diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 9ad4709..8d5cbaa 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -25,6 +25,7 @@ in
     synapse-macaroon-secret-key.file = ../../secrets/synapse/macaroon_secret_key.age;
     syncthing-key.file = ../../secrets/fwminex/syncthing/key.pem.age;
     syncthing-cert.file = ../../secrets/fwminex/syncthing/cert.pem.age;
+    frigate.file = ../../secrets/frigate.age;
 
     ssh8022-server = {
       file = ../../secrets/ssh8022.age;
@@ -96,6 +97,16 @@ in
           DynamicUser = true;
         };
       };
+
+      frigate = {
+        preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/frigate/secrets.env";
+        serviceConfig = {
+          EnvironmentFile = [ "-/run/frigate/secrets.env" ];
+          RuntimeDirectory = "frigate";
+          LoadCredential = [ "secrets.env:${config.age.secrets.frigate.path}" ];
+        };
+      };
+
       caddy =
         let
           irc = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
@@ -313,6 +324,38 @@ in
       };
     };
 
+    nginx.defaultHTTPListenPort = 8081;
+    frigate = {
+      enable = true;
+      hostname =
+        let
+          fqdn = "${config.networking.hostName}.${config.networking.domain}";
+        in
+        "${myData.hosts.${fqdn}.jakstIP}";
+      settings = {
+        cameras = {
+          vno4-dome-panorama = {
+            enabled = true;
+            ffmpeg.inputs = [
+              {
+                path = "rtsp://frigate:{FRIGATE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=1&subtype=0";
+                roles = [ "record" ];
+              }
+            ];
+          };
+          vno4-dome-ptz = {
+            enabled = true;
+            ffmpeg.inputs = [
+              {
+                path = "rtsp://frigate:{FRIGATE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=2&subtype=0";
+                roles = [ "record" ];
+              }
+            ];
+          };
+        };
+      };
+    };
+
     nsd = {
       enable = true;
       interfaces = [
@@ -640,6 +683,7 @@ in
           tcp = with myData.ports; [
             80
             443
+            5000 # todo move to frigate
             soju
             soju-ws
             prometheus
diff --git a/secrets.nix b/secrets.nix
index 8bc803f..93cc6ce 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -60,6 +60,7 @@ in
 // mk ([ fwminex ] ++ motiejus) [
   "secrets/vaultwarden/secrets.env.age"
   "secrets/letsencrypt/account.key.age"
+  "secrets/frigate.age"
 
   "secrets/synapse/jakstys_lt_signing_key.age"
   "secrets/synapse/registration_shared_secret.age"
diff --git a/secrets/frigate.age b/secrets/frigate.age
new file mode 100644
index 0000000..28f6466
--- /dev/null
+++ b/secrets/frigate.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 fqSa6A aXTl9/eVo1//po7ho7M9WwpSCHUWv5Uo8zcrs1Enznk
+fAwVpZgv9DoL2uzFWvdFw9l9v6S1bR7fcyqBEljZZt4
+-> X25519 4NoEJwelSRBzUK+OGWLLDf3EbnLaJucbWk2nckt/ESk
+B5gh3iEpy45YyfI4qEqMkU3zoKXGd1HrOuyPVkBXlMw
+-> X25519 qHH3uvSN537zO+WuNj9t6j6BhjGIo0VHQNoHd97ObRg
+QmN19RCGQMSqERbMS+UQuACIdzBN5kzJaprb5ue97FY
+-> piv-p256 +y2G/w A0Nal5PuHunwQVL+PDdQVWVknlSylU97nThzeptZGmtp
+F9I+/Cy4KVdYUycvssH3+IxEMOMKfufttriOzUaOMIk
+-> piv-p256 jNqd3A Al3ecdj2FV9Kn+YHm4C4pWKXzNW+h2D/If1ErKOD7Bv/
+Hn7zBJKrV3B+9EgcDzcHk71HUzdQyhmy2Mmd5HYmRt8
+--- rgM5qHH4B757HiZaP4uTB24xxFWREPJMxj+YGwg2H08
+FbË’…oÍna§¯L@¯ïp¢P5jª˜Ýwz»°Ðìœ®µqàÐO|Göˆ?ã°T¡:/ˆ¦F&¬j]Bæàè¨ñ
+
\ No newline at end of file