Moving away from ZoneMinder, back to Ubuntu, devirtualising my NAS and so on.

I've done a lot lately, and not much of it is radio (HF has been woeful...)

Firstly - I moved back to Ubuntu for my PC. EndevourOS was nice, but the constant issues with my primary display not being detected and taking an inordinate amount of time to bring up the login prompt were driving me nuts. Going back to Ubuntu has had some improvement, though I suspect I need to do more. 

NAS:

I've had a largely virtualised NAS - a VM with a passthrough HBA connected that connects to a SFF8087 to SFF8088 board, that then connects to a 3RU chassis with another of those boards back to a SAS expander the to the backplanes that connect all of my hard disks. It's mostly worked. But it's been infuriating. 

When it works, it's great. When a disk gets flaky, it's problematic. Maybe a reboot of the VM will work. Maybe it'll upset the HBA, which requires restarting the whole physical server. 

I've got a flaky disk, and I'm awaiting the replacement. 

I had a motherboard and CPU sitting in that 3RU chassis from when it used to run as a dedicated box, so I reconnected it up, installed OpenMedia Vault (OMV) and reconfigured it to do all of my network storage. It was a fairly simple process. 

I decided to fix some of my other bug bears along the way - firstly we have a couple of PiHoles running - effectively just a DNS server that does ad blocking... and domain blocking. One for the primary network. One for the kids. Unfortunately, when the server goes down, I wind up taking out the Internet with it. 

OMV is Docker friendly and integrating a PiHole Docker image into it was pretty easy. I simply then took a backup of my main PiHole server and restored it on the new Docker image. Added the IP address as a secondary DNS server to the DHCP servers on my networks, and that problem is solved.

Security cameras:

I've been using ZoneMinder for some time to handle our 13 high resolution security cameras. It's generally just worked, but it's had some issues:

- It consumes a lot of RAM

- It's hard on CPU

- It throws an Out of Memory error if the storage goes away sometimes. Othertimes it simply records null events and generally gets flaky. It does at least recover itself. 

- Diving into the massive number of stored events is incredibly hard on its database, and it often becomes unresponsive. 

- Trying to run a "live view" for our sheer volume of cameras runs into issues with web browsers due to how it renders the video feeds. The workaround for this involves having an entire port range setup and configured at the back end to allow it to pull each camera feed in on a different port. When you have a reverse proxy in the middle, that adds another massive wall of configuration hundreds of lines long.

For what it's worth, this VM has some 16 CPU cores and 20GB RAM attached to it, so it's got a lot of resources under it. 

I noticed that OMV let me easily fire up an instance of Frigate - something I'd been keen to try out. It has integrations into my Home Assistant setup as well, so I thought it was worth a go. It's known to be very intelligent around its AI based event tracking - it can do things like determine what is a person, or a car and so on, and allow you to track specific kinds of events and exclude others. 

I had the basic setup running quickly. 

The core configuration is all in YAML - a fairly straightforward text based configuration file that is really pedantic on little details like spacing. I found it fairly easy to do deal with given its simplicity and the sheer amount of doco available online. 

It's worth noting that this setup is effectively all a giant text based script - there's no "simple" interface for you to do this. You do need to understand things like RTSP addresses for your cameras, and it's helpful (and more efficient) if you also now the lower resolution sub-stream addresses to use for motion/event detection. 

Easy enough for experienced IT people, tech enthusiasts and people who've had experience on working with things like Home Assistant. Not something people whose entire computing experience involves "point and click" will likely get along with. 

The interesting stuff:

- The whole thing is completely open - there's no authentication around it. You can get to the interface, select "Config" and go touch it. That's really insecure. If you're running segmented VLANs, you can at least bury it somewhere and configure an Apache reverse proxy to require a password in front of it. On a flat network, yuck. I'm not entirely happy about where it is on my network. I can feel some firewall configuration coming up. 

- The resource utilisation is pretty good. I don't have a Google Coral TPU that is recommended for better analysis (I'll get one soon), so all of that work is on the CPU. Yet overall, the CPU on the OVM box is sitting around 30%. RAM usage is 4GB. It's a doing a lot more, for a lot less. 

- Integration into Home Assistant is easy enough (you can even technically run it from Home Assistant if you're so inclined). I was able to get a dashboard running with a live view for all cameras pretty easily. It even allows you to get in and see the events for each camera. This really takes away the need to directly interface with Frigate that much. I've got a dedicated monitor that loads the Home Assistant dashboard for it. It's not quite as reliable as I'd like - occasionally the cameras drop and reload. I'm hoping that this is because I've also got Zoneminder running and Hikvision cameras are known to struggle with multiple connections to the same streams. 

- I was able to define a couple of sets of rules around recording. Firstly, I could set individual detection types (ie People, car, motorcyle, bus, dog, cat, mouse) and define that I want to keep those events and for how long. I was also able to define on a per camera basis that I want to keep a 24/7 recording and for how long. My logic behind this is that there are a couple of cameras that I would like to have ongoing recordings of without reliance on the tech to make decisions about. For other cameras, that's simply overkill and just burns disk space at the cost of limiting retention. 

There's quite a bit more to come on the subject when time permits. I need to do some more tweaking around the storage. I'm planning on pushing the storage straight out to a different NAS. Originally, when I ordered the NAS for it, I was planning on having ZoneMinder offload out to it. It doesn't quite hold the same value now, but at I can at least store it somewhere other than the rack full of expensive looking hardware - which is likely to be somewhere to draw the attention of thieves).