From 4b1f02b8417903d56c8d8ff4abf445f86093f9b9 Mon Sep 17 00:00:00 2001 From: Jan-Henrik Bruhn Date: Sun, 19 Apr 2026 12:04:17 +0200 Subject: [PATCH] feat: add initial go2rtc config --- hosts/kameramann/default.nix | 1 + hosts/kameramann/nvr.nix | 59 ++++++++++++++++++++++++++++ secrets/camera-foeff-sub-url.age | 7 ++++ secrets/camera-foeff-url.age | 7 ++++ secrets/camera-gnisbert-sub-url.age | Bin 0 -> 387 bytes secrets/camera-gnisbert-url.age | 8 ++++ secrets/camera-taubis-sub-url.age | Bin 0 -> 399 bytes secrets/camera-taubis-url.age | Bin 0 -> 395 bytes secrets/camera-ulfried-sub-url.age | 9 +++++ secrets/camera-ulfried-url.age | 8 ++++ secrets/secrets.nix | 8 ++++ 11 files changed, 107 insertions(+) create mode 100644 hosts/kameramann/nvr.nix create mode 100644 secrets/camera-foeff-sub-url.age create mode 100644 secrets/camera-foeff-url.age create mode 100644 secrets/camera-gnisbert-sub-url.age create mode 100644 secrets/camera-gnisbert-url.age create mode 100644 secrets/camera-taubis-sub-url.age create mode 100644 secrets/camera-taubis-url.age create mode 100644 secrets/camera-ulfried-sub-url.age create mode 100644 secrets/camera-ulfried-url.age diff --git a/hosts/kameramann/default.nix b/hosts/kameramann/default.nix index b76d20b..498fb5b 100644 --- a/hosts/kameramann/default.nix +++ b/hosts/kameramann/default.nix @@ -2,6 +2,7 @@ imports = [ ./hardware.nix ./disko.nix + ./nvr.nix ]; networking.hostName = "kameramann"; diff --git a/hosts/kameramann/nvr.nix b/hosts/kameramann/nvr.nix new file mode 100644 index 0000000..f9cfe06 --- /dev/null +++ b/hosts/kameramann/nvr.nix @@ -0,0 +1,59 @@ +{ config, ... }: { + age.secrets."camera-ulfried-url".file = ../../secrets/camera-ulfried-url.age; + age.secrets."camera-ulfried-sub-url".file = ../../secrets/camera-ulfried-sub-url.age; + age.secrets."camera-gnisbert-url".file = ../../secrets/camera-gnisbert-url.age; + age.secrets."camera-gnisbert-sub-url".file = ../../secrets/camera-gnisbert-sub-url.age; + age.secrets."camera-taubis-url".file = ../../secrets/camera-taubis-url.age; + age.secrets."camera-taubis-sub-url".file = ../../secrets/camera-taubis-sub-url.age; + age.secrets."camera-foeff-url".file = ../../secrets/camera-foeff-url.age; + age.secrets."camera-foeff-sub-url".file = ../../secrets/camera-foeff-sub-url.age; + + systemd.services.go2rtc.serviceConfig.LoadCredential = [ + "ULFRIED_URL:${config.age.secrets."camera-ulfried-url".path}" + "ULFRIED_SUB_URL:${config.age.secrets."camera-ulfried-sub-url".path}" + "GNISBERT_URL:${config.age.secrets."camera-gnisbert-url".path}" + "GNISBERT_SUB_URL:${config.age.secrets."camera-gnisbert-sub-url".path}" + "TAUBIS_URL:${config.age.secrets."camera-taubis-url".path}" + "TAUBIS_SUB_URL:${config.age.secrets."camera-taubis-sub-url".path}" + "FOEFF_URL:${config.age.secrets."camera-foeff-url".path}" + "FOEFF_SUB_URL:${config.age.secrets."camera-foeff-sub-url".path}" + ]; + + services.go2rtc.enable = true; + services.go2rtc.settings.streams = { + "ulfried" = [ + "\${ULFRIED_URL}" + "ffmpeg:ulfried#audio=opus#audio=aac" + ]; + "ulfried_sub" = [ + "\${ULFRIED_SUB_URL}" + "ffmpeg:ulfried_sub#audio=opus#audio=aac" + ]; + "gnisbert" = [ + "\${GNISBERT_URL}" + "ffmpeg:gnisbert#audio=opus#audio=aac" + ]; + "gnisbert_sub" = [ + "\${GNISBERT_SUB_URL}" + "ffmpeg:gnisbert_sub#audio=opus#audio=aac" + ]; + "taubis" = [ + "\${TAUBIS_URL}" + "ffmpeg:taubis#audio=opus#audio=aac" + ]; + "taubis_sub" = [ + "\${TAUBIS_SUB_URL}" + "ffmpeg:taubis_sub#audio=opus#audio=aac" + ]; + "foeff" = [ + "\${FOEFF_URL}" + "ffmpeg:foeff#audio=opus#audio=aac#video=copy" + ]; + "foeff_sub" = [ + "\${FOEFF_SUB_URL}" + "ffmpeg:foeff_sub#audio=opus#audio=aac#video=copy" + ]; + }; + + networking.firewall.allowedTCPPorts = [ 1984 ]; +} diff --git a/secrets/camera-foeff-sub-url.age b/secrets/camera-foeff-sub-url.age new file mode 100644 index 0000000..af3f865 --- /dev/null +++ b/secrets/camera-foeff-sub-url.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 hC2TMg K23laRBk9Jvf6Uo9ofAk2gCPp7EppKPVnomDWE+mJ2s +Z6r7vtDMPx0hSXxqOwQHwHeQzE/97hhy+KPBRUmkloQ +-> ssh-ed25519 psfYGg 5jNbtluxAGBo2H2k2zoRUjbtAxvDvtm8i9UNNTNAuB8 +d2z/qob65J5AVhxDt35fn05+pkeNHDrIEfzCV8uGvwA +--- EOpZwlsfsISDz9J/4735DF21LMMiLmIc4sE7F3wAlHI +^{eNި,3e):]@"7O 3j#Yqi YQ) k^;<}6dC$fqPy_V:3 \ No newline at end of file diff --git a/secrets/camera-foeff-url.age b/secrets/camera-foeff-url.age new file mode 100644 index 0000000..afaab92 --- /dev/null +++ b/secrets/camera-foeff-url.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 hC2TMg n5JXFq/7d/DT+p4XcVPKpS/2XjQ9RDUksoS4acLX5HI +UJKvHyLgHK5NI3sLgI+heOawX65k07NKu7O1swoZfqQ +-> ssh-ed25519 psfYGg +swqzZLEZtQtkle5HMNt0PVNmcE+7/Z55yJiH4YnzCU +09hd9YSNA1t9sDrH1fF37HeUKZqJJMElMAwuA3CiwHU +--- gb+X79T9kKZo4OHahfyiGHuAE9o2hEZHTn6tB98v8Hs +ZNHIds3mE)Jy]%:JF,UMIaRQb`ţac+frjݖ,=i \ No newline at end of file diff --git a/secrets/camera-gnisbert-sub-url.age b/secrets/camera-gnisbert-sub-url.age new file mode 100644 index 0000000000000000000000000000000000000000..844e34a108026224706171f6afe454e72ceb7c7e GIT binary patch literal 387 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7a5f6@O;<3;a@Ni% zD38c>&e6|`s)$Ta4oE3U%Qj5Q2~T%V56Sb6s>-bl4$I5U$>z%Tt_mv4a5UGi%*xD+ zGOzHDO1I1kbxf}`^)HJ|3#~K_$V|^lD=0DW%tp7Zpg1kkJzc?6yTs4OzaYIV#l+OR zqAbs|B*!^1$RH!zz|gnY(y27k-M`8>$~V!gJe{j3H$T9|DAd5EpfJR}EFdkrEGavu zDBnZ7I5{IRG27E3JIS{!H^s6v!;wo@S687pB{AEw(9zw|!YeA+FvKZ4EHyjR*E1^F zATrp`-PI{6vM@V1%FiO)D4FZnq3d&RzkK#VFh4!x?vq>fTME8S)QOLocA<*#^o8m@ z)1O(-(5Xw!Q#|ywNp`M_%G}reO)vhe>dM&jMd0)QI|shZ=HK?LvNlC3)3fTs(;f?l W+iMwS-sKYb#>-^Ru&d`~_$&Y*B9^lN literal 0 HcmV?d00001 diff --git a/secrets/camera-gnisbert-url.age b/secrets/camera-gnisbert-url.age new file mode 100644 index 0000000..7cca8a1 --- /dev/null +++ b/secrets/camera-gnisbert-url.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 hC2TMg h329e0tkuyIHY1qDoj+bL6Bb1rXQ/xfIzIdMZ1QwSlI +twGdpKH4ZbOtvBSE6VmhYgBd77ALBoaubHQFPq2/MIQ +-> ssh-ed25519 psfYGg +U9wzhqrx7eoIrYU3gdQE4Cj+cjwmgiI+SyoDnB6ZVc +Y03vO9kY8tBT/ijFL1R7xICkF2a0OwYnrQu5R8xpPMw +--- b+Ans7uEkZZoigbu3h9tW+lH9qpLAfrtnjUHq/GfeiI +ĚuNcB:ٌg\yzsXjnCRHV5 cvr]؟No Ev^uL8ȕG(lo + \ No newline at end of file diff --git a/secrets/camera-taubis-sub-url.age b/secrets/camera-taubis-sub-url.age new file mode 100644 index 0000000000000000000000000000000000000000..9d46150e6e5fcee3f48fcc3c687082dbe22eb6b6 GIT binary patch literal 399 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7a5f6@O;?D>a51P1 zOAAaa@JPvV@~reLH7F@`%yxGPO>!>xwDb)sP7Lv|Ft;qoE#?ZVN_0-kukugQcF9XB z4bAs-%m~tUO%Dw=G7EDwF37hCF!wjm_b7LdFhRGipg1kkJzXKVGS|c?Fe1goG$5+T z*U>k?!>h#0F(o6%+cME9!mqg4IW3?dEyFL(DW5CIr^3nGG%~TI)V(arRKF_4!#F3& zz&SWQDKj9n+{L({+%Z42G|JMv#FtA~S69KQ#4WSjRX?Z7CD$Y}J>Rg>G&D82(yPSG z$2-Tr#K7Iy-^kFyEl)q!-GZx!HPP4lmz_#;_qlw{_w9?#*II6w_VIR@X~Ltm7oGi> z8Rk5SN)TMV-`0im*19Nb{qmMSx0bA1*YWt`+k`W&4WT9XDpXw<_@^aZogmsZwXMlq hm%Sp*=I=H}!3=ft*s^<-`_`>zP*wckA5?iK4*!bEi=hVj3^B9OZ3WdwlL2!Ni}jx%=7il3^yvzOXkWA2rhE+^2o2MEYSCI z&P*!>njBsd;N<0RY8K+|TIgI>T9Brl7-i|@iEdj#aayE%x`I)tX_~fyfqtrUnoDtH zadJ?2h2Tr zV_1Rq$b9k)xNS$%NuPCo$p)S4iN5W{co7Xx;snGP9go@ z0p5L63_TC%>z;BrKUH(~uYIMQxARl3XsW5WEmvbVo^$8|!}WkVHOCnt>BsIF<;UDQ c_ioB_PUXuUDaqjX-01#q}p#T5? literal 0 HcmV?d00001 diff --git a/secrets/camera-ulfried-sub-url.age b/secrets/camera-ulfried-sub-url.age new file mode 100644 index 0000000..bd4040d --- /dev/null +++ b/secrets/camera-ulfried-sub-url.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 hC2TMg hQ9We+2gIJfdmnP5iTiQVt0Lz5tXJpjgQnyI5eEnHGY +rffB6DKI01Rwc4WchxN8uSYofaiWufAy6OLXwaeAdCk +-> ssh-ed25519 psfYGg 6TJ5VeXmU/W7LuIS+6ud/V0LpiUm+xwQJppQSHX+NnM +8p+BkvGGIcXe8jytEcr8+rfE1r9I/gg9Kur8yRYssRk +--- m1eFeYo8bI107h4muwA4TgHaLrdNiuw2YpKOuyU8wNs +C4v8a߫[@5\\i!Gղ +-I;uBti d0>ul,w:J +D~B~ \ No newline at end of file diff --git a/secrets/camera-ulfried-url.age b/secrets/camera-ulfried-url.age new file mode 100644 index 0000000..215d95b --- /dev/null +++ b/secrets/camera-ulfried-url.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 hC2TMg kiwLTnSCnEbIWlw2j1SZ7aAQsqFipJDqJCBCyHT5p1g +eI3p6oADMssBAIndqjmSXbeJROtBHETfF8W3IvFRg/c +-> ssh-ed25519 psfYGg B7cdkEzmyrkeM7cTnoC8SjTaV1pWuAXOXiGYSJH9gxI +kFeERXxWDyOjhN+jNGOXWy3m6WY+S5+s20hzgrF5qkI +--- FPWKykTSfx4XH7tsnhREG0HC9NcgCXJjt77TQ3Sdxk0 +Q- y6M]|Ip2_wB|yi/uzwWfDkY8602:B7eAFA +)9 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b468ad3..48a704c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,4 +17,12 @@ in "voip-trunk-ewe3-username.age".publicKeys = users ++ [ telefonmann ]; "voip-trunk-ewe3-password.age".publicKeys = users ++ [ telefonmann ]; "voip-trunk-ewe3-callerid.age".publicKeys = users ++ [ telefonmann ]; + "camera-ulfried-url.age".publicKeys = users ++ [ kameramann ]; + "camera-ulfried-sub-url.age".publicKeys = users ++ [ kameramann ]; + "camera-gnisbert-url.age".publicKeys = users ++ [ kameramann ]; + "camera-gnisbert-sub-url.age".publicKeys = users ++ [ kameramann ]; + "camera-taubis-url.age".publicKeys = users ++ [ kameramann ]; + "camera-taubis-sub-url.age".publicKeys = users ++ [ kameramann ]; + "camera-foeff-url.age".publicKeys = users ++ [ kameramann ]; + "camera-foeff-sub-url.age".publicKeys = users ++ [ kameramann ]; }