Frigate and ONVIF cameras

1

I am trying to setup the Frigate NVR service to work with some ONVIF cameras. I can get the basic service running, but it appears to be failing to load a python module needed for using the ONVIF stuff.

I get the following error when it tries:

Apr 10 17:10:10 frigate python3.11[461]: [2024-04-10 17:10:10] frigate.ptz.onvif              ERROR   : Onvif connection to kitchen failed: Unknown error: No such file: /nix/store/gd3shnza1i50zn8zs04fa729ribr88m9-python3-3.11.8/lib/python3.11/site-packages/wsdl/devicemgmt.wsdl

The path specified exists up to the site-packages directory, but there is no wsdl under it. I donā€™t understand enough about how python works in NixOS to try to debug why that path is wrongā€¦

Iā€™m running the frigate service in a nixos declarative container, because I want to isolate its listeners. The relevant bits of my config:

{ config, pkgs, lib, ... }:
with lib;

{
	containers.frigate = rec {
		autoStart					= true;
		privateNetwork				= true;
		hostAddress					= "192.168.1.1";
		localAddress				= "192.168.111.1/32";

		ephemeral					= true;
		bindMounts = {
			"/etc/resolv.conf" = {
				hostPath			= "/etc/resolv.conf";
				isReadOnly			= true;
			};  

			"/var/lib/frigate" = {
				hostPath			= "/var/lib/frigate";
				isReadOnly			= false;
			};

			"/var/log" = {
				hostPath			= "/var/log/frigate";
				isReadOnly			= false;
			};

			# TODO: Why does this fail if I use the variable?
			# "${config.age.secrets.foscam-password.path}" = {
			"/run/agenix/foscam-password" = {
				isReadOnly			= true;
			};
		};

		forwardPorts = [{
			containerPort			= 80;
			hostPort				= 8125;
			protocol				= "tcp";
		}];


		# Reference article for NixOS containers:
		#		https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html
		config = { config, pkgs, lib, ... }: {
			system.stateVersion		= "23.05";

			systemd.services.frigate.serviceConfig = {
				EnvironmentFile = "/run/agenix/foscam-password";
			};

			services.frigate = rec {
				enable				= true;

				# Frigate upstream itself sets up nginx with a reverse proxy, and
				# uses the hostname specified here.
				hostname			= "frigate";

				settings = {
					mqtt = {
						enabled		= true;
						host		= "${hostAddress}";
						port		= 1883;
					};

					cameras = rec {
						kitchen = {
							onvif = {
								host	= "kitchen-camera.minego.net";
								port	= 888;
								user	= "minego";
								password= "{FRIGATE_FOSCAM_PASS}";
							};
							ffmpeg.inputs = [{
								path	= "rtsp://minego:{FRIGATE_FOSCAM_PASS}@kitchen-camera.minego.net:88/videoSub";
								roles	= [ "detect" "record" ];
							}];
						};
					};
				};
			};

			networking = {
				firewall = {
					# Container ports
					allowedTCPPorts		= [ 80 ];
				};
			};
		};
	};

	networking.firewall = {
		# Host ports
		allowedTCPPorts				= [ 8125 ];
	};
}
2

Looks like weird assumptions hardcoded in frigate.

3

Oh, interesting. Thatā€™s a good catch! At the very least it gives me a bit of a starting point for poking around moreā€¦

4

I think we need to patch this path to check for the wsdl in the onvif packageā€™s site-packages dir, not within frigateā€™s.

Theyā€™re operating on the assumption that all packages are in the same site-packages dir, but weā€™re linking them together with PYTHONPATH.

5

Yeah, I think youā€™re right. I was just thinking I could probably make a local override to patch that file you found so that it references the path within that package.

But, assuming that works that that should probably be fixed in nixpkgsā€¦

6

PTAL

7

Wow, youā€™re fast! Thank you!

That looks like it should work to me. I will try it out in a bit here, and let you know how it goes!

8

I sent a more robust solution upstream.

9

That is awesome, thank you!

I just attempted to override the src for the frigate package with your branch in my nixOS config, but Iā€™m guessing that nixpkgs is expecting an older revision of frigate because it fails to apply some unrelated patchesā€¦

10

Iā€™m testing your nixpkgs branch now, but it seems that has triggered rebuilding the world, so it may take a bit.

11

With your nixpkgs branch it is working!

Iā€™d love to try your upstream patch instead, but it seems my nix fu isnā€™t strong enough to get that building right. If I find some time Iā€™ll try again though.

12

I took your more robust PR, exported it as a patch file and added just that to my nixos config, and rebuilt it. It built successfully, but I still get the error.

13

I think I must have messed something up with the patchā€¦ Iā€™m not sure what. Iā€™ll dig more.

14

I went ahead and backported my patch and merged the PR into master.

https://nixpk.gs/pr-tracker.html?pr=303731

15

Thank you! Thatā€™s wonderful!

16

Okay, I just did a local checkout of nixpkgs/nixos-unstable, cherry-picked your change, and it is working perfectly!

1 Like