From 1a8b85aedcb1a4674bbeac7f00b6fb2253483c8c Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Sun, 11 Jan 2026 17:43:24 -0800 Subject: [PATCH 1/2] test --- modules/nixos/services/frigate/default.nix | 146 +++++++++++---------- secrets/cf_dns_kilonull.age | 38 +++--- secrets/frigate_env.age | 13 ++ secrets/frigate_mqtt.age | 24 ++-- secrets/gitea-runner-gospel.age | 21 +-- secrets/hass_mqtt.age | 27 ++-- secrets/hydra-aws-creds.age | 24 ++-- secrets/nextcloud_admin.age | 26 ++-- secrets/nextcloud_restic_env.age | 23 ++-- secrets/nextcloud_restic_password.age | 25 ++-- secrets/nextcloud_restic_repo.age | 22 ++-- secrets/secrets.nix | 4 + secrets/teslamate_db.age | 22 ++-- secrets/teslamate_encryption.age | 23 ++-- secrets/teslamate_mqtt.age | 31 ++--- secrets/zigbee2mqtt_creds.age | 24 ++-- secrets/zigbee2mqtt_mqtt.age | 23 ++-- 17 files changed, 272 insertions(+), 244 deletions(-) create mode 100644 secrets/frigate_env.age diff --git a/modules/nixos/services/frigate/default.nix b/modules/nixos/services/frigate/default.nix index 868dbcf..a19e0c7 100644 --- a/modules/nixos/services/frigate/default.nix +++ b/modules/nixos/services/frigate/default.nix @@ -45,82 +45,90 @@ in }; }; - config = - let - setEnvVars = '' - export FRIGATE_MQTT_PASSWORD=$(cat ${config.age.secrets.frigate_mqtt.path}) - ''; - in - lib.mkIf cfg.enable { - age.secrets.frigate_mqtt.file = ../../../../secrets/frigate_mqtt.age; + config = lib.mkIf cfg.enable { + age.secrets.frigate_env = { + file = ../../../../secrets/frigate_env.age; + owner = "frigate"; + }; - systemd.services.frigate.preStart = setEnvVars; - services.frigate.preCheckConfig = setEnvVars; + # systemd.services.frigate.preStart = setEnvVars; + # systemd.services.frigate.serviceConfig = { + # EnvironmentFile = config.age.secrets.frigate_env.path; + # }; + services.frigate.preCheckConfig = '' + ls ${config.age.secrets.frigate_env.path} + source ${config.age.secrets.frigate_env.path} + ''; - services.frigate = { - enable = true; - hostname = cfg.hostname; - settings = { - # Basic Frigate configuration - mqtt = { - enabled = true; - host = "192.168.113.42"; - port = 1883; - user = "frigate"; - password = "{FRIGATE_MQTT_PASSWORD}"; - }; + services.frigate = { + enable = true; + hostname = cfg.hostname; + settings = { + # Basic Frigate configuration + mqtt = { + enabled = true; + host = "192.168.113.42"; + port = 1883; + user = "frigate"; + password = "{FRIGATE_MQTT_PASSWORD}"; + }; - # TLS terminated at reverse proxy (nginx) - tls.enabled = false; + # TLS terminated at reverse proxy (nginx) + tls.enabled = false; - go2rtc.streams = { - video_doorbell = [ - "ffmpeg:http://reolink_ip/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=username&password=password#video=copy#audio=copy#audio=opus" - "rtsp://username:password@reolink_ip/Preview_01_sub" - ]; - video_doorbell_sub = [ - "ffmpeg:http://reolink_ip/flv?port=1935&app=bcs&stream=channel0_ext.bcs&user=username&password=password" - "rtsp://username:password@reolink_ip/Preview_01_sub" - ]; - }; - go2rtc.webrtc.candidates = [ - "192.168.113.69:8555" - # "gospel:8555" + go2rtc.streams = { + video_doorbell = [ + "ffmpeg:http://reolink_ip/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=username&password=password#video=copy#audio=copy#audio=opus" + "rtsp://username:password@reolink_ip/Preview_01_sub" + ]; + video_doorbell_sub = [ + "ffmpeg:http://reolink_ip/flv?port=1935&app=bcs&stream=channel0_ext.bcs&user=username&password=password" + "rtsp://username:password@reolink_ip/Preview_01_sub" ]; - - cameras = { - video_doorbell.ffmpeg.inputs = [ - { - - path = "rtsp://127.0.0.1:8554/video_doorbell"; - input_args = "preset-rtsp-restream"; - roles = [ "record" ]; - } - - { - path = "rtsp://127.0.0.1:8554/video_doorbell_sub"; - input_args = "preset-rtsp-restream"; - roles = [ "detect" ]; - } - ]; - }; }; - }; - - services.nginx = { - enable = true; - virtualHosts.${cfg.hostname} = lib.mkIf (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; - }; - - networking.firewall = lib.mkIf cfg.openFirewall { - allowedTCPPorts = [ - 80 - 443 - 855 + go2rtc.webrtc.candidates = [ + "192.168.113.69:8555" + # "gospel:8555" ]; + + cameras = { + video_doorbell.ffmpeg.inputs = [ + { + + path = "rtsp://127.0.0.1:8554/video_doorbell"; + input_args = "preset-rtsp-restream"; + roles = [ "record" ]; + } + + { + path = "rtsp://127.0.0.1:8554/video_doorbell_sub"; + input_args = "preset-rtsp-restream"; + roles = [ "detect" ]; + } + ]; + }; }; }; + + services.nginx = { + enable = true; + virtualHosts.