From ef4e769ed2919aa9ac3a11185182c503fb069d60 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 3 Oct 2020 11:25:52 -0500 Subject: [PATCH] motioneye: Deploy motionEye camera software The *motioneye* role installs motionEye on a Fedora machine using `pip`. It configures Apache to proxy for motionEye for outside (HTTPS) access. The official installation instructions and default configuration for motionEye assume it will be running as root. There is, however, no specific reason for this, as it works just fine as an unprivileged user. The only minor surprise is that the `conf_path` configuration setting must be writable, as this is where motionEye places generated configuration for `motion`. This path does not, however, have to include the `motioneye.conf` file itself, which can still be read-only. --- hosts | 2 + motioneye.yml | 5 + roles/motioneye/files/motioneye.service | 10 ++ roles/motioneye/files/motioneye.tmpfiles.conf | 1 + roles/motioneye/handlers/main.yml | 10 ++ roles/motioneye/tasks/main.yml | 110 ++++++++++++++++++ roles/motioneye/templates/motioneye.conf.j2 | 98 ++++++++++++++++ .../templates/motioneye.httpd.conf.j2 | 13 +++ roles/motioneye/vars/main.yml | 9 ++ 9 files changed, 258 insertions(+) create mode 100644 motioneye.yml create mode 100644 roles/motioneye/files/motioneye.service create mode 100644 roles/motioneye/files/motioneye.tmpfiles.conf create mode 100644 roles/motioneye/handlers/main.yml create mode 100644 roles/motioneye/tasks/main.yml create mode 100644 roles/motioneye/templates/motioneye.conf.j2 create mode 100644 roles/motioneye/templates/motioneye.httpd.conf.j2 create mode 100644 roles/motioneye/vars/main.yml diff --git a/hosts b/hosts index aae1ac7..e2b8828 100644 --- a/hosts +++ b/hosts @@ -68,6 +68,8 @@ koji0.pyrocufflink.blue [koji-web] koji0.pyrocufflink.blue +[motioneye] + [named-server:children] pyrocufflink-dns diff --git a/motioneye.yml b/motioneye.yml new file mode 100644 index 0000000..f4cf124 --- /dev/null +++ b/motioneye.yml @@ -0,0 +1,5 @@ +- hosts: motioneye + roles: + - role: apache + tags: apache + - motioneye diff --git a/roles/motioneye/files/motioneye.service b/roles/motioneye/files/motioneye.service new file mode 100644 index 0000000..6740873 --- /dev/null +++ b/roles/motioneye/files/motioneye.service @@ -0,0 +1,10 @@ +[Unit] +Description=motionEye Server + +[Service] +User=motioneye +ExecStart=/usr/bin/meyectl startserver -c /etc/motioneye.conf +Restart=on-abort + +[Install] +WantedBy=multi-user.target diff --git a/roles/motioneye/files/motioneye.tmpfiles.conf b/roles/motioneye/files/motioneye.tmpfiles.conf new file mode 100644 index 0000000..559552a --- /dev/null +++ b/roles/motioneye/files/motioneye.tmpfiles.conf @@ -0,0 +1 @@ +d /run/motioneye 0755 motioneye motioneye - diff --git a/roles/motioneye/handlers/main.yml b/roles/motioneye/handlers/main.yml new file mode 100644 index 0000000..0fe0e1c --- /dev/null +++ b/roles/motioneye/handlers/main.yml @@ -0,0 +1,10 @@ +- name: process tmpfiles + command: systemd-tmpfiles --create + +- name: reload systemd + command: systemctl daemon-reload + +- name: restart motioneye + service: + name: motioneye + state: restarted diff --git a/roles/motioneye/tasks/main.yml b/roles/motioneye/tasks/main.yml new file mode 100644 index 0000000..eb192b3 --- /dev/null +++ b/roles/motioneye/tasks/main.yml @@ -0,0 +1,110 @@ +- name: ensure rpmfusion repo is available + dnf: + name: >- + https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_version }}.noarch.rpm + state: present + tags: install + +- name: ensure motion is installed + package: + name: '{{ motion_packages }}' + state: present + tags: install +- name: ensure motioneye dependencies are installed + package: + name: '{{ motioneye_packages }}' + state: present + tags: install +- name: ensure motioneye is installed + pip: + name: motioneye + executable: /usr/bin/pip2 + state: present + tags: + - install + - pip + +- name: ensure motioneye user exists + user: + name: motioneye + system: true + shell: /sbin/nologin + state: present + tags: + - user + +- name: ensure motioneye media directory exists + file: + path: /var/lib/motioneye + owner: motioneye + group: motioneye + mode: '0755' + state: directory +- name: ensure motioneye configuration directory exists + file: + path: /var/lib/motioneye/conf + owner: motioneye + group: motioneye + mode: '0755' + state: directory +- name: ensure motioneye log directory exists + file: + path: /var/log/motioneye + owner: motioneye + group: motioneye + mode: '0755' + state: directory + +- name: ensure motioneye is configured + template: + src: motioneye.conf.j2 + dest: /etc/motioneye.conf + mode: '0644' + +- name: ensure tmpfiles.d directory exists + file: + path: /etc/tmpfiles.d + mode: '0755' + state: directory +- name: ensure motioneye tmpfiles are configured + copy: + src: motioneye.tmpfiles.conf + dest: /etc/tmpfiles.d/motioneye.conf + notify: process tmpfiles + +- name: ensure motioneye systemd unit is installed + copy: + src: motioneye.service + dest: /etc/systemd/system/motioneye.service + mode: '0644' + notify: + - reload systemd + - restart motioneye + tags: systemd +- name: ensure motioneye service is enabled + service: + name: motioneye + enabled: true +- meta: flush_handlers +- name: ensure motioneye service is running + service: + name: motioneye + state: started + +- name: ensure apache is allowed to proxy for motioneye + seboolean: + name: httpd_can_network_connect + persistent: true + state: true + tags: + - apache + - selinux +- name: ensure apache is configured to proxy for motioneye + template: + src: motioneye.httpd.conf.j2 + dest: /etc/httpd/conf.d/motioneye.conf + mode: '0644' + notify: reload httpd + tags: + - apache + - apache-config diff --git a/roles/motioneye/templates/motioneye.conf.j2 b/roles/motioneye/templates/motioneye.conf.j2 new file mode 100644 index 0000000..d1f2313 --- /dev/null +++ b/roles/motioneye/templates/motioneye.conf.j2 @@ -0,0 +1,98 @@ + +# path to the configuration directory (must be writable by motionEye) +conf_path /var/lib/motioneye/conf + +# path to the directory where pid files go (must be writable by motionEye) +run_path /var/run/motioneye + +# path to the directory where log files go (must be writable by motionEye) +log_path /var/log/motioneye + +# default output path for media files (must be writable by motionEye) +media_path /var/lib/motioneye + +# the log level (use quiet, error, warning, info or debug) +log_level info + +# the IP address to listen on +# (0.0.0.0 for all interfaces, 127.0.0.1 for localhost) +listen 0.0.0.0 + +# the TCP port to listen on +port 8765 + +# path to the motion binary to use (automatically detected if commented) +#motion_binary /usr/bin/motion + +# whether motion HTTP control interface listens on +# localhost or on all interfaces +motion_control_localhost true + +# the TCP port that motion HTTP control interface listens on +motion_control_port 7999 + +# interval in seconds at which motionEye checks if motion is running +motion_check_interval 10 + +# whether to restart the motion daemon when an error occurs while communicating with it +motion_restart_on_errors false + +# interval in seconds at which motionEye checks the SMB mounts +mount_check_interval 300 + +# interval in seconds at which the janitor is called +# to remove old pictures and movies +cleanup_interval 43200 + +# timeout in seconds to wait for response from a remote motionEye server +remote_request_timeout 10 + +# timeout in seconds to wait for mjpg data from the motion daemon +mjpg_client_timeout 10 + +# timeout in seconds after which an idle mjpg client is removed +# (set to 0 to disable) +mjpg_client_idle_timeout 10 + +# enable SMB shares (requires motionEye to run as root) +smb_shares false + +# the directory where the SMB mount points will be created +smb_mount_root /media + +# path to the wpa_supplicant.conf file +# (enable this to configure wifi settings from the UI) +#wpa_supplicant_conf /etc/wpa_supplicant.conf + +# path to the localtime file +# (enable this to configure the system time zone from the UI) +#local_time_file /etc/localtime + +# enables shutdown and rebooting after changing system settings +# (such as wifi settings or time zone) +enable_reboot false + +# timeout in seconds to use when talking to the SMTP server +smtp_timeout 60 + +# timeout in seconds to wait for media files list +list_media_timeout 120 + +# timeout in seconds to wait for media files list, when sending emails +list_media_timeout_email 10 + +# timeout in seconds to wait for zip file creation +zip_timeout 500 + +# timeout in seconds to wait for timelapse creation +timelapse_timeout 500 + +# enable adding and removing cameras from UI +add_remove_cameras true + +# enables HTTP basic authentication scheme (in addition to, not instead of the signature mechanism) +http_basic_auth false + +# overrides the hostname (useful if motionEye runs behind a reverse proxy) +# server_name motionEye + diff --git a/roles/motioneye/templates/motioneye.httpd.conf.j2 b/roles/motioneye/templates/motioneye.httpd.conf.j2 new file mode 100644 index 0000000..fa3f219 --- /dev/null +++ b/roles/motioneye/templates/motioneye.httpd.conf.j2 @@ -0,0 +1,13 @@ +# vim: set ft=apache : + +RewriteEngine On +RewriteCond %{HTTPS} !on +RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L] + +ProxyRequests Off +ProxyPass / http://localhost:8765/ nocanon +ProxyPassReverse / http://localhost:8657/ + + + Require all granted + diff --git a/roles/motioneye/vars/main.yml b/roles/motioneye/vars/main.yml new file mode 100644 index 0000000..5e814c8 --- /dev/null +++ b/roles/motioneye/vars/main.yml @@ -0,0 +1,9 @@ +motion_packages: +- motion +- ffmpeg +# XXX - v4l-utils + +motioneye_packages: +- python2 +- python2-pycurl +- python2-pillow