My Home Assistant server is running Debian and Docker containers.
The server is an Intel NUC, Intel NUC 8 Mainstream Kit (NUC8i3BEH), with 8 GB of RAM and a 250 GB NVME drive.
All of my controllable devices are Z-Wave so I have an Aeotec Z-Stick Gen 5
While I am using Docker containers, I am running them using Podman. Since none of the containers share ports, all are setup to use host networking which means I do not have to explicitly expose ports.
My SystemD services are listed in their startup order. All of the containers are pointed to their latest version so I can attempt to stay as up to date as I can.
Each of the service files will attempt to download the latest container as part of a StartPre action.
I have a simple restart script to me keep things up to date.
I had to make sure the MQTT broker (server) on my Home Assistant server was listening on all interfaces. Because this network is on my private network, I do not have authentication or SSL setup in MQTT. This is not great practice but it is a choice I made.
listener 1883
allow_anonymous true
Since my Home Assistant service is on my internal network and not directly accessibile from the internet I use DNS validation to get my SSL certs. I already have an AWS account so I am using Route53 for my DNS. I wanted something lightweight for the cert process so I chose to use acme.sh.
./acme.sh --issue --dns dns_aws \
--server https://acme-v02.api.letsencrypt.org/directory \
--keylength ec-384 \
-d homeassistant.n1mtp.com \
-d hasswg.n1mtp.comThis still has to be tested.
My NGINX config file came from what I found on HASS community forums but I found that when I ran it, the performance in the browser and companion app was slow so I ended up commenting out many options. Your mileage may vary.
I purposely do NOT have my cameras configured into Home Assistant directly. I am using the Frigate addon to give me the camera feeds. My reasoning, is I would rather have a single source of truth when it comes to the cameras.
I replaced my Ring system with Reolink devices and using Frigate as the network video recorder (NVR)
I am using this blueprint to configure the notifications. You may also want to use the Github link to the blueprint.
I also found this website to be somewhat helpful as another reference. It appears to be talking about a slightly older version of the blueprint but it was enough to give me some answers to questions I had.
sudo mkdir -p /frigate/config
sudo mkdir -p /frigate/storageThe server is a Zotac ZBOX BI325 computer running 8 GB of RAM and a 240 GB SSD. It is running Debian 12 (Bookworm). To help with the detection, I bought the Coral M.2 A+E keyed TPU. The computer had a WiFi adapter in its M.2 slot but I am using the ethernet connection so I do not need WiFi.
Rather than installing Docker, I install podman and podman-compose.
- Docker compose config
- The Docker compose file is placed in
/frigate/
- The Docker compose file is placed in
- Frigate config
- The Frigate config file is placed in
/frigate/config/
- The Frigate config file is placed in
- SystemD Service
sudo apt install gasket-dkms libedgetpu1-stdSince the server is running an 8th gen (or better) processor and I wanted hardware acceleration I installed the following packages.
This requires added the non-free option to the apt sources list.
cat /etc/apt/sources.list
deb http://deb.debian.org/debian/ bookworm main non-free-firmware non-free
deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware non-free
deb http://security.debian.org/debian-security bookworm-security main non-free-firmware non-free
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware non-free
# bookworm-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware non-free
deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware non-freesudo apt install vainfo intel-media-va-driver-non-freeMy Home Assistant installation is using a Docker container so I installed HACS to be the Frigate addon, which makes things really nice.
I made sure to install the latest firmware updates on flood light and video door bell as that fixed some bugs I found with the RTSP connection.
I have three cameras but one is battery operated / solar powered so it is not linked into Frigate due to the camera not having the necessary configuration.
- Argus 3 Pro - Replaced by RLC-811A
- RLC-811A
- Duo Flood Light WiFi
- Video Doorbell WiFi
I am not sure why but after nearly a month of successful usage with my Floodlight camera the HTTP and HTTPS ports stopped working on my wired connection. The RTSP and ONVIF ports were still open. Unfortunately, the HTTPS port is used with the Reolink integration.
A factory reset, a power cycle, and a camera restore did not bring the ports back into service. In fact, it got worse. The only port that was open was 9000. I was now completely locked out of the device via the wired connection. Thankfully, the device is also configured for WiFi and when I disconnected the ethernet cable, the WiFi connection came up and all HTTP and HTTPS ports were open. I was able to get into the web interface and turn on the RTSP and ONVIF ports again.
With the ports re-enabled, I plugged the wired connection back in and everything was back to normal. Frigate could see the camera and the I Reolink integration was working again.
Nmap command I used.
❯ sudo nmap -v -Pn _CAMERA_IP_
[sudo] password for mike:
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-16 15:39 EDT
Initiating ARP Ping Scan at 15:39
Scanning _CAMERA_IP_ [1 port]
Completed ARP Ping Scan at 15:39, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:39
Completed Parallel DNS resolution of 1 host. at 15:39, 0.05s elapsed
Initiating SYN Stealth Scan at 15:39
Scanning _CAMERA_IP_ [1000 ports]
Discovered open port 80/tcp on _CAMERA_IP_
Discovered open port 554/tcp on _CAMERA_IP_
Discovered open port 443/tcp on _CAMERA_IP_
Discovered open port 8000/tcp on _CAMERA_IP_
Discovered open port 6001/tcp on _CAMERA_IP_
Discovered open port 9000/tcp on _CAMERA_IP_
Completed SYN Stealth Scan at 15:39, 0.16s elapsed (1000 total ports)
Nmap scan report for _CAMERA_IP_
Host is up (0.0048s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
554/tcp open rtsp
6001/tcp open X11:1
8000/tcp open http-alt
9000/tcp open cslistener
MAC Address: EC:71:DB:11:B6:94 (Shenzhen Baichuan Digital Technology)
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds
Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.052KB)
I wanted to trigger an automation when the doorbell button was pressed. That requires the Reolink integration BUT the default video setting in the intergration interferes with the Frigate vide feed. I changed the Home Assistant integration to use flv rather than rtsp.
I ought to try using rtmp but I have not done that yet.
I have an automation setup to notify the Home Assistant Companion App on my phone when someone presses the button on the doorbell. The linked automation is the YAML version of what I am using.
In my Home Assistant configuration file I setup a notify group so that I can notify more than one companion app at a time. Look under the notify: block. The group is called frigate_phones.
IMPORTANT: This WILL drain the battery in a matter of hours.
I am running Neolink on my Frigate server.
It turns out that it is possible to stream the battery powered cameras into Frigate. I was curious how port 9000 worked with the camera and came across Neolink.
It would be smart to read the following as well. You may not need these but it is worth mentioning.
mkdir -p /neolinkffprobe -show_entries stream=width,height rtsp://NEOLINK_IP:8654/deck/subStream
... snip some output ...
Input #0, rtsp, from 'rtsp://NEOLINK_IP:8654/deck/subStream':
Metadata:
title : Session streamed with GStreamer
comment : rtsp-server
Duration: N/A, start: 0.064000, bitrate: N/A
Stream #0:0: Video: h264 (High), yuv420p(progressive), 896x512, 90k tbr, 90k tbn, 180k tbc
Stream #0:1: Audio: pcm_s16be, 16000 Hz, 1 channels, s16, 256 kb/s
[STREAM]
width=896
height=512
[/STREAM]
[STREAM]
[/STREAM]I am using RTSP for the camera configuration which is configured through the web interface to the camera.
Something else I had done with the cameras that probably does not matter so much if you only use Frigate to send notifications is that I used the mobile app to paint the areas that I wanted the cameras to ignore.