motiejus/config
1
Fork 0
Code Packages Releases Activity

timelapse: change creds

Browse Source
This commit is contained in:
Motiejus Jakštys
2025-03-15 17:50:26 +00:00
parent 246c26ac2d
commit fc5fa4aa95
6 changed files with 104 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/fwminex/configuration.nix
View File

@@ -27,6 +27,7 @@ in
syncthing-key.file = ../../secrets/fwminex/syncthing/key.pem.age; syncthing-key.file = ../../secrets/fwminex/syncthing/key.pem.age;
syncthing-cert.file = ../../secrets/fwminex/syncthing/cert.pem.age; syncthing-cert.file = ../../secrets/fwminex/syncthing/cert.pem.age;
frigate.file = ../../secrets/frigate.age; frigate.file = ../../secrets/frigate.age;
timelapse.file = ../../secrets/timelapse.age;
r1-htpasswd = { r1-htpasswd = {
file = ../../secrets/r1-htpasswd.age; file = ../../secrets/r1-htpasswd.age;
owner = "nginx"; owner = "nginx";
@@ -503,6 +504,12 @@ in
secretsEnv = config.age.secrets.frigate.path; secretsEnv = config.age.secrets.frigate.path;
}; };
timelapse-r11 = {
enable = true;
onCalendar = "*:0/5";
secretsEnv = config.age.secrets.timelapse.path;
};
immich = { immich = {
enable = true; enable = true;
bindPaths = { bindPaths = {

1
modules/services/default.nix
View File

@@ -25,6 +25,7 @@
./syncthing ./syncthing
./syncthing-relay ./syncthing-relay
./tailscale ./tailscale
./timelapse-r11
./vaultwarden ./vaultwarden
./wifibackup ./wifibackup
]; ];

43
modules/services/frigate/default.nix
View File

@@ -30,31 +30,6 @@ let
done done
''; '';
}; };
timelapseScript = pkgs.writeShellApplication {
name = "timelapse-r11";
runtimeInputs = with pkgs; [ ffmpeg ];
text = ''
set -x
NOW=$(date +%F_%T)
DATE=''${NOW%_*}
TIME=''${NOW#*_}
mkdir -p /var/lib/timelapse-r11/"''${DATE}"
EXITCODE=0
ffmpeg -hide_banner -y \
-rtsp_transport tcp \
-i "rtsp://frigate:''${FRIGATE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=2&subtype=0" \
-vframes 1 \
/var/lib/timelapse-r11/"''${DATE}"/"ptz-''${DATE}_''${TIME}.jpg" || EXITCODE=$?
ffmpeg -hide_banner -y \
-rtsp_transport tcp \
-i "rtsp://frigate:''${FRIGATE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=1&subtype=0" \
-vframes 1 \
/var/lib/timelapse-r11/"''${DATE}"/"panorama-''${DATE}_''${TIME}.jpg" || EXITCODE=$?
exit "$EXITCODE"
'';
};
in in
{ {
options.mj.services.frigate = with lib.types; { options.mj.services.frigate = with lib.types; {
@@ -64,17 +39,10 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
mj.base.unitstatus.units = [ mj.base.unitstatus.units = [
"timelapse-r11"
"go2rtc" "go2rtc"
"frigate" "frigate"
]; ];
systemd.timers.timelapse-r11 = {
#timerConfig.OnCalendar = "*-*-* 7..19:00/5 Europe/Vilnius";
timerConfig.OnCalendar = "*:0/5";
wantedBy = [ "timers.target" ];
};
systemd.services = { systemd.services = {
go2rtc-prober = { go2rtc-prober = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@@ -84,17 +52,6 @@ in
Restart = "always"; Restart = "always";
}; };
}; };
timelapse-r11 = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/timelapse-r11/secrets.env";
serviceConfig = {
ExecStart = lib.getExe timelapseScript;
EnvironmentFile = [ "-/run/timelapse-r11/secrets.env" ];
LoadCredential = [ "secrets.env:${cfg.secretsEnv}" ];
RuntimeDirectory = "timelapse-r11";
StateDirectory = "timelapse-r11";
DynamicUser = true;
};
};
go2rtc = { go2rtc = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/go2rtc/secrets.env"; preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/go2rtc/secrets.env";
serviceConfig = { serviceConfig = {

