nixos-config/config/domain-config/sea.fudo.org.nix

{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  hostSecrets = config.fudo.secrets.host-secrets."${hostname}";

  domainName = "sea.fudo.org";

  frigateExternalHost = "sea-cam.fudo.link";
  frigateHost = "zbox";
  frigateDirectory = frigateCfg.state-directory;
  frigateMqttPassword =
    pkgs.lib.passwd.stablerandom-passwd-file "frigate-mqtt-passwd"
    config.instance.build-seed;

  immichHost = "toothless";

in {
  imports = [ ./sea.fudo.org/8bitdo.nix ];

  config = {
    fudo = {
      services = {
        metrics = {
          private-network = true;
          grafana.oauth = {
            hostname = "authentik.fudo.org";
            client-id =
              config.fudo.secrets.files.domain-secrets."fudo.org"."grafana-oid-client-id";
            client-secret =
              config.fudo.secrets.files.domain-secrets."fudo.org"."grafana-oid-client-secret";
            slug = "grafana-metrics";
          };
        };

        mqtt.private.users.frigate = {
          password-file = frigateMqttPassword;
          acl = [ "frigate/#" ];
        };
      };
      zones."sea.fudo.org".aliases = {
        chat = "nostromo";
        frigate = "zbox";
        immich = immichHost;
      };
    };

    services = {
      immichContainer = mkIf (hostname == immichHost) {
        enable = true;
        images = let immichVersion = "v1.94.1";
        in {
          immich = "ghcr.io/immich-app/immich-server:${immichVersion}";
          immich-ml =
            "ghcr.io/immich-app/immich-machine-learning:${immichVersion}";
          redis = "redis:6.2-alpine";
          postgresql = "tensorchord/pgvecto-rs:pg14-v0.1.11";
        };
      };

      nginx = mkIf (hostname == immichHost) {
        enable = true;
        recommendedOptimisation = true;
        recommendedGzipSettings = true;
        recommendedProxySettings = true;
        virtualHosts."immich.${domainName}".locations."/" = {
          proxyPass = "http://${immichHost}.${domainName}:${
              toString config.services.immichContainer.port
            }/";
          recommendedProxySettings = true;
        };
      };

      frigateContainer = mkIf (config.instance.hostname == frigateHost) {
        enable = true;
        log-level = "info";
        images.frigate = "ghcr.io/blakeblackshear/frigate:0.13.0-beta5";
        cameras =
          genAttrs [ "cam-steps" "cam-patio" "cam-entrance" "cam-driveway" ]
          (cam: {
            default = cam == "cam-driveway";
            streams = {
              low =
                "rtsp://frigate:{FRIGATE_RTSP_PASSWORD}@${cam}.sea.fudo.org:554/cam/realmonitor?channel=1&subtype=0";
              high =
                "rtsp://frigate:{FRIGATE_RTSP_PASSWORD}@${cam}.sea.fudo.org:554/cam/realmonitor?channel=1&subtype=0";
            };
          });
        camera-password-file =
          config.fudo.secrets.files.domain-secrets."sea.fudo.org".seattle-camera-password;
        mqtt = {
          host = config.fudo.services.mqtt.mqtt-hostname;
          port = config.fudo.services.mqtt.private.port;
          user = "frigate";
          password-file = frigateMqttPassword;
        };
      };
    };
  };
}