };
+      rtmp.enabled = false;
+      snapshots = {
+        enabled = true;
+        bounding_box = true;
+      };
+      record = {
+        enabled = true;
+        # sync_recordings = true; # detect if recordings were deleted outside of frigate
+        retain = {
+          days = 2; # Keep video for 2 days
+          mode = "motion";
+        };
+        events = {
+          retain = {
+            default = 10; # Keep video with detections for 10 days
+            mode = "motion";
+            # mode = "active_objects";
+          };
+        };
+      };
       cameras = {
-        dahlia-cam = mkEsp32Cam "http://dahlia-cam.lan:8080";
+        dahlia-cam = mkEsp32Cam "dahlia-cam.lan";
+        dog-cam = mkDahuaCam "192.168.10.31";
       };
       # ffmpeg = {
       #   hwaccel_args = "preset-vaapi";
@@ -63,6 +90,10 @@ in
     };
   };
 
+  # Pass in env file with secrets to frigate
+  systemd.services.frigate.serviceConfig.EnvironmentFile = "/run/agenix/frigate-credentials";
+  age.secrets.frigate-credentials.file = ../../../secrets/frigate-credentials.age;
+
   # AMD GPU for vaapi
   systemd.services.frigate.environment.LIBVA_DRIVER_NAME = "radeonsi";
 
@@ -70,9 +101,7 @@ in
   services.udev.packages = [ pkgs.libedgetpu ];
   users.groups.apex = { };
   systemd.services.frigate.environment.LD_LIBRARY_PATH = "${pkgs.libedgetpu}/lib";
-  systemd.services.frigate.serviceConfig = {
-    SupplementaryGroups = "apex";
-  };
+  systemd.services.frigate.serviceConfig.SupplementaryGroups = "apex";
   # Coral PCIe driver
   kernel.enableGasketKernelModule = true;
 
diff --git a/machines/storage/s0/properties.nix b/machines/storage/s0/properties.nix
index c9e1e55..97ad622 100644
--- a/machines/storage/s0/properties.nix
+++ b/machines/storage/s0/properties.nix
@@ -11,6 +11,7 @@
     "pia"
     "binary-cache"
     "gitea-actions-runner"
+    "frigate"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
diff --git a/secrets/frigate-credentials.age b/secrets/frigate-credentials.age
new file mode 100644
index 0000000..e311903
--- /dev/null
+++ b/secrets/frigate-credentials.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 hPp1nw Chke1ZtpXxN1c1+AnJ6Cd5kpM1KfQKTwymrfPW53QCA
+jUcw8eitC7r0rwefjllndZjARIqpWoVqGCnefHfjQ6Y
+-> ssh-ed25519 w3nu8g KY/5bU1B5uvmfGHF2d6qBL1NYy64qo324rdvkgnXoDA
+OBvuFtzZXQ0RmmEXelyzHMMiVqZir7zQJMA36ZH2siE
+--- CSd7lYSYQ2fCTjkJLPGdaNGL8eVpE9IBEyFo0LW907M
+£³$šO†ÈIß/À//Êw*ƒ™õD¤@u5o[¼â:·äš¥t¾˜]Jñ쮸™@Ùhþu£Àk;?·XüÁHRº’Ñ°E5¥ÍçÜ9
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b13338e..ec994cb 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -54,4 +54,7 @@ with roles;
 
   # For ACME DNS Challenge
   "digitalocean-dns-credentials.age".publicKeys = server;
+
+  # Frigate (DVR)
+  "frigate-credentials.age".publicKeys = frigate;
 }