69
modules/services/timelapse-r11/default.nix Normal file
View File

@@ -0,0 +1,69 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.mj.services.timelapse-r11;
timelapseScript = pkgs.writeShellApplication {
name = "timelapse-r11";
runtimeInputs = with pkgs; [ ffmpeg ];
text = ''
set -x
NOW=$(date +%F_%T)
DATE=''${NOW%_*}
TIME=''${NOW#*_}
mkdir -p /var/lib/timelapse-r11/"''${DATE}"
EXITCODE=0
ffmpeg -hide_banner -y \
-rtsp_transport tcp \
-i "rtsp://timelapse:''${TIMELAPSE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=2&subtype=0" \
-vframes 1 \
/var/lib/timelapse-r11/"''${DATE}"/"ptz-''${DATE}_''${TIME}.jpg" || EXITCODE=$?
ffmpeg -hide_banner -y \
-rtsp_transport tcp \
-i "rtsp://timelapse:''${TIMELAPSE_RTSP_PASSWORD}@192.168.188.10/cam/realmonitor?channel=1&subtype=0" \
-vframes 1 \
/var/lib/timelapse-r11/"''${DATE}"/"panorama-''${DATE}_''${TIME}.jpg" || EXITCODE=$?
exit "$EXITCODE"
'';
};
in
{
options.mj.services.timelapse-r11 = with lib.types; {
enable = lib.mkEnableOption "enable timelapse-r11";
secretsEnv = lib.mkOption { type = path; };
onCalendar = lib.mkOption { type = string; };
};
config = lib.mkIf cfg.enable {
mj.base.unitstatus.units = [
"timelapse-r11"
];
systemd.timers.timelapse-r11 = {
timerConfig.OnCalendar = cfg.onCalendar;
wantedBy = [ "timers.target" ];
};
systemd.services.timelapse-r11 = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/secrets.env /run/timelapse-r11/secrets.env";
serviceConfig = {
ExecStart = lib.getExe timelapseScript;
EnvironmentFile = [ "-/run/timelapse-r11/secrets.env" ];
LoadCredential = [ "secrets.env:${cfg.secretsEnv}" ];
RuntimeDirectory = "timelapse-r11";
StateDirectory = "timelapse-r11";
DynamicUser = true;
};
};
};
}

12
secrets.nix
View File

@@ -57,6 +57,18 @@ in
"secrets/motiejus_server_passwd_hash.age" "secrets/motiejus_server_passwd_hash.age"
"secrets/root_server_passwd_hash.age" "secrets/root_server_passwd_hash.age"
] ]
//
mk
(
[
fwminex
vno3-nk
]
++ motiejus
)
[
"secrets/timelapse.age"
]
// mk ([ fwminex ] ++ motiejus) [ // mk ([ fwminex ] ++ motiejus) [
"secrets/vaultwarden/secrets.env.age" "secrets/vaultwarden/secrets.env.age"
"secrets/letsencrypt/account.key.age" "secrets/letsencrypt/account.key.age"

15
secrets/timelapse.age Normal file
View File

@@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 fqSa6A RaHedr8hIYY83BuNxRINc7AGQ0yDJi5xV4HWRGapMGQ
Mk1kgkNDk8+31Nx637PzlUcKyw8q3w2yVm248xl2QrM
-> ssh-ed25519 wPuT4Q qd3bj/9z+ecSCuH+j/a2FSssmtcWSLb+WkCRXKuTChg
EQli68ji83hHWXzvVBQiP1ACjLiWn1wmxirO4cwO7Ho
-> X25519 cTPqAPg5zSMhOvTQkDRlhOL+Pq313ufspUY1pDIKCjE
G9PAVK2L/YT2V6YNN5jl7TgAaTKvQzQJW3TRFKWdUlI
-> X25519 7RUfwNMxkzKJD3tb33Po1/bIfgYYK3IX0m1OnF2xEk8
IrmfivIAOYtbY4U1L47oGWcrS8+W+By3hcc/XM2npUs
-> piv-p256 +y2G/w AuJDqViqxav1CIegvrrGLoFMBeyxNPqpusBJYJOf928S
rXwF6MLf8DxnCLVMLGRt/50WHVmaqJWxTM4hdqu0yKk
-> piv-p256 jNqd3A AohNcJaL73Uv6JpkJ0GoR/QOcuSeelpgBVEItZU3ibrn
jaSdOtYF20Foimt8swq3BfB1RoQ6BTk8bKXbd7E7ycU
--- Q6+uCbwIC7YyPQJlyx30HytdbpWxww2kPplM22nVpKU
Q<><51>Gq<47><71><EFBFBD>i<EFBFBD>\rӔt/<2F><>d<EFBFBD>z{ޓ<>]<5D><14> p<>'"qG<71> <0C>=$U<><18>ⴡ@<40><>tɂm <12><><EFBFBD>F_<46>#}