Home Surveillance Setup - NVR and Cameras

A comprehensive guide to setting up a professional home surveillance system using PoE cameras, network switches, and Frigate NVR software with proper network security.

Introduction

Setting up a home surveillance system has become increasingly accessible with modern IP cameras and open-source NVR software. This guide walks you through creating a robust, secure surveillance network using Power over Ethernet (PoE) cameras, managed network switches, and Frigate NVR software running on a Raspberry Pi or laptop.

Key benefits of this approach:

• Professional-grade security with VLAN isolation
• Cost-effective compared to proprietary systems
• Scalable - easily add more cameras
• Local storage - no cloud dependencies
• Open-source flexibility with Frigate’s AI detection

Network Architecture Overview

The following diagram illustrates the complete network architecture for our home surveillance system:

This architecture ensures that cameras are isolated on their own network segment (VLAN 10), preventing direct access to your main home network while allowing the NVR to manage and record from all cameras.

IP Camera Categories

Indoor Cameras

• Dome cameras for discrete ceiling mounting
• Bullet cameras for wall mounting
• Pan-tilt-zoom (PTZ) for flexible coverage
• Typical resolution: 2MP (1080p) to 8MP (4K)

Outdoor Cameras

• Weatherproof ratings: IP65, IP67, or IP68
• Built-in heaters for cold climates
• Vandal-resistant housings (IK10 rating)
• UV-resistant materials

Night Vision Capabilities

• Infrared (IR): 850nm LEDs, invisible to human eye
• White light: Visible deterrent, color night vision
• Starlight sensors: Ultra-low light performance
• Range: 15m-100m depending on camera and conditions

Lens and Field of View

• 2.8mm: Wide angle (110°), good for general areas
• 4mm: Medium angle (85°), balanced view
• 6mm: Narrow angle (55°), focused on specific areas
• Varifocal: Adjustable 2.8-12mm for flexibility

Camera Recommendations

Budget (₹1,500-3,000)

• TP-Link VIGI C320I 2MP HD Outdoor IR Bullet Network Camera
• TP-Link VIGI C420I 2MP IR Turret Network Camera

Mid-range-Premium (₹3,000-7,000)

• TP-Link VIGI C350 2.8mm Lens 5MP Outdoor Security Bullet Network Camera
• TP-Link VIGI C240 2.8mm Lens 4MP Security Camera

(PoE) Network Switch Setup

Understanding PoE Technology

Power over Ethernet delivers both data and power through a single Ethernet cable, eliminating the need for separate power adapters at each camera location.

PoE Standards:

• PoE (802.3af): 15.4W per port - suitable for basic IP cameras
• PoE+ (802.3at): 30W per port - supports PTZ and high-power cameras
• PoE++ (802.3bt): 60-100W per port - for advanced PTZ and lighting

Switch Selection for Home Use

6-8 Port PoE Switches (Recommended for homes)

• Total power budget: 60-120W
• Managed switches preferred for VLAN support
• Gigabit ports for 4K camera streams

Switch Recommendations

Budget (₹1,500-3,000)

• TP-Link LS109P 9-Port 10/100Mbps
• CP Plus 10 Ports Fast Ethernet with 8 PoE Ports

Mid-range-Premium (₹4,000-15,000)

• TP-Link LS108GP 8-Port Gigabit Desktop Ethernet Switch with 8-Port PoE+
• TP-Link 16 Port Gigabit PoE Switch 8 PoE+ Port

Installation Tips:

• Mount in ventilated area (switches generate heat)
• Use UPS for power backup
• Leave 20% power headroom for future expansion
• Connect uplink to main router/firewall

PoE Camera Setup

Physical Installation

Cable Requirements:

• Cat5e minimum, Cat6 recommended for future-proofing
• Maximum run: 100 meters per PoE standard
• Use outdoor-rated cable for external runs
• Proper cable management and weatherproofing

Cable Recommendation:

• FEDUS 100 Meter Heavy Duty Outdoor Cat6 Cable Weatherproof/UV Resistant 10000mbps Ethernet Cable - Ideal for outdoor camera installations

Installation Steps:

1. Plan camera positions

   • Test camera angles using smartphone camera first
   • Consider lighting conditions at different times
   • Ensure adequate PoE power delivery distance

2. Run Ethernet cables

   • Use cable tester to verify connections
   • Label cables clearly at both ends
   • Secure cables to prevent tampering

3. Connect and test

   • Connect camera to PoE switch
   • Camera should power on automatically
   • Check switch LED indicators for link status

Network Configuration

• Use DHCP reservation or static IP to assign IP addresses to the cameras.
  • Camera subnet: 192.168.0.0/24 (VLAN 10)
  • Example camera IPs: 192.168.0.101-108
• Access Camera Web Interface:
  • Find camera IP using network scanner: nmap -sn 192.168.0.1/24
  • Access via web browser using discovered IP
  • Default credentials often admin/admin or admin/12345
• CHANGE DEFAULT PASSWORDS IMMEDIATELY

RTSP Stream Configuration

Getting RTSP URLs: Most IP cameras provide RTSP streams in this format:

1rtsp://username:password@camera_ip:554/stream1
2rtsp://username:password@camera_ip:554/stream2

Common paths:

• TP-Link VIGI: /stream1, /stream2 (or /streaming/channels/1, /streaming/channels/2)
• Hikvision: /Streaming/Channels/101 (main stream), /Streaming/Channels/102 (sub stream)

Test RTSP Stream:

• Using VLC media player: vlc rtsp://admin:[email protected]:554/stream1
• Using ffmpeg: ffmpeg -i rtsp://admin:[email protected]:554/stream1 -t 10 test.mp4

Camera Security Configuration

Essential Security Settings:

1. Change default credentials

   • Use strong passwords (12+ characters)
   • Enable two-factor authentication if available

2. Disable unnecessary services

   • Turn off UPnP, P2P cloud services
   • Disable ONVIF if not needed
   • Remove default user accounts

3. Network isolation

   • Place cameras on dedicated VLAN
   • Block internet access for cameras
   • Use firewall rules to restrict access

Network Video Recorder (NVR) Setup

Hardware Requirements

Minimum Specifications:

• CPU: Quad-core ARM (Raspberry Pi 4) or x86-64
• RAM: 4GB minimum, 8GB recommended
• Storage: 200GB+ SSD/HDD for recordings
• Network: Gigabit Ethernet
• OS: Debian-based Linux distribution

Recommended Hardware:

1. Raspberry Pi Setup (₹8,000-12,000)

   • Raspberry Pi 4 (8GB RAM)
   • 64GB microSD for OS
   • 1TB USB 3.0 SSD for recordings
   • Official PoE+ HAT (if using PoE)

2. Mini PC Setup (₹15,000-25,000)

   • Intel NUC or similar
   • 8GB RAM, 256GB SSD
   • Additional 2TB HDD for recordings

Operating System Installation

Debian Installation:

• Download Debian 12 (Bookworm)
• Create bootable USB/SD card
• Install with minimal desktop environment
• Enable SSH for remote management
• Post-installation updates

1sudo apt update && sudo apt upgrade -y
2sudo apt install curl wget git vim htop

System Configuration:

• Set static IP address sudo nano /etc/dhcpcd.conf
• Add:

1# interface eth0
2static ip_address=192.168.1.100/24
3static routers=192.168.1.1
4static domain_name_servers=192.168.1.1
5
6# Restart networking
7sudo systemctl restart dhcpcd

Configure NVