{ config, lib, pkgs, ... }: with lib; let hostname = config.instance.hostname; hostSecrets = config.fudo.secrets.host-secrets."${hostname}"; domainName = "sea.fudo.org"; domainSecrets = config.fudo.secrets.files.domain-secrets."${domainName}"; frigateExternalHost = "sea-cam.fudo.link"; frigateHost = "zbox"; frigateDirectory = frigateCfg.state-directory; frigateMqttPassword = pkgs.lib.passwd.stablerandom-passwd-file "frigate-mqtt-passwd" config.instance.build-seed; immichHost = "cartus"; immichMlHost = "toothless"; immichVersion = "v1.105.1"; mabelHost = "zbox"; in { imports = [ ./sea.fudo.org/8bitdo.nix ]; config = { fudo = { services = { mabel = { enable = true; verbose = true; mabel-host = mabelHost; matrix = { domain = "fudo.im"; username = "mabel"; token-file = domainSecrets."mabel-matrix.token"; channel = "#thecitadel:fudo.im"; }; }; metrics = { private-network = true; grafana.oauth = { hostname = "authentik.fudo.org"; client-id = config.fudo.secrets.files.domain-secrets."fudo.org"."grafana-oid-client-id"; client-secret = config.fudo.secrets.files.domain-secrets."fudo.org"."grafana-oid-client-secret"; slug = "grafana-metrics"; }; }; mqtt.private.users.frigate = { password-file = frigateMqttPassword; acl = [ "frigate/#" ]; }; }; zones."${domainName}".aliases = { chat = "nostromo"; frigate = "zbox"; immich = immichHost; immich-ml = immichMlHost; }; }; services = { tailscale.enable = true; immichContainer = mkIf (hostname == immichHost) { enable = true; images = let pgVectoVersion = "v0.2.1"; in { immich = "ghcr.io/immich-app/immich-server:${immichVersion}"; redis = "redis:6.2-alpine"; postgresql = "tensorchord/pgvecto-rs:pg14-${pgVectoVersion}"; }; }; immichMlContainer = mkIf (hostname == immichMlHost) { enable = true; hostnames = [ "immich-ml.${domainName}" "immich-ml.fudo.ninja" ]; port = 3923; immich-version = immichVersion; }; nginx = { enable = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { "immich.${domainName}".locations."/" = mkIf (hostname == immichHost) { proxyPass = "http://127.0.0.1:${ toString config.services.immichContainer.port }/"; recommendedProxySettings = true; extraConfig = '' client_max_body_size 1024M; ''; }; "pics.fudo.ninja".locations."/" = mkIf (hostname == immichHost) { proxyPass = "http://127.0.0.1:${ toString config.services.immichContainer.port }/"; recommendedProxySettings = true; extraConfig = '' client_max_body_size 1024M; ''; }; }; }; frigateContainer = mkIf (config.instance.hostname == frigateHost) { enable = true; log-level = "info"; images.frigate = "ghcr.io/blakeblackshear/frigate:0.13.0-beta5"; cameras = genAttrs [ "cam-steps" "cam-patio" "cam-entrance" "cam-driveway" ] (cam: { default = cam == "cam-driveway"; streams = { low = "rtsp://frigate:{FRIGATE_RTSP_PASSWORD}@${cam}.${domainName}:554/cam/realmonitor?channel=1&subtype=0"; high = "rtsp://frigate:{FRIGATE_RTSP_PASSWORD}@${cam}.${domainName}:554/cam/realmonitor?channel=1&subtype=0"; }; }); camera-password-file = config.fudo.secrets.files.domain-secrets."${domainName}".seattle-camera-password; mqtt = { host = config.fudo.services.mqtt.mqtt-hostname; port = config.fudo.services.mqtt.private.port; user = "frigate"; password-file = frigateMqttPassword; }; }; }; }; }