motiejus/config
1
Fork 0
Code Packages Releases Activity

timelapse: change creds

Browse Source
This commit is contained in:
Motiejus Jakštys 2025-03-15 17:50:26 +00:00
parent 246c26ac2d
commit fc5fa4aa95
6 changed files with 104 additions and 43 deletions
hosts/fwminex
configuration.nix
modules/services
default.nix
frigate
default.nix
timelapse-r11
default.nix
secrets.nix
secrets
timelapse.age

7
hosts/fwminex/configuration.nix
View File

@ -27,6 +27,7 @@ in
syncthing-key.file = ../../secrets/fwminex/syncthing/key.pem.age;
syncthing-cert.file = ../../secrets/fwminex/syncthing/cert.pem.age;
frigate.file = ../../secrets/frigate.age;
timelapse.file = ../../secrets/timelapse.age;
r1-htpasswd = {
file = ../../secrets/r1-htpasswd.age;
owner = "nginx";
@ -503,6 +504,12 @@ in
secretsEnv = config.age.secrets.frigate.path;
};
timelapse-r11 = {
enable = true;
onCalendar = "*:0/5";
secretsEnv = config.age.secrets.timelapse.path;
};
immich = {
enable = true;
bindPaths = {

1
modules/services/default.nix
View File

@ -25,6 +25,7 @@
./syncthing
./syncthing-relay
./tailscale
./timelapse-r11
./vaultwarden
./wifibackup
];

43
modules/services/frigate/default.nix
View File

@ -30,31 +30,6 @@ let
done
'';
};
timelapseScript = pkgs.writeShellApplication {
name = "timelapse-r11";
runtimeInputs = with pkgs; [ ffmpeg ];
text = ''
set -x
NOW=$(date +%F_%T)
DATE=''${NOW%_*}
TIME=''${NOW#*_}
mkdir -p /var/lib/timelapse-r11/"''${DATE}"
EXITCODE=0
ffmpeg -hide_banner -y \
-rtsp_transport tcp \
-i "rtsp://frigate:''${FRIGATE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=2&subtype=0" \
-vframes 1 \
/var/lib/timelapse-r11/"''${DATE}"/"ptz-''${DATE}_''${TIME}.jpg" || EXITCODE=$?
ffmpeg -hide_banner -y \
-rtsp_transport tcp \
-i "rtsp://frigate:''${FRIGATE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=1&subtype=0" \
-vframes 1 \
/var/lib/timelapse-r11/"''${DATE}"/"panorama-''${DATE}_''${TIME}.jpg" || EXITCODE=$?
exit "$EXITCODE"
'';
};
in
{
options.mj.services.frigate = with lib.types; {
@ -64,17 +39,10 @@ in
config = lib.mkIf cfg.enable {
mj.base.unitstatus.units = [
"timelapse-r11"
"go2rtc"
"frigate"
];
systemd.timers.timelapse-r11 = {
#timerConfig.OnCalendar = "*-*-* 7..19:00/5 Europe/Vilnius";
timerConfig.OnCalendar = "*:0/5";
wantedBy = [ "timers.target" ];
};
systemd.services = {
go2rtc-prober = {
wantedBy = [ "multi-user.target" ];
@ -84,17 +52,6 @@ in
Restart = "always";
};
};
timelapse-r11 = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/timelapse-r11/secrets.env";
serviceConfig = {
ExecStart = lib.getExe timelapseScript;
EnvironmentFile = [ "-/run/timelapse-r11/secrets.env" ];
LoadCredential = [ "secrets.env:${cfg.secretsEnv}" ];
RuntimeDirectory = "timelapse-r11";
StateDirectory = "timelapse-r11";
DynamicUser = true;
};
};
go2rtc = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/go2rtc/secrets.env";
serviceConfig = {