${cfg.hostname} = { + locations."/ws" = { + proxyWebsockets = true; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; + }; + + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [ + 80 + 443 + 855 + ]; + }; + }; } diff --git a/secrets/cf_dns_kilonull.age b/secrets/cf_dns_kilonull.age index d059d98..2ac51fa 100644 --- a/secrets/cf_dns_kilonull.age +++ b/secrets/cf_dns_kilonull.age @@ -1,21 +1,21 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyA3bWYy -TlUyVkx3M3NhMkxvbFZQYlo5RXhhNEQvVzFpSE0raUJ0ZGw4QTI0CkFQNVRod3FY -RUJFaDBOWW9VdE83blF1WWhwa3pvRFJweDZoaGRqcWpLOTQKLT4gc3NoLWVkMjU1 -MTkgekJMRFpnICtib0xyY2drRGtEREREQ3ZEYStkWm8vODQrdmZzdEpwTkcxR0hp -dXdnbmcKa29CSGNYWmVFR2lTWGNYM2dpTkJQc014R0hjc2NKMkIwYm9xYyt3MjRx -MAotPiBzc2gtZWQyNTUxOSB0NVhJR0EgSHFCS21pdklRM0srSkJRQnJhMndJL0ps -Sk1DK3YrQ1ZMQlNyZ2Y4VW9CMApYektxOFVYVWxxRjcwa0hwSFRwdkZLZWVRL2Jr -MnJZem9nanc4K1JVVWQ4Ci0+IHNzaC1lZDI1NTE5IDVGU2UwQSA1ZGpPcUZhL0lI -eHNzVE9jL3g1cFptSXMyMkFNWlFycnJmNzJ4RzQ5QUVNCk40Q3FSVlc4RWwxOHl2 -bWliQ0YwMlViM3R4QXh2a2E0U0oyKy93OUhlTlUKLT4gcGl2LXAyNTYgVUlFR3pn -IEF4NUZGRW5rT3N2T1VZTkNXcGQxOGYwVFpBcGFXcTVzdmRtMUlHUDZsTWZMCjlh -V1BiSE5yZjF4Zlh4bndXbENLanQxZVBOYjZmSUhPeEtLd3pub3FZcG8KLT4gcSpv -Z1IhLWdyZWFzZSBrLitaCk1zbmVIdC9IT2MveG9IaTRIV0dPMCtCMVdLN1RYOXRE -eGZ2R2pwRGJKL2RLRDJXK2x0TWpXSERUSWtoWnJ4alAKSWM5NllFcXRYdHhNCi0t -LSBNc05sd2VrSFVGUE5rRHpyODhQSkZzNUFvanZUQTJoQUxsVlV4TkNTZEdrChyk -5LZcitWFp6uxHbKTllvmSSxlbmQXJN2aSrd3AsulUx6QzIV7SiHx2mO/sd2mU7ME -bMpkCUpQhr4AM7Uljak2fG8t/hQln2NavYOVn6r92fgsgcYKaXP/229t6u4dwbo5 -2kr4iBsYS/ckqJt1VQPKfeJ6d8hiGG/MmQb1KOJKZccvtntQxf/WMC+qcn1BLlyq -ZWbKTdksNBz4Dq+K1b52H2HYIw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyB5NHdX +MUdMV2ZnSjRKMHgzUUxycnlTRDE1TjloTHhTNlNnZ0FPVDl3SVZRCkI3K0I1TDN6 +Z1l5YW5PUGV4VDFRRGJjeXA3L0JWV1Z3a293ak03R25oaTgKLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIFNxa0NHK0tQV1R0a3luQmk1NGg0MWNFQ3R2bitNVms0RXdXeThG +eGFtRlEKOFlncVZDQ0Y2YStyUTd3TFVoSWNKYnlyZ2E3M09Vak5scG1xdGdZWG5O +bwotPiBzc2gtZWQyNTUxOSB0NVhJR0EgOFo2Q0VOQVBJbEk1Vm5NTUpTcmFNSzc4 +dWkvZVdZMTUrcWE3Tkc5eEhCRQphcm1NVFY0LzNNM1ZhcWE3RFhLbTl3aDIydmVW +Tzc5SVVhU1pmMXo5RWhjCi0+IHNzaC1lZDI1NTE5IDVGU2UwQSBHL0Zvc3dPRmZu +WnNuMGxqRTIrUnA2TVlUL1FBRGJUTE5HaURqemgxVXcwCkhVVmNRMk9URlB0aFND +cHFYOHE5NzBCSnRFRmFnT293MmpWZGFZV0dJWncKLT4gcGl2LXAyNTYgVUlFR3pn +IEFuMHdwditJSUFsUmFhaTdsZzNmMVNyaE5lLzMxK2daaCt4U2g2QUdTQXVjCitW +OUs4ZmFGTTNObmp6TDRBNzk2V3NSSFFpQW1KOUI4bmExaDY2M2ZYTU0KLT4gQFF4 +Pk0tZ3JlYXNlIExXJV0gMyA6X0FPVH1MYAptTTBoWFJ2SG91T0IwZkpXOU11ZHF5 +Z1F5SWZxTHZjMXEwTWFjS0hyUGpCeFduWEVCbnFEOEcwcFVYMHVGNEx0CnZOa3B5 +UUlkdzRSVVV6NHpsUjdMCi0tLSBVd2psSXdsM0FhZHJqMnNiOEY3emk4VkNxNEJN +S1lzNXd0U0FZWlE0QitJCu05VYCZ3EnnYcf0EbUWuyvQO2XRquC1mw1zRaDqKuWm +nHOLOwZnMp64zMznS0oeeXsxYMsBtrlnxTQSgsyOfX5fWJrg8Ad/LgpIakx4bU/9 +goWYjKM21+Rv8kQpRFzMRRH+TG8CkQAcRGTrgk9JSNHuCq+JJLohHWj8EaUq+6TA +LYYDokWn508Mswo1KJ67EjvCD5rLcfVGyKdKQzwBNW3HtgwmFQ== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/frigate_env.age b/secrets/frigate_env.age new file mode 100644 index 0000000..d233e3c --- /dev/null +++ b/secrets/frigate_env.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBWZ0Z5 +WUJvUStPNTdySWhLVkFac3JhZ3NMTEFVb1M2UDNvNXFmOCtzaFFrCjE1anMwTFZp +SlNWS1hWVE1EM1IwbE1LOGw3UzNUZUZLN2UvODhZdVpaUm8KLT4gcGl2LXAyNTYg +VUlFR3pnIEFyNXgrMURJYVZ3bkdpeGg2ZzlNNk9ZQ0dOUWZMQkk2KzRmeHFLcEQv +VXdnCkZHNkxqbTZtaE5sNnYySVVOUFJYUkd4NFhlakZCSmFyWVI0eXBqMXc0RGcK +LT4gSEUycTctZ3JlYXNlIEp9WVggZGotUWBNClVjb3FNcm0xeWMya3A4azI4Rmo1 +SHdnSXprSEJaMk1sbnFZNFNWWVNldFI2VXl0TzRiMzFqSzNrdW4rbitWUkUKZnll +QnpXWktGY0xpQS9YVVBmVnVCVEtibndJczRuTEhldwotLS0gQjVicE5PTG9Hb1B5 +eExCbXRpZGxSY2FFdHJCL2tDMlllRVNyQ0R3eWdBdwpJ998RrWDjSZjOJdy2F2LV +FE4WLC+mBh5YQDK8b9yLcFT3SIfLpT9BNTAwP3UQhZ8WrNY7T3dWzMLxA2pzVzKs +Jqsosj4BUWvW +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/frigate_mqtt.age b/secrets/frigate_mqtt.age index dd586cf..29a68a2 100644 --- a/secrets/frigate_mqtt.age +++ b/secrets/frigate_mqtt.age @@ -1,15 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSBKQWc1 -V3l2Z1dzbDY3a3J5ZEkrNG1BWE0yN29kS2c0dys3ZWlCSDh4RzNJCnJlclQ4QzFL -elczZ29raXJMRTdhdTUzdzdvdEhCV2oycTVKQ0dSNlBhVUEKLT4gc3NoLWVkMjU1 -MTkgekJMRFpnIFRTd3ZIenZ6K25CQnRWL2pMajJVQ1U5NDNDemNIZ0E3cVFKRy8v -RzhyaW8KeTJYYjRRNzFpdXE5eTJYRW9wSTVoM09SS0h2aXlySHFFLzJDbXBSc1JI -OAotPiBwaXYtcDI1NiBVSUVHemcgQXlGVHJuU09EM2FUSDFpZy9pTEdqQWltL1Jl -aWpHMWRJbHFkSWZCWWdjRXUKRDRkV3pDY3lmRzNCaGtrL0ZtMFdWdXVySHdZS0ln -SjNtdEFrQzlLTUVsWQotPiBnVDRmLWdyZWFzZSBUOF1nbXdweiB3b1k5IF58aiNH -PQowQTRsWDFlVXFSbkZnZmJDczNLZ284b29JVFFRSmJzOGpNNDJTQlpJTEkvUjAx -cFlrcVErQlN3eHhzWERtWDRYCkJPQ21BL3dGUVF5NGlkcC9xdVV5WDk3UTZwclFk -ZEJEUmN4QWxiTDUzdlREY3BpZTdvTWhLZwotLS0gaEw0UmVPalVXVHRzOUxLUDh4 -bWpEeUtIN0gxRU54VldNeE9NRCtCTVd2QQrgAsqGfYSyORhEGrgkGS19MkXP8Xfc -GIaAcpDywO9MOi2BTUmlfqnRZkexRxQkKijc +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSBQK1Jx +a3E3QlgzSlBFNmtnaTN1cjFjYjJWWWcyK1ROdzlKT0t4WjZKbjNNCmI0WGo5Rmdw +Mkgwa2tHczI2ZHQrNFdaSDdHSmxIYkZxQkxqT0NuNlFJZm8KLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIFQrNHEreWpSalYreHp0SloxaGl1RUlIVFVPUWxqQmR0ZFN0NFNE +MkdoalkKQkE4Ynl0d29UUnF2RWhsRllTdTRSQVdxQlVBc1Z5N2FLbXp4VmUxd0JW +SQotPiBwaXYtcDI1NiBVSUVHemcgQTNFNVVZaUpUTFJkdXZISGFhRXRmZnd2STJW +VXI3YjVEMERGZzF0K1htZ0QKTnhFaDMwUTUyWHJ3ZFdLZTZFaXpSdHp0S2prYjhZ +d0NETjJwMkg1enVmSQotPiBiXkxPWy1ncmVhc2UgXHNQIDZmNTRHIXwgKD4gVysK +b1pwZ1pGak1VQQotLS0gU29WUXlydnh5aUdrb0pFLzZtSjBPdTFhSXZlYjZSNVAx +bzJobS9oQTZzWQq3Ubyk0W4w21+fLUj1l49DnJYyz6T2Bl4yVpb3rjOi9OfiUiJ0 +fyJjHMuSfuipb25h -----END AGE ENCRYPTED FILE----- diff --git a/secrets/gitea-runner-gospel.age b/secrets/gitea-runner-gospel.age index b174b0e..b5dbdb9 100644 --- a/secrets/gitea-runner-gospel.age +++ b/secrets/gitea-runner-gospel.age @@ -1,12 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyArTXZT -TE1pM0NDZ21Kb3NaSzBQT2dpQmxxK1BlU2tSb2IvbUx2U1FHSHhzCmRna29UalVK -ZDVCY0NNRTM1b2dUMnp4a2RvNnJoVFd2a3pONlNCSFg4d0kKLT4gcGl2LXAyNTYg -VUlFR3pnIEFodjhUand6MUtRTVlFb050NEdRUE1BdU5SUkFwTUp6WFR5ZTJhY3hC -S3VDCkdmNUZ6YnU0ZEhQVW96UTByd2VaUmRkYytQZ3NPeXFKd1MvTzVZRkxiVFEK -LT4gYS1ncmVhc2UgfXYzbn0gK1dJOVYpMCB2ZXxxfiVCIQpteDdWT0lnUjF1R3dB -QjFuaUdXTHF6TW1ubDhNaVpKc2xlak4KLS0tIDZyNE1rVjUvZGF4Nkk3aHpBTCsv -N3E3dDFpWWRqSVRVTUx2Nk53SEluUVEKe9Uesb/nSc2oFhGpQOI7VSPKZHF/QhhQ -mV5eAn4YVL8UrMcnQKTOXj633cpLsMgbRDF/oh22Zl2ciNLiAcPkbug1Yg6NvxUF -M+71rzVolw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBoaU4y +YUk4NThNeVgrWjJGWUphQ3V6STBodWZlV1k5ZFZXUERySE5XN1RBCm9XK2QxaHpS +OTR0ZVQ0WFpSdFlHMWRCMUVYcUFMY1NNUjM1eFMwNlNEcHcKLT4gcGl2LXAyNTYg +VUlFR3pnIEFsVXVxRVZOdHlsZXVPeFZTeGZsN0gyTmVSaVk3TXR5VHI4WjcyNGdp +OHNDCmMzc1dHRW9jWGNOS09LTC82dDRUcVdJaWt1TllVN2E0Q0lmK1pORlNmUUUK +LT4gM3VILWdyZWFzZSA3XSBUUSBhCjJQbXZ3ZHdkUEVNTWFaMVhQSklMcDAvWDUv +QzhvZllUSHlJV3JpWUFCNCtvV2lyZ0lmWng3bUZCOXF0eUU0Uy8KR2liMTh3bTly +UC9ZeDE5ZkQyTjFzR3Z3TlZ5L1R1ZzRkdDM1OFpjVlVIOVRaZkNzV2JwMlJMKzZn +NlU4T2NINQoKLS0tIEdGenRQUjNNVTJJbGFHUjZlS0p6NFFCUTZhWkFBVE5QSm01 +OVhSNFNpemcKqxMRt15zFO1fMsTMqs7Xr3haXeiTkJh0esVUYSBpeN8a2y8HU0hD +biVqK7FjCEGcI5LwDqjz3sHsHji1ph4E+NHhH8T9CPbkOzqOVWV2DQ== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hass_mqtt.age b/secrets/hass_mqtt.age index de36c07..4536bb0 100644 --- a/secrets/hass_mqtt.age +++ b/secrets/hass_mqtt.age @@ -1,16 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSBWQWRo -Zkdhb2ZoZy94L0dHck92Uis5WjV5LzZjaDcvUzd6dXM2cmwzb3prCmsyTmdsaEdj -eFBWcm9ycnQwUFVJWEl2QW0raW1lNnlGRlM4UThlWHJkbmcKLT4gc3NoLWVkMjU1 -MTkgWWs3ZWhnIC92dHR2N2ZRY1JSWUExajN2QmNDQWduWHhoU0tDNS8wdkkyM1Uw -THgwemcKTVB0TGhQS09MekozMGZzWS9KakxyZnZrOXdnN01GN3dqRkVUMk1LemRz -TQotPiBzc2gtZWQyNTUxOSB6QkxEWmcgcloyb3BBU0pHRlM0aEZ5SzJhZTFGNmRj -a2gxdlZsQ1JKVXZ5RDV2MTVWTQpOYzhBRmh4dDRUeW94bzVzQ09OVHM0M0tYaWN3 -aVhvZ0JsWVlGcUt2VjFJCi0+IHBpdi1wMjU2IFVJRUd6ZyBBNTM5QnVKM29tcUMr -NGZQVnpzZ1p4aitQeDV0WndJSVVDSFVmbFlZN2pyZApqWFJOSVVtd1NqRm1uMVM5 -a3k4Nmh5TUlVdnA1Nk1UTzVwdDdveThYL1NVCi0+IGIjNVN8LWdyZWFzZSB2IGl0 -dnJnIHMhKT9RfDw/CmxIckk4VkE0MEpnbXROSkpZUndWZ2FKeXI2dwotLS0gZm8x -QjhGWjdqZktYUHNoUjVnVzZqYWdoUHVwcWZUQWtMQUUzYzY3dkVnQQpktskBEaeC -5KipEBhAEuAGDO5MmzobjS61UHrrOKQVCYg3WTJ7o7kATiaf/zXF5cj+WpHaMZ2Y -bOH/aTLa5mkQXw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSBWMWYy +K292YnpZZVQzbVI0aHFEbzNMdk11aDk0cEtxNFF6SjZTRjBNYmdrCjhxb1E0TEVV +WDN5M2NjVk9wVlFRM3ZmZ1QzNDNhZGk4UmRsN3dCaUxua1kKLT4gc3NoLWVkMjU1 +MTkgWWs3ZWhnIEljYzg5ZU1tTkhNQm1jckNLRmxCWTM1bmRZOHZXSFdTbFNUQ0xO +ek9KVDQKbUtVR1crZjdrbXhaK2tmanZwUGtRVHNLSjhaZG9LbnRZdEYyTlJnNVI0 +dwotPiBzc2gtZWQyNTUxOSB6QkxEWmcgUVZjY21ueFp3Rkl1RTBqWHJOeUJWSXRr +WnFsQUdKZkllMkV3UmJOYmpWOAp1bnN3NHN3S1VDNEtNUTBhSkVFNW5uZzU5SUJj +M0VUWDFqNEN1YzkyRzlZCi0+IHBpdi1wMjU2IFVJRUd6ZyBBNVFTTzFLL280NHVl +YjhwTXV2MTJHZ1A0RWJzUENuTlM1bzJIZHhLTmk0egp2VnhJckhPWGJ3NC9BVDBq +Wll4UVVCS24ydlZZcW9BRVZ3WEVEa1VmTjgwCi0+IDQtZ3JlYXNlIHZtayIgLgow +K1ZCekVic09jMjgKLS0tIE9IQnoxRFRTWkFubHEzUDJtdEFlNGNDTHBlWWc2czBU +UjNYNmRMUTdTSDAKBe/dJMmg6ATtra+XuNDbQNRtiQIxlGRE/1pztN1freayLMkX +nLzIkQ6bcLf/SmnwVxYNdft/zQYagHi/78NAf6A= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hydra-aws-creds.age b/secrets/hydra-aws-creds.age index 1be97a4..a2df307 100644 --- a/secrets/hydra-aws-creds.age +++ b/secrets/hydra-aws-creds.age @@ -1,14 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBtWE5I -b0NPSG5MVGNqTnpsTzN6R29YR2pmZEU1QU9odE5QOFBPTHNVdlI0Ck9xbDRTOXpz -WG1EZHFTQ2JYZW1kYVB3eWpvc09zVTMvQzhjYVB1MlB1VE0KLT4gcGl2LXAyNTYg -VUlFR3pnIEFoU2JFVldxWHlSRys2MWtKdzRMeWYrZ2VORG9nV0J3TldnMUpOdGlF -aVkxCkZtS0l5MnlqL0JrYjAvRENGdWpPQ3BzQ2U4SlI1U0ZtRVlLc1VzRG1tTlUK -LT4gd0poNiVDXy1ncmVhc2UgOSB+IFwgLFsKV2RvSnI2S09iclY5aFc5SlFRWEFY -VmtZUXc3MTJiU0lPeG1HRDRybVhOeDZ5bG9uRUJFY2psK1FsV0RpbE50RwptdFBG -UHVjR0hYNU0wUVVrR1EKLS0tIDQ0SThSdEV3WnhTU3llalcvbnlCOG1VVUdxZ3k5 -dUtwNk8zMnowUkFxWXcKYaKLiik/vILFaTf1vsJVJ4p8xwNn8v5siCo2V78yvZvB -foB3cnhEBKezTBvGp2R7eDPG73u5Z9JTxv/qYjwQeBC20s2yx/+dZs2acc2IF5pq -OCWqDzHunkp3r1z/7h1KdGFhWcW1NkqovE8w9gejlMyJITShGuzQFL4KUwG/jidi -MtpEN94= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBPZlVF +R3dmNk81N0FyQndrZG9jVmx3MXQ1TElpaG1ESERGUVFrRWIzdWtrCmUwWEZseEw3 +K2JXZ213K2hscGNCT1BHa0hoSW9FMllaSFRwL3BKb2NUUDAKLT4gcGl2LXAyNTYg +VUlFR3pnIEEzdDBrWWxoN1VkbXZZbGkrQUpidjVHUnIwb0pDVzU4d1loSWRCelhs +QjF1Cm55dkdKZ1VwNUx2SmFpSGZlV0VCZDZLelJPaVZGWmdJRnBLTjhZTWJMeDQK +LT4gXi4jLWdyZWFzZQpXZ1ZCMEZsZHlHQ296YTVVYjBoaE5LWXpLZkhQeEVvZkp4 +cjkyU2t2NG90dlhXakRCL2ZiWUpLVVNwTFR3SFV4CmxpckNiTGlKOEFGTXJuekVP +Z1c3QU8vQ1RPRjRqYU5wR0JKclU4RkpqZzlRbENLV2czcWFBWExHR2hJY3FBCi0t +LSBwLytYWTJLN2NqSmFobWltVDYwYjByTUxSaVE4VkFWWElrb3M5eVljWlhrCs4o +R9oJ6vxcpSdap9gbdumjqMMS/5bg12rSaSoX9qKX+L5zI7y+FCh6mz34mXeJ48qn +kR1iEw6GUMe0EGBXnU3Dt1/qxr7AIVtd2nZQ/G7D0mujJrDT8NybAHPwdupELh7L +zDXU1fX9PxnR8viAKXiH0BQqoSu7pPnxhisucKmJoCCVVYKG -----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud_admin.age b/secrets/nextcloud_admin.age index 70133e6..1bcfdcf 100644 --- a/secrets/nextcloud_admin.age +++ b/secrets/nextcloud_admin.age @@ -1,15 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyAvTm9W -elF5RVphelU2YURhU1R3RDBUQUMvdE1XbFgwYlI3dWM2VWxOMWpzCm0xRVN0dkRR -UHlGcU1maEhSWmlwenhlM0hkdklVQzVRaHBFM0MrOVVQeFUKLT4gc3NoLWVkMjU1 -MTkgekJMRFpnIHhYK2dwc1ZSdy8zK3A2MFRQa2YrV0QrVENEVGlYczAwbGhhK3Aw -MG51VU0KekV0Q21yZEpoZy9IeTY5WFFrQ21TeVJIV01RTzQwOGtodmxvTFgweFZt -cwotPiBwaXYtcDI1NiBVSUVHemcgQTMxRnRVUnBweDR5d3Y0RlhFdGUyRXNHbDFE -aENOTGlqNHlaS1c4V0xZZUwKcDJ1L3dtU1l6bjNycGxSdzA3VEtRVnV5K2FJa0Fi -NVQvWGpIMlNSLzNUVQotPiBkQ2d9PUBsLWdyZWFzZSA0KlUgUydvNTwgem1jc0s8 -CjZ2VmFsQWhoYTl3dmsvNzYzOHlGdEZSMzcwM2d1ekFrNWFrMDU2RFBjZ01ldU5k -bjFwTnUwSFlkdEJOVUJUOVYKS3Rvd1Fkd29VM1pWb2dWQWdPVytIYkQ2WXJ6M1pI -bGZjM2lOCi0tLSAwd2RIcHZGU1pudXRxdkpicGVMZnFNMGNYSXljYkhTaEZ0dmVy -K1d0R1RZCi1RHY9VvMWjzyBHD7yMdI2/3QT7CjWJ3mIfMi0MLfBPPNWD2yHSQwJq -3P9jM7Z/HaclEx45mYsFuEUe5pknDwae +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBSdml5 +RFJPdDNJallkSG41WFZsQlZMREhnT1hBWlUzbXhDR0dRbVpzYkVnCm1NdGhzZ1Ey +K1ZmWG10MUJUNWZsNkFrY3ZWdDI2UGV1aE9TUFRhNTluMmMKLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIERCVFRkb2lXaGZRTlYxS1o3SmNnVEtDK1U0RG9HRm4rZmdLakZ3 +OEV5bFkKRmlOalJ5cWFPcERBUUdyVExOUHpkTFFnckgxWXE2YWNCY0xJQURUYkVp +awotPiBwaXYtcDI1NiBVSUVHemcgQXBHUzR0TzQ3VEp4MjIyNmNTeE9GZWkraStC +cWNqeHRPS3FiMGI4WVpDTkUKcU9JRnVOQ3A5WDBTYS91MzB0WStET05sVWQzZzY5 +RElROEdNMWV6UkVuawotPiB4b3YtZ3JlYXNlICFRWVlRPWZ4IEI7ZD4gKCA5U18K +dGtjaGF2c0VnOHdQMDZWbE1IYVJ6aE9pUnQ2a09CSTRmeDlMVTNkNlZ0ZjVNbEdR +MmprV1N0OUF1SHc1SldlMApLRUxteW1WdzE5OUdGeFA0bjBHaHl3ZnFOcjRkRUhF +RlE4bkd4b3FIQko0YWJYMWFyRk03QWYrOTNRCi0tLSBQZlg3aTQ1M1J2UGN1em9Z +NXdOZk5lcVlMZjRoU2taWWRqRnRiYUVLNVhFCrjZR2SmzuALzdJNdt59fm1j+hRL +sICyhBFwDJdyvAbBL7xMud7/P5oIhMSCgwiFo11GzzYQbnCouTeC6mugVeEH -----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud_restic_env.age b/secrets/nextcloud_restic_env.age index 3fa2a72..1effa5d 100644 --- a/secrets/nextcloud_restic_env.age +++ b/secrets/nextcloud_restic_env.age @@ -1,14 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBuYWps -WlBQVHRqR1VXUTZjQ1l1UGMxZE4xalQzb09PMUtDMS9sK2tsOFNRClRtQ1JxYnJs -Wm9sdjRUN2NOeDBzNElxeXc2S1JVdTlxRHk1djJJRG1DZWMKLT4gcGl2LXAyNTYg -VUlFR3pnIEF1VTBVWXprekd2UjVGSUJ5NUdFZ2xCTGovUENoZnRjVGVaWEdCNE5V -QXZmCjJNWnRjMU5vU2xkQklHbVF3MGpiT0dJRFlzdnVnTmhRMkFRWUp1ZCs0MFUK -LT4gaGkxO3xpPC1ncmVhc2UgfCBjLmh6OFUmXyAwRGBuNCwKY1FabHlsSkcyckdj -RUhGNmpkdnRXd1RCRjJLUEFRbkE1M1p2NzVMaDUyZEwxdEx5c1lidzIyM3NrOXhV -YTRnVgpBNmV0SlYzOE5QRGlLQi85VEJnMXZ3YjJwemZWOFlvRTJ4cWZIN3hYdXhR -QmsxUUoKLS0tIENIYXo5SmtlT0hLb0VoWWhOT3djMlJzVHphVlYzQ1FPejNZTTNT -SURWdm8Ki8bJ3t4oeTS9dipw8oCKtFyE6vhiIsgmjqsRnDsHGCNC8CRvl+/JUtKk -0p6cja5lVRUnVWNYIXsAjsxposBj713IZoUSMyXh53Xs5mvoPuvE37pIYH15BYtB -hiW0M6m3y8vRTO69174aplUST9ebg+IyJh+CxVu+8crR6/9RjYJ7IQ== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBrK3h0 +TWtqOWhUR0kvMldiNHdWeTBFb05SajBqVm51bFZBOGtyb1F3engwCm1YbGk0Uk1u +SVdPL3ByemhGZXdLMmNzd3JucXp4bTREbldEcE9ZTWtLSFUKLT4gcGl2LXAyNTYg +VUlFR3pnIEFuTXd3UzNScHJZbUtURytMbDJBUEFZd3UrdnNSaCtWWm1nQzl2TEZm +UGxyCjNubFJxaGlJMEkzbzNCNkNiaEVGcUczbWJsQ3FlNC9FRXNVbmprWlZzUzgK +LT4gYyR+LWdyZWFzZSBlX0JqJ2ogN1E8IXdcCmlqTGN4TkxKa0VmRzF2YzNCcjRp +T2VpaWFxdnhTcFR3V0JNSmNLTVlTeFZFVDdBelVtaGVRb21GCi0tLSBQNnFGZDI3 +bUUxbEtSVDhvZmlhMjlDYXZueGl6VGRTbEE1M3dia3MvQUhJClFjVpgP+t8uPQVa +d7I3KMxAUMHLsxIaMyhOZXdwW+Entbj5ucXwzp+KB3YaZ0KR5pZfGBkK6q2a864+ ++Bo1dnDrKDWcaIqrcBGBu401IlqS27R2ZM18gFOUaYx4hjbIZYx0wh1b65sJ5erh +rNrohzwtloll6Kt/oIIVEqILNleXWC8= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud_restic_password.age b/secrets/nextcloud_restic_password.age index 8dbecfd..97f9e21 100644 --- a/secrets/nextcloud_restic_password.age +++ b/secrets/nextcloud_restic_password.age @@ -1,14 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBLc1NG -Z21TZ1ZNaTE3MEF1TzM2NCs5ZmNYNkVmUXRNNFAyUGNwekNEMDFZCnQzRWhrMEJo -Rk8rSWpSN3Y2NW4zcVFjUTdPcCt3ZktaMnZyV1dtRE1sSzQKLT4gcGl2LXAyNTYg -VUlFR3pnIEFzeGZMMkd3Ukp2R3luQ0pJaFlBRThuSUltSGJkYzUzNCtMQVRXOHN5 -ZEhqCm9PeExLT3JDbjR3SU9kN09JOXQ3TURCK3lJanF0VERHRm0xY1NkczF0OFkK -LT4gIWteQUNRZj4tZ3JlYXNlIFFBSVoKT24rODJCSVkwWGpweWlkc1U2dXl4aDc4 -NmE5UElraXBwVXM3SXRhdHhzM2hxa044dFhJWUQwamdndzU0Zk01UApVZ2JheGtJ -Ci0tLSBadFhKVU9NVHlVMEZWcGRZb2ppWmM5WEhYdnpqbENmZmZ6S0JKSnVzYzBv -CrTHgBLC9EeAMFJLemtNjLpUi1YjaffBgBvhnJE98oRs1V0ZCo/2hjJm26CdWLIn -5HXhiZvOjCALojwFcRmVenM4hILDSlqzECJN+gI33RHx28OiShSJpwoGGiiRfjJB -BpSxzH5Xa41/GaTw9Bf36SitgLn/fFAASyEulC0nX5ZMLcK/9U/CxoSYezkuah7v -Sa6JRaMTc1gh0xV7K0pFmGKm +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBKaWN6 +WVFRaFNCT2JKSTJXNnBzbFBURmc5N1Q4VExkemxmblJBVjl1YXlrCmd3ODllOFVO +K2JtTmdpQ3VaN2o5ZkZNdlBjMWNVT0k5clBPeGtSZ0dnemMKLT4gcGl2LXAyNTYg +VUlFR3pnIEF2aDZwd1VtSzNuRXh1KzZKSXZod3dQSmpIUVMva21DbUtERGRESk1J +d25lCmxKQVQ1V1htNHRaUktseDRJNTljeE01YWJJMzFlVm1ORTRaUnR4eFJEOUUK +LT4gfD0tZ3JlYXNlIEQvOSohZCByc1Y4ZCJhNSBmJkNvIWlvbSA2RmhGLwpMQkc1 +cE1pSGhGUDVteUtySitsYk5OYjAxQ1VHdWFGMHBYcGhidDU3MW9zZEY2VGw1dG5N +ZXlqM3dIVHZuWWJ6CkpWa0RQNnhwR09MRVF3WjNJQ1ZweVFFCi0tLSBENlRJeWxj +b3R4NG44eE16eXdIQ0p4RWhsYkZ4SlE0RjBFUUJIcFZLNjZRCpz3SS8nHn38RCmX +RXjsi57PXBoMMDQchYLOAVencBYXuMMEaHF+dPWI0VcFELAf2HY+yRnuXhqU0zx5 +nNDteJdAIPtVbyMh4QW6eBsdeKJk0afDa/TzP0Lqal/A+MrEGvZnDnxH37Vguwve +7os2vx2MC7y5/KyCr2momF5TeDpMSgAEl2hiTHvLGKXo0J8yyvrOLvMKXTkiE1bX +WOskoXXU -----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud_restic_repo.age b/secrets/nextcloud_restic_repo.age index 50e62bf..ac66ff9 100644 --- a/secrets/nextcloud_restic_repo.age +++ b/secrets/nextcloud_restic_repo.age @@ -1,12 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBOR0tn -SWQ0TnNIMzYxZ3NVQ1FSSjcrNStUQi9ta0ZnYVJCVWNFRWtzTHhRCm9PdFlTZEha -VjhFVTNDRDNsVGp6VndIM1Y4RjRHUXpKT3M3YXdnRXVxbEEKLT4gcGl2LXAyNTYg -VUlFR3pnIEE5NXNnTEkxbDhJZ2MwYnNSVHZFVjdhT2t4RWVreS84SHRFOExWeG55 -OGQ0CngwZTBHTmRHYUVnM2pwZmMxSXRtYmVrRmRBa3J0b1E2NUROTWJKbVhNNm8K -LT4gWyFUey1ncmVhc2UKcG96R2h1ODJlM05OWlhZVisyamtGT2RjL2ZNV0FZeTNU -RHA4L0hBQTR3Ci0tLSBhdEJOdjFKWUgrbElIM1FEKzk3MFpGa3RjdHcwZy9LZGRG -Q3J4ekx0SjFvCnm8zB/L8xszapk7mk292bOF7Vw3v0Acp8H/mYUgMe4nR3pvQmdg -pzeycFqyymCNQv6tz2WmdrkYpPJp26rR8/pw/NkOLUUPryLKy9xsnb/0xOzY7RAK -T2tw/8/zOA== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBaR1A0 +djBrN2t3MHRzZ0E2c1p0L3ZSQ2FDNnBvbWFOTjFKd2JxVGkrK1RVCmNkUm5aUCt2 +cWR3VUtEaytEM2FHM3lBY1ZEQlhCVktXQ2NXeUQ3TWNMYXcKLT4gcGl2LXAyNTYg +VUlFR3pnIEF1N1IxMXVTZXd3VHpXeUpVUk1RbTFTbDY5UnJVQStkTG95dlphQU4x +UldyCjZFYWNNbjRnT3Z6Njh4WUF5TmJvRENlWERCaFBDeEdreXhIS0tpUEFLWEEK +LT4gYlNYOy1ncmVhc2UgZDRieFxTIEV3ajJKIDl4Tn0mbiBWO0FLLz8KYy9BeGJM +QkN0aDhPN1NSMi9SVFVEM210dnQxSzQxbzlGbHlJeWRxeTBUVVJMbDNwK2cvZXlX +eTVNdTFQcnczVgpVbGdHRHBsNUZmNFRodVBIaHNCdmlGZ29sSEMyaVRiajY5cGdG +emxDNnNwZVphTkVqL2lqCi0tLSB5Q0dPdW5qbDU5cUdHYWhVMlRVakdxVWxZbEhw +R25RZ2hkVTJIQVA1amtzCgOtdRwGUlOcdpBU92u4aLOe1BX8NAcSxbk6Z4eWvh2F +At/u0tu2cKYm3Etw1FkGRKnXbISvwhXIpbyglHDgV9qpzo5RSLlNw75C9HJ8hn12 +eG5ujN6Pe6bpWZvojA== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e5a8dd7..f88833c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -72,6 +72,10 @@ in machines.pi4 machines.gospel ]; + "frigate_env.age".publicKeys = [ + users.me + machines.gospel + ]; "zigbee2mqtt_mqtt.age".publicKeys = [ users.me tmp diff --git a/secrets/teslamate_db.age b/secrets/teslamate_db.age index 00f3c94..9b643ae 100644 --- a/secrets/teslamate_db.age +++ b/secrets/teslamate_db.age @@ -1,13 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBwRUdi -V0xueG93bkI3Q2M3aFZQRTJ6bFE1elpnYlNUQzhVYkE1dDhJSEh3ClBLb05NVjFn -QVQzcFNOSlMzQjN3SmlkbmhaOWp4RVBaS3ZLMVY3U20ySFUKLT4gc3NoLWVkMjU1 -MTkgekJMRFpnIHkxbUhXUnVMU2R2aldiYzJ5bU9lM2Y1ck5XenVuV0I0OFVtVUFQ -RzkrWFEKcWNFZStXRzZNZWhlUjl4Z2Q5MXBXbERrb084b0VFNkJLK0RYT243VVBK -SQotPiBwaXYtcDI1NiBVSUVHemcgQWlxcmNnSVdlVk9mOGF4Z0xFY1BSamorb1Nt -UnBxbmR2b2RHQTJvanRlejIKdW1IcGUwTHRoblJ3WUdoRTVFSVhZeXN4VkJGRi9r -aVptblRYdTdYOXZOcwotPiBbLWRDKC1ncmVhc2UgR1xnSWBANG0gJUt6ZF1ZIEsK -UUhBM3hQOUovYzdiT3R0dThYVllJMTBMNGlaN2tXTEg0WXRMeFNkenF0cXc1WlVi -Ci0tLSA3MTh5VHk0RVRLQnNEQnZ2Ky9RS3NyN0d2UldPdnRIaDVqd1RzR3QwVEJR -Ct+tOFTJrHNFi5p3juJNEOyIueALYfoyKCA7slD2VUCJNx8toVSah4w= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyAyQ2Vn +ZFhpMUdpTzMxYTZkZEZFek1zUnJGbGFDa3MwSFk3d255TXVncmxVCmRIMUIreks0 +cG8wU0tGSTBsMUdobzZHQTBEZmVvSUpJL0JrRFF5QXVxUE0KLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIGhoV25hSHNnTy9KMSt4bmttdmFqdGFORUFoSmhJbWZFV0x0ZkRh +OCs0azAKcmRLWVNOYWdBM2h2a2diYlBNRVV6UXFlWUFQakxwaWVTNmc0OHZpeVRi +UQotPiBwaXYtcDI1NiBVSUVHemcgQTdTN0RMV1VxM0g3U2l4T2orcmtjdGhMZ3hK +bU1nSWsvMFl5dDVhQ0pPS1UKbWlGbGw5Syt1K29GQ0lWamtWVjR3VTVsSmpDVTUv +bWdRR2NPTFU5NDc4UQotPiAhd1AiIWJGLWdyZWFzZSBPSG9hNXMKdDVyRU9OUFM2 +Y0ZDeTQ0ZFhCV3lqVW9BRlpYSWNWT1F1QlBYWkEKLS0tIHpBaklFSkpDemJSd2JC +ejVGNE54cmhTeEpLdTFBdVRhZEdYU2hVRHVSdncK5UpnpQcrmuTHKC0ljgyyH01N +OwImGuUv4etPgzcz1DyD1KotwMQY8A== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/teslamate_encryption.age b/secrets/teslamate_encryption.age index 77517a8..f08d65b 100644 --- a/secrets/teslamate_encryption.age +++ b/secrets/teslamate_encryption.age @@ -1,13 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyA2NVVS -QWFhaUdBZ2E2dG5xT25WOVdOWThDWXNPYlJyS2tpWGZaYjVSZHdZCjJsV2ZpNkEx -eTRWRWIvTGxEbFlrK3lzM3Y2TVlHQi9Lbk5kdEdtaEhHMHMKLT4gc3NoLWVkMjU1 -MTkgekJMRFpnIHdlc3dvTEhaYjViR0pPbmVyY2VHU3hyV2ttK0VwN3FMZmxMaVVh -b0QyeGMKQWlyeGpkNGlnNnpvS04vTVlJd2l5UkhaelVPdnorRFF2UjdiaVgyRXh2 -NAotPiBwaXYtcDI1NiBVSUVHemcgQXRGakNVK1lITWo4anEyUlh6d29lYjNYUHh1 -VUpUNmsrZTNjS3RYRzFad08Kbm1NK1EzNldlNVlaSThhb01YSlVFZ3g0YlZScmtH -VUhwa0VpMG1TV1F0ZwotPiAuaiQ/ci1ncmVhc2UgVTVaLgozY0h4b2FNCi0tLSAy -UFJjNVU1T2YvQW1kT3hnLzh2Q1c4c1Y2MkV3OEdBNldlcUczS1pha2ZzCmvva9/4 -U/0F0ZN+ZbPlYbyh45pfpdj2+fv4MXvW3jvzQN5qSMVL90lOlQNpBb2n2/ZbkZ+d -5lViTG0B4ZTGh63y +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBFUjlD +R0JSTjBGZTV6SVNyZGU5SThoa3VZbndVeFZKTENYUlFRd1JqdTFRClVRS2xZWXUz +MlpDdWx1SHdwejE3RTI4UUZPLzJrUzNDbDh1UHNYQWtIaU0KLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIEwzM3NuZDRlWGFXTGpHYWZJWWcwUndCZUgxL2lEdzFRYU5Zdk5o +VWZOR0kKUTJuZHhkbHRUZGMrb3g1UVF6bVNGRHpiT2xBL3RJVXN3MlpYcHRadWVq +TQotPiBwaXYtcDI1NiBVSUVHemcgQTFCNGhDZ3hBamtRTm1SVFN6UGJ6ZkJ4N3Ix +OUNTcGd3TjI4RHJyWEdtUGQKbDhOTzJKeVZ0RWJmdHlrc1ZPUGl6SHhFUzRSNTF5 +MmZiak1NUzhSQnZPMAotPiAsYWctZ3JlYXNlICZYImcgTW8hCm80T010c3dmV2xW +RUszZTMvWXM4SUFNVU1kQWxRSFkwV0dsamt5L1AwUlQxbnFMWVcyMGR3cjAzcHVi +VzkzNEsKa1FHSllVbXNwTnhVV2o0Ci0tLSBzUmdHSFJIcWQ4cmpxNzlyd2hPZTRo +eWthY1NiK3NxOU9jek9CdVkxalNRCtM0S6ToRPKTqKEwrE4XVz5O14g7EoRtdnbn +Qn7cFAxsknPgLmnV9GnHw4iYievbxNMU22BmtnREZlpzX4pKiv0f -----END AGE ENCRYPTED FILE----- diff --git a/secrets/teslamate_mqtt.age b/secrets/teslamate_mqtt.age index d61d6de..befe57f 100644 --- a/secrets/teslamate_mqtt.age +++ b/secrets/teslamate_mqtt.age @@ -1,17 +1,18 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSBCU3hj -TzVMUndWdTBlSGRoNUdJUnBwdzd1Q0xVVms0cEw0SnNKWFJjNG1vCmdNcU54TVVE -SjZUL2oxNjhmNTNVQnB3TGRvRUtIcDBNV1hidEtWdlRHYjAKLT4gc3NoLWVkMjU1 -MTkgWWs3ZWhnIHI3VERDYjd6bHFQd0k0SFBhOGc2TzNwMDA4bHJYRDZhNm1yZmdQ -dzk4VWMKTFgrZmx5VHNZT05yOUZGdGRrZjBkYm5qVm1jSzlCdDVvL0M5WWFDbHBh -UQotPiBzc2gtZWQyNTUxOSB6QkxEWmcgWC9kWWVSQkNsd05lTFFvcEp1QjBTcmx3 -Nzh5VkJHZmVhMExWYnVQRFFBawprY0NXL0FaUHJ1MFQzMkpQZFBJb3FFTW93VVUw -YkdlcDZyVnNOTVBpT1lJCi0+IHBpdi1wMjU2IFVJRUd6ZyBBNm82NVlpL21XVFpk -VmsycEVrek1vQ3doaDRjZTU0Q2g4RkZkR2RnVHN0cApsMnR3SHZFeFhxK0FITTdw -eXVYcWVkanJpOWFHNm9BY1BsQlB3RjhqekpVCi0+IDd3fi0tZ3JlYXNlIFJsWyB7 -aj02SG5eIEtFaERKOCBnMDcwakA1Ck9PdmNURjhXYmpnazlzMnIzb1hlZTl2T1Ev -SGJJdU1tTzl1eFdyaUJWZTR5OUFHamhzcTIKLS0tIFliSWpYMUpSMUE2ejNlRW5R -T0tJYmZiaERCaFNsUlpJeVdMUzJHZi90TmsKFCHn4ygjMFmYyGgaSD8UOP+jb3ry -u6P9iVzRiZtO2m7xJAJgFV8Qk+yWoY4saFNQgY8XVfHmGj3sVOPvdttB5e16Tlty -PITNgwDKI2gPR7Cv2zBILICVVxOCnqXm3fJR/w== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSB0Yk9P +Z2x3THFvZ1dPQWFxQ0Y3cGRzUTFEYVdoV0tPWFJZQk8rUzZXS24wCk96NDhLdzlN +RzI1V1pLYzRlSFBTYjA0ang5V0UxUURORUVoeTh5VDFmdHcKLT4gc3NoLWVkMjU1 +MTkgWWs3ZWhnIGZ6UXhwSDlkMk4vNVJ4T2FtdG10UWlvdmRuMmxUdTV0NW5uZE4z +K1FNVVkKVFJ4cnlDZ0k5aG5QTkpEMmx5clZNODVhamFPMWZPN0JBRlZJN084bkM1 +MAotPiBzc2gtZWQyNTUxOSB6QkxEWmcgeFU2WUxzRG1kVTF4VEZjKy8vMG4vMk5m +SzdlVVpIbncyQ0FJRzJjejJYMAprdXh2bm5jR1c0Zzh2aXN1MlEydWU1TEtmcVRq +MHowaWpGVVFaMS9HYVlJCi0+IHBpdi1wMjU2IFVJRUd6ZyBBaWJ0YXlsa2NVUzVL +emVodlFJVmJUTDdTVUZCZm51Y0FXa1lORisyampNSwpxMjVudUcxNTNIcGtXSytQ +dGR0L0dScGtwRHpYRG5RRzhEakFWVlBIMnZ3Ci0+ICEnZGB6fS1ncmVhc2UgWiFQ +RHUkICFSW11RVUx+ClRvUFZDRXJMWnYzdVJSWVZGZENLVXRwQkJhWHp2Y0ZKSjZ6 +dUNiQzlyZ0FZY3R4eTFQNW9WaVppWDZvRmxxTlYKSUp5endEbnAxMXFwYWxCUlB0 +L0tjTFZCCi0tLSBKTW5xOVZTWURxbWV6U21ocHFHdnFsbUFJQzgrMVVPN1Z2VVE2 +TU93dEZZCj+MzLFs3s3dNuwcJOx2OK34DmfwPkYjlWAYK5JBxLp5nHph76kA48TP +A5j165txmnE6GZAvlOG/LyHmP4V/KDrGBCbxjq7VLchMEIQcuHyN2z/zP6rrr4+4 +twxMCIAeeVE= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/zigbee2mqtt_creds.age b/secrets/zigbee2mqtt_creds.age index c1ff0d2..81ab927 100644 --- a/secrets/zigbee2mqtt_creds.age +++ b/secrets/zigbee2mqtt_creds.age @@ -1,14 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFBaS2ZPUSBpZlJZ -Rm42M0VBZFFiei9Fd3FEaERnOFhVaHRMSnVIRjBteGFxeWxYZENjCnhOSXZGU1N3 -bnF5Y0xJMEd1OXVCT0Y5UWlYSFQ0c0hDSDZ5aWNVOElIT1EKLT4gc3NoLWVkMjU1 -MTkgWWs3ZWhnIEszMENjbzZoVUJVWWIzM0FBQXhpS3p1OUxXUTNpOERvQ0Nlc21i -RUtoM1kKaFM3TCtDK2hJZEUrRWNwc1FCREZaYm1zNGt2QUx4aUhUWk1ySUpyOHF5 -bwotPiBwaXYtcDI1NiBVSUVHemcgQW1Sb1BIcGZ4OGxoNFlKTnNUYWpTNFQ4a0hL -UGlRdmREY25HRjkveTRoUXcKdjZnTUNnMXVLTnhFRnZJQmpNaUlwSGYvRkJ1MUdW -WEduUE15RllkaW4xSQotPiBvQmhJMTZ1LWdyZWFzZQpYVXpGV1VIZjRMYUVEUnBk -SFFFUUpUaXpRSU5rZXVZUmhjVUorM1ZiNXUzNytycHY1N25tclI4bGFBeE1SRmlh -CgotLS0gSnoyWUFBdHZoUUFJQ2pFamEzTzNkSjdGUjJqOW9mTDBueUhWZStITXRk -awq4x9UTwEx1Ps0AQtsn1LxuJPX2G8qoFTGykIUWZDBqX2FpqCQTjcHC987XXbkr -w5IEsOMv8T04vepq846fTjuXS9x1RTN+3djGQ/5iu4OHkkY= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFBaS2ZPUSBwMG5V +WVhWUUVIcm1CaEpuY1lpWTVCWlo5TTZXR01iNFlWemJ1dGIwc21NCjdDZ1ZBODM1 +V2l4QmpDcElySUxONlRnZzVuZk5OMzJacFY4OFJzRjdldFUKLT4gc3NoLWVkMjU1 +MTkgWWs3ZWhnIGhMR2FKSWZsS0NWdDV0ejBaSE9Oek9EZ29DU25sMURBVlZMM3Qx +RmhuejAKYnVoMEdkaE9USlh1dlhFNXYwKzJWbkVieGNUMVJIUG9YQitoREZEVE4z +VQotPiBwaXYtcDI1NiBVSUVHemcgQTUwcHhNZGJ1cmVhSzlIbjd2MEZnbU9ZeEdR +cGJzeFh4VGxZMSs2bGV5UzIKdWlyNk5yOGRlOFlOZmFQRkNURzhaamdQc1VGellX +Vm9ZNjlNeG5NSmpPWQotPiAsJ2BUfFguLWdyZWFzZSB5dnkKY1FaY0xiZ3hVa3d1 +S3dNREg2WXZZN3VkSzIzTU5jTER5MzgKLS0tIE9HS0h2YnNWbXNZeEpJNFJGeUVy +aDhPS1dJN3Q3VzVJaGVQdzV6UkVma1UK6QqONmjUWU5xojfLH+Acd6k1qP2kPK37 +8XR7z3jKvIQMqE8/Wx3XbNeupQGM6HrcJfbMa7XrlWKnAcATejqeAEeBdC59y2J8 +zDIbkLZINnma -----END AGE ENCRYPTED FILE----- diff --git a/secrets/zigbee2mqtt_mqtt.age b/secrets/zigbee2mqtt_mqtt.age index ad7018c..bde524f 100644 --- a/secrets/zigbee2mqtt_mqtt.age +++ b/secrets/zigbee2mqtt_mqtt.age @@ -1,13 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFBaS2ZPUSBwQ0Q5 -b3JYVmUwSnhaeDZ6TnhoZjJEMWR0Y1FnSzVWaGhqZWdPY1JIc3o4CmFvUkdIVi81 -anlOTDk1SkNha2lLWnJ3WU1rNjV5QmwzRVhBVEdWSm90eFUKLT4gc3NoLWVkMjU1 -MTkgdDVYSUdBIHJMYVRRMko1NThhUm9iQTFDOWwzZW1RMHl6U3NQNlVsSU04RGJN -ZXk5eFUKVTNnR2cwMkdESC9kbURKU2JwY2kvWGlRZ0VzTHhOM201UkRBMU10QUl6 -UQotPiBwaXYtcDI1NiBVSUVHemcgQXluNm9HaFNJam9TejNJcWxBcUFCNTNxVWRx -dGxhUTNMbnFtV3RpVnhIMkQKVjVaMCtNTjZwTWJWWUhZYzhDWGVzODQxT2tNUm4w -TTVyNVRHbnpHRzd6MAotPiA0cERgZWctZ3JlYXNlIC4nIVF6JUsganBISy5EIyAv -UiFyIHtYflYqRWIKQUoxZmlkVmwyUQotLS0ga2F0UFhzOUVmVkdRa0VBZ3FqRmhH -b2owaitESHh3NzBaNkNXcXQxUHNoZwosnZ5zPmxwEuquVG+nZlytvZ8ln4j9aoV1 -iLElmb1aAcnP2Vz4cMp3nrFF03WrRQ/7 +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFBaS2ZPUSAySHln +aWUrWUN4ZFZjSGhNQndDWHdDRzdHL1RuQ1JpMjBDdG5oZ3JQN3pFCmZZbVJQRUNN +bnA1WHRMLzhrZENDVkFVZFM3ZUliREpaRktEZnJmMndFRk0KLT4gc3NoLWVkMjU1 +MTkgdDVYSUdBIElQMkVkcThhMWVndDd4emtyNTBubGhETU5Lb3lnblBYRHloOWR4 +akxlQ3MKMjdnVVYwcnhIVmxEcm9PQzVWMU5PcmRVeDNxTmdSNlBTcDRKNndIVTZs +SQotPiBwaXYtcDI1NiBVSUVHemcgQW85bGJkRE1zY01BMDByaXNEUWFBYWhTVi9o +UlJ6ajI0ZVJ3OHpTL3c1bDUKREE0WGN0S1JCR0k5emF2WWZoK29MeStETlpSdk5k +amFqWG9BekRpZmZGWQotPiBIazRkbEQtZ3JlYXNlICVWbyBlKWV8J2IgUi1CTydS +TSB4O1lRdgpTU1d0RGc2Z20xcml4c3FpYWgxVFVNRkZBbWJXdThmeXFhL2w4MWxQ +bUtkWmhqYjA1Yk0KLS0tIHdaeExRSzNERkFPSVBnOFZ6V055ZmZzTW9aZXMvTm9X +OEJIL3F4UW5mYjgKLubxi6qI8xgsKtCY64YhgI/77hLijqurj16w7daUl62pb5ME +xdfuNFer4HnnFRC9hg== -----END AGE ENCRYPTED FILE----- From 3dc9555920052af176a54062761d6856541a6992 Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Sun, 18 Jan 2026 17:59:17 -0800 Subject: [PATCH 2/2] wip --- modules/nixos/services/frigate/default.nix | 59 +++++++++++++++------- secrets/frigate_env.age | 21 ++++---- 2 files changed, 52 insertions(+), 28 deletions(-) diff --git a/modules/nixos/services/frigate/default.nix