infra
/
cfg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wip: app/frigate: Deploy Caddy 

Running Caddy in front of Frigate to provide HTTPS and authentication.
master
Dustin 2024-04-05 21:08:39 -05:00
parent ee66e9ea18
commit 41251a52cd
5 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/frigate/schema/schema.cue
View File

@ -4,6 +4,17 @@ package schema
env?: [string]: string env?: [string]: string
config: #FrigateConfig config: #FrigateConfig
caddy: {
server_name: string
forward_auth: {
url: string
path: string | *"/api/verify"
}
acme: {
email: string
}
}
} }
#FrigateConfig: { #FrigateConfig: {

11
app/frigate/templates.cue
View File

@ -2,6 +2,8 @@ package frigate
import "du5t1n.me/cfg/base/schema/instructions" import "du5t1n.me/cfg/base/schema/instructions"
import "du5t1n.me/cfg/app/caddy"
templates: [...instructions.#RenderInstruction] & [ templates: [...instructions.#RenderInstruction] & [
{ {
template: "frigate/frigate.sysusers" template: "frigate/frigate.sysusers"
@ -65,4 +67,11 @@ templates: [...instructions.#RenderInstruction] & [
] ]
} }
}, },
] {
template: "frigate/Caddyfile"
dest: "/etc/caddy/Caddyfile"
hooks: {
changed: [{run: "systemctl restart caddy"}]
}
},
]+caddy.templates

11
env/prod/frigate.cue vendored
View File

@ -274,11 +274,22 @@ _frigate: config: cameras: {
} }
} }
_frigate: caddy: {
server_name: "frigate.pyrocufflink.blue"
forward_auth: {
url: "https://auth.pyrocufflink.blue"
}
acme: {
email: "frigate@pyrocufflink.blue"
}
}
let Marshal = yaml.Marshal let Marshal = yaml.Marshal
frigate: { frigate: {
env: _frigate.env env: _frigate.env
config: _frigate.config config: _frigate.config
caddy: _frigate.caddy
yaml: Marshal(config) yaml: Marshal(config)
} }

2
host/nvr2.pyrocufflink.blue.cue
View File

@ -17,3 +17,5 @@ nut: monitor: prod.#nut_monitor & {
} }
frigate: prod.frigate frigate: prod.frigate
caddy: prod.caddy

20
templates/frigate/Caddyfile Normal file
View File

@ -0,0 +1,20 @@
{# vim: set ft=jinja : -#}
{{ frigate.caddy.server_name }} {
forward_auth {{ frigate.caddy.forward_auth.url }} {
uri {{ frigate.caddy.forward_auth.path }}
header_up Host {upstream_hostport}
@unauthorized status 401
handle_response @unauthorized {
respond "" 302
header Location {{ frigate.caddy.forward_auth.url }}?rd=https://{{ frigate.caddy.server_name }}
}
}
reverse_proxy localhost:5000
tls {{ frigate.caddy.acme.email }} {
ca {{ caddy.acme.url }}
ca_root /etc/caddy/acme-ca.crt
}
}