69
modules/services/timelapse-r11/default.nix Normal file
View File

@ -0,0 +1,69 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.mj.services.timelapse-r11;
timelapseScript = pkgs.writeShellApplication {
name = "timelapse-r11";
runtimeInputs = with pkgs; [ ffmpeg ];
text = ''
set -x
NOW=$(date +%F_%T)
DATE=''${NOW%_*}
TIME=''${NOW#*_}
mkdir -p /var/lib/timelapse-r11/"''${DATE}"
EXITCODE=0
ffmpeg -hide_banner -y \
-rtsp_transport tcp \
-i "rtsp://timelapse:''${TIMELAPSE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=2&subtype=0" \
-vframes 1 \
/var/lib/timelapse-r11/"''${DATE}"/"ptz-''${DATE}_''${TIME}.jpg" || EXITCODE=$?
ffmpeg -hide_banner -y \
-rtsp_transport tcp \
-i "rtsp://timelapse:''${TIMELAPSE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=1&subtype=0" \
-vframes 1 \
/var/lib/timelapse-r11/"''${DATE}"/"panorama-''${DATE}_''${TIME}.jpg" || EXITCODE=$?
exit "$EXITCODE"
'';
};
in
{
options.mj.services.timelapse-r11 = with lib.types; {
enable = lib.mkEnableOption "enable timelapse-r11";
secretsEnv = lib.mkOption { type = path; };
onCalendar = lib.mkOption { type = string; };
};
config = lib.mkIf cfg.enable {
mj.base.unitstatus.units = [
"timelapse-r11"
];
systemd.timers.timelapse-r11 = {
timerConfig.OnCalendar = cfg.onCalendar;
wantedBy = [ "timers.target" ];
};
systemd.services.timelapse-r11 = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/timelapse-r11/secrets.env";
serviceConfig = {
ExecStart = lib.getExe timelapseScript;
EnvironmentFile = [ "-/run/timelapse-r11/secrets.env" ];
LoadCredential = [ "secrets.env:${cfg.secretsEnv}" ];
RuntimeDirectory = "timelapse-r11";
StateDirectory = "timelapse-r11";
DynamicUser = true;
};
};
};
}

12
secrets.nix
View File

@ -57,6 +57,18 @@ in
"secrets/motiejus_server_passwd_hash.age"
"secrets/root_server_passwd_hash.age"
]
//
mk
(
[
fwminex
vno3-nk
]
++ motiejus
)
[
"secrets/timelapse.age"
]
// mk ([ fwminex ] ++ motiejus) [
"secrets/vaultwarden/secrets.env.age"
"secrets/letsencrypt/account.key.age"

15
secrets/timelapse.age Normal file
View File

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 fqSa6A RaHedr8hIYY83BuNxRINc7AGQ0yDJi5xV4HWRGapMGQ
Mk1kgkNDk8+31Nx637PzlUcKyw8q3w2yVm248xl2QrM
-> ssh-ed25519 wPuT4Q qd3bj/9z+ecSCuH+j/a2FSssmtcWSLb+WkCRXKuTChg
EQli68ji83hHWXzvVBQiP1ACjLiWn1wmxirO4cwO7Ho
-> X25519 cTPqAPg5zSMhOvTQkDRlhOL+Pq313ufspUY1pDIKCjE
G9PAVK2L/YT2V6YNN5jl7TgAaTKvQzQJW3TRFKWdUlI
-> X25519 7RUfwNMxkzKJD3tb33Po1/bIfgYYK3IX0m1OnF2xEk8
IrmfivIAOYtbY4U1L47oGWcrS8+W+By3hcc/XM2npUs
-> piv-p256 +y2G/w AuJDqViqxav1CIegvrrGLoFMBeyxNPqpusBJYJOf928S
rXwF6MLf8DxnCLVMLGRt/50WHVmaqJWxTM4hdqu0yKk
-> piv-p256 jNqd3A AohNcJaL73Uv6JpkJ0GoR/QOcuSeelpgBVEItZU3ibrn
jaSdOtYF20Foimt8swq3BfB1RoQ6BTk8bKXbd7E7ycU
--- Q6+uCbwIC7YyPQJlyx30HytdbpWxww2kPplM22nVpKU
QœÊGqÁþëiÀ\rÓ”t/ù<>dùz{Þ“þ]ûã pþ'"qG© ë=$Ââ´¡@ÚÈtÉm <12>üÏF_¾#}