b/modules/nixos/services/frigate/default.nix index a19e0c7..e3127d3 100644 --- a/modules/nixos/services/frigate/default.nix +++ b/modules/nixos/services/frigate/default.nix @@ -46,20 +46,43 @@ in }; config = lib.mkIf cfg.enable { + age.secrets.frigate_mqtt = { + file = ../../../../secrets/frigate_env.age; + }; age.secrets.frigate_env = { file = ../../../../secrets/frigate_env.age; owner = "frigate"; }; - # systemd.services.frigate.preStart = setEnvVars; - # systemd.services.frigate.serviceConfig = { - # EnvironmentFile = config.age.secrets.frigate_env.path; - # }; + systemd.services.frigate.serviceConfig = { + EnvironmentFile = config.age.secrets.frigate_env.path; + }; services.frigate.preCheckConfig = '' - ls ${config.age.secrets.frigate_env.path} - source ${config.age.secrets.frigate_env.path} + export FRIGATE_MQTT_PASSWORD="dummy value" + export FRIGATE_VIDEO_DOORBELL_USERNAME="dummy value" + export FRIGATE_VIDEO_DOORBELL_PASSWORD="dummy value" ''; + services.go2rtc = { + enable = true; + settings = { + webrtc.candidates = [ + "192.168.113.69:8555" + # "gospel:8555" + ]; + streams = { + video_doorbell = [ + "ffmpeg:http://192.168.113.91/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=admin&password=nUmPFE3*dDOVJ$O1#video=copy#audio=copy#audio=opus" + "rtsp://admin:nUmPFE3*dDOVJ$O1@192.168.113.91/Preview_01_sub" + ]; + video_doorbell_sub = [ + "ffmpeg:http://192.168.113.91/flv?port=1935&app=bcs&stream=channel0_ext.bcs&user=admin&password=nUmPFE3*dDOVJ$O1" + "rtsp://admin:nUmPFE3*dDOVJ$O1@192.168.113.91/Preview_01_sub" + ]; + }; + }; + }; + services.frigate = { enable = true; hostname = cfg.hostname; @@ -76,16 +99,16 @@ in # TLS terminated at reverse proxy (nginx) tls.enabled = false; - go2rtc.streams = { - video_doorbell = [ - "ffmpeg:http://reolink_ip/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=username&password=password#video=copy#audio=copy#audio=opus" - "rtsp://username:password@reolink_ip/Preview_01_sub" - ]; - video_doorbell_sub = [ - "ffmpeg:http://reolink_ip/flv?port=1935&app=bcs&stream=channel0_ext.bcs&user=username&password=password" - "rtsp://username:password@reolink_ip/Preview_01_sub" - ]; - }; + # go2rtc.streams = { + # video_doorbell = [ + # "ffmpeg:http://192.168.113.91/flv?port=1935&app=bcs&stream=channel0_main.bcs&user={FRIGATE_VIDEO_DOORBELL_USERNAME}&password={FRIGATE_VIDEO_DOORBELL_PASSWORD}#video=copy#audio=copy#audio=opus" + # "rtsp://{FRIGATE_VIDEO_DOORBELL_USERNAME}:{FRIGATE_VIDEO_DOORBELL_PASSWORD}@192.168.113.91/Preview_01_sub" + # ]; + # video_doorbell_sub = [ + # "ffmpeg:http://192.168.113.91/flv?port=1935&app=bcs&stream=channel0_ext.bcs&user={FRIGATE_VIDEO_DOORBELL_USERNAME}&password={FRIGATE_VIDEO_DOORBELL_PASSWORD}" + # "rtsp://{FRIGATE_VIDEO_DOORBELL_USERNAME}:{FRIGATE_VIDEO_DOORBELL_PASSWORD}@192.168.113.91/Preview_01_sub" + # ]; + # }; go2rtc.webrtc.candidates = [ "192.168.113.69:8555" # "gospel:8555" @@ -127,7 +150,9 @@ in allowedTCPPorts = [ 80 443 - 855 + 1984 + 8555 + 8554 ]; }; }; diff --git a/secrets/frigate_env.age b/secrets/frigate_env.age index d233e3c..be0e613 100644 --- a/secrets/frigate_env.age +++ b/secrets/frigate_env.age @@ -1,13 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBWZ0Z5 -WUJvUStPNTdySWhLVkFac3JhZ3NMTEFVb1M2UDNvNXFmOCtzaFFrCjE1anMwTFZp -SlNWS1hWVE1EM1IwbE1LOGw3UzNUZUZLN2UvODhZdVpaUm8KLT4gcGl2LXAyNTYg -VUlFR3pnIEFyNXgrMURJYVZ3bkdpeGg2ZzlNNk9ZQ0dOUWZMQkk2KzRmeHFLcEQv -VXdnCkZHNkxqbTZtaE5sNnYySVVOUFJYUkd4NFhlakZCSmFyWVI0eXBqMXc0RGcK -LT4gSEUycTctZ3JlYXNlIEp9WVggZGotUWBNClVjb3FNcm0xeWMya3A4azI4Rmo1 -SHdnSXprSEJaMk1sbnFZNFNWWVNldFI2VXl0TzRiMzFqSzNrdW4rbitWUkUKZnll -QnpXWktGY0xpQS9YVVBmVnVCVEtibndJczRuTEhldwotLS0gQjVicE5PTG9Hb1B5 -eExCbXRpZGxSY2FFdHJCL2tDMlllRVNyQ0R3eWdBdwpJ998RrWDjSZjOJdy2F2LV -FE4WLC+mBh5YQDK8b9yLcFT3SIfLpT9BNTAwP3UQhZ8WrNY7T3dWzMLxA2pzVzKs -Jqsosj4BUWvW +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBiYWRr +cGc4bm1mRStNWkt0VlhXbHhDYSt6NlVhL3d4TlQ3dkxYNzByakVFCndZbUNTenJ0 +TVRrNGhjdXZqaDZUTEc0dUlLUTNyajVYYnZoUTJiWmRZU0EKLT4gcGl2LXAyNTYg +VUlFR3pnIEE1bGNpZEpBTWJOVGZxN1d4STFVMjdrdGhEdEF4Ky9mVjFRUmdnTTlH +aE54Cmg0Tm4waW1SdHVyU2lEQXpOc2wxVFdvRFp3MmxOd1ZkUzh0ckFmcFB6R2cK +LT4gPSQnLWdyZWFzZSA/NSArTSEKUEk3SXlnCi0tLSArMGZIdkl6SExyNi9TMll2 +MWh0RTlBNW42ZGt1bUphQTh6MnU2K3dyRG80Cp4kiJEPYkp/XWJOjLsZL+xKlp87 +JBLXdvGMK3iE0V1X/+ZC99aMEub2K9vV1+JUWF9lVVlHzzM88MJ1D/mupMJ/Fjmf +47P1aXSyMHl2u174jb5kMG218mKWYWhhQpJx4o1nDVIDM8g4iF+WIt1Tuhkg5mlA ++uoOrZcfj9nupKoagP0X7ZWLFb/WnWdQpBxHnYYRZC1UTlql/DUi5ci9 -----END AGE ENCRYPTED FILE-----