From b7ba6a59ab1958f77dc634ace46700bf5c672829 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 21 Aug 2021 17:20:19 -0500 Subject: [PATCH] hosts: Add nvr0.p.b *nvr0.pyrocufflink.blue* hosts Frigate. It is deployed on a separate subnet, for two reasons: * To avoid streaming video from the cameras through the firewall * To prevent any hosts on the LAN except Home Assistant from communicating with Frigate, since it does not have any kind of authentication or access control --- group_vars/frigate/main.yml | 72 ++++++++++++++++++++++++ group_vars/frigate/secrets | 18 ++++++ host_vars/nvr0.pyrocufflink.blue.yml | 2 + hosts | 2 + roles/ssh-hostkeys/files/ssh_known_hosts | 3 + 5 files changed, 97 insertions(+) create mode 100644 group_vars/frigate/main.yml create mode 100644 group_vars/frigate/secrets create mode 100644 host_vars/nvr0.pyrocufflink.blue.yml diff --git a/group_vars/frigate/main.yml b/group_vars/frigate/main.yml new file mode 100644 index 0000000..1a112af --- /dev/null +++ b/group_vars/frigate/main.yml @@ -0,0 +1,72 @@ +frigate_mqtt: + host: localhost + port: 1883 + user: frigate + password: >- + {{ vault_frigate_mqtt_password }} +frigate_cameras: + front_porch: + ffmpeg: + inputs: + - path: rtsp://frigate:{{ vault_frigate_password_front_porch }}@172.30.0.211/cam/realmonitor?channel=1&subtype=1 + roles: + - detect + - path: rtsp://frigate:{{ vault_frigate_password_front_porch }}@172.30.0.211/cam/realmonitor?channel=1&subtype=0 + roles: + - clips + - rtmp + height: 640 + width: 480 + objects: + track: + - person + - cat + - dog + - bird + - car + motion: + mask: + - 480,0,0,0,0,166,38,180,132,161,228,159,335,174,407,196,480,222 + zones: + driveway_zone: + coordinates: 41,248,352,207,417,236,212,265,51,299 + walkway_zone: + coordinates: 251,640,124,640,42,293,247,260,403,235,480,274,480,457,341,566,365,592 + clips: + enabled: true + required_zones: + - driveway_zone + - walkway_zone + rtmp: + enabled: true + snapshots: + enabled: true + retain: + default: 365 + back_yard: + ffmpeg: + inputs: + - path: rtsp://frigate:{{ vault_frigate_password_back_yard }}@172.30.0.212/cam/realmonitor?channel=1&subtype=1 + roles: + - detect + - path: rtsp://frigate:{{ vault_frigate_password_back_yard }}@172.30.0.212/cam/realmonitor?channel=1&subtype=0 + roles: + - clips + #- rtmp + height: 480 + width: 640 + objects: + track: + - person + - cat + - dog + - bird + clips: + enabled: true + rtmp: + enabled: false + snapshots: + enabled: true + retain: + default: 365 +frigate_shm_size: 100 diff --git a/group_vars/frigate/secrets b/group_vars/frigate/secrets new file mode 100644 index 0000000..5f39cf0 --- /dev/null +++ b/group_vars/frigate/secrets @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +32386564323732623161383239343362373935306262333833656363633935643238633665636365 +3466373139333839353464643663626432313463313863350a366539366262353934643039383666 +64343464303239643063303831383138626234393933636639316335666437373764646632393165 +3731363332393861610a616561346163363366326433353832616363343532373362333739386663 +37666631313830623338626664636337613364316635666537346338373035376432336333653665 +32383436393738306262333033633365363332643035383164613266346461653838396236356165 +37376231646564333539316661356561386532323131333162613635363763356631646236646564 +64633837613133626237333363326531353034616136353232346239383138343936646137316531 +64356565653335613763663835343338653231383835663637373465646566666238636366653630 +39313636323862653235363162656131613266653136643733666332646263613064306439303635 +61323332343839666366623239356163633939373861326461366163303431316266396136613931 +63656666643863663838356265333038623237303065326136356332636536666531326365393465 +37323134613066376331383637313931663564353839633232353863363439653565656265336236 +38653266623966646266303566643663616536623830643137373831343063363037356339613163 +31376630633539666632646665313338323361303935346637353462356531626435343766326132 +64633762313062353639383336383936373130396230653832353930373632306363396237383032 +3035 diff --git a/host_vars/nvr0.pyrocufflink.blue.yml b/host_vars/nvr0.pyrocufflink.blue.yml new file mode 100644 index 0000000..0e80f09 --- /dev/null +++ b/host_vars/nvr0.pyrocufflink.blue.yml @@ -0,0 +1,2 @@ +collectd_network_servers: +- stats0.pyrocufflink.blue diff --git a/hosts b/hosts index 2810bc2..c480469 100644 --- a/hosts +++ b/hosts @@ -42,6 +42,7 @@ bitwarden_rs file0.pyrocufflink.blue [frigate] +nvr0.pyrocufflink.blue [gitea] git0.pyrocufflink.blue @@ -106,6 +107,7 @@ jenkins0.pyrocufflink.blue logs0.pyrocufflink.blue matrix0.pyrocufflink.blue motion0.pyrocufflink.blue +nvr0.pyrocufflink.blue smtp1.pyrocufflink.blue stats0.pyrocufflink.blue vpn0.pyrocufflink.blue diff --git a/roles/ssh-hostkeys/files/ssh_known_hosts b/roles/ssh-hostkeys/files/ssh_known_hosts index a815644..c84afd0 100644 --- a/roles/ssh-hostkeys/files/ssh_known_hosts +++ b/roles/ssh-hostkeys/files/ssh_known_hosts @@ -70,6 +70,9 @@ matrix0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDygGMJH2ke6RQlyt motion0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHhqW6JACT+jLFxoZxPHH2bYYVGpoxdzVNQv9zNWQxKIX4ScG+f4PXWdae7s+7lkceYVWJDRfTBN+lHxxUNPRI0= motion0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJiEe7HZmVnndPg6rxTpaD6BtgwK6Fa7QeLO2mGJK3bY motion0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1hBM8eiUiNQGNPbgl/2V26xTVbvEM8I8VU1JzWfs3uESgBLF8J387jdqwlTL8XyZtR9J/MqXl3rM8e04dy6ZM3Kyp57VrRpBc6AEs3Dl/Y8NsFHW3E0oIfiVyNYBnsiNv8dZsVLrDaMirZdyMIpY5B3gWLcVgfHl+uzIzl/LabPYs5p3OkxFOoPG+zhUmlPE8g0Dw/WV7wT4lodhmHx24f3yyzXBXgP/XUB9CSXwlGOnjzv+SfxqFg8G2s1bEcfMLpPuXO9a0ltq4vPu4Y5oFX9vc2nN20S594O4kBWG1D+nIvnZN6zfxs/ivrHEtzAJLRTSX5zxloCNSYX0f+X4/KnaqaaZylVzFSX/riZKVrzc5TdhjOuqFwJo5yqsefWh1MkLVxjGf10ww2FBseXLakKmvLH2oooMYNCs5FdrftGrkYQh5Czj4e8UUnSttxzGNRYwrnxcQNmL9YFdmsS10ck9zGzCg/ZJrNqkGrQhZ94U/vRreiZCM2fHVQRSaku0= +nvr0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM3oCuxPRlvzcv9W54h+w6ff+UemoEDeVvXHRpDuAKU1467psZ2JleHPMMx4RffaAswmneIMYK756pR5i3S3Zdc= +nvr0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7wRCZq1auppZJBU5xtIjbG93Gsqvuvk4/7dzj86qKK +nvr0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDD7TPR55x0kN+jn1SJG18ryMV9C8DdSmUXszupQb/90YP43CS7/p7Ie4jRAFy1iTEUgKsIy0Ir9i7zDliMv6taVSP93+SPQSlej0YUjkGMcfL9y6T06lwGdlyXak5mdKrSMo0ACbd4hPs8NcMKlm9p3imI9WOWCG7wHHFfm/mh7QG589EK+cv2l4uwcjQnuQeJuOkmWGVXVrhu79FlPI6a/sbiOPeC0xXw7yE2D2WN8LYiGZxKHY/3gQNsJczZy97Mn0Yh2oyK+4eHRDUNbFtlQWx6vYwfe0xyKpKBvxNSI3l8c+lg6InVFo9X8EXXUYdol7udphw75+XIE1ALp7ClumZMCMTgr3JowUCPJcRC6MixvgQ1pzZ9p/4q92Rmd+UtfzvAt1fIm6QS7maMrCjynwZx5jz1mij2QFRprm1TCf4Hx1xYkzWqMHNgAv/VEV96opb0ford5tHLSqJWDaB4OGUcaSXxdkQHpqmDhfpxe+iOF2LmQt42LavGqpkqFl8= proxy0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJYHAPVZ/doCszO1GL6nMTvdJO5ASv38eyRUIwhxhIhJJgbkFI5bbGdg9Kr10u0wWU5jEjhNiT4fg6QFFZAOLVM= proxy0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICfsGYZVyo0LHLYiXt28FGmcRSA9RGWG63+xPzIrdFDI proxy0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNv1c4zTK1ccZr/P7CSMJCryGqoDwehGRPQLJOj07WA5lEPUWtpLRYxFUv7WrMkgIbphjiaOmZdC48tOoPUo4h89qWc8Qkv0NBbFqYsfpYSZGwuTCdR0mYB5c3D+O2E4kA80iw/Ba6mQZGOkmQ1W55tB0VC0w+zf2Z+4bsbHqn7/fYcYyyzNPRtl5etwrQ0XtVjOPdphv6fEypPbZMgpHhHlH24rLfs8lEnQNzU6eGuBoeSG2TQmC3cqp2zOH04s5XPbHgBVCJpTBwfWfKLN4t52YfI7WBpBpjzbhfeX13/9Ji3lY2HfMCq3jYQgoEVVTlg044vMM3azpFMAMjT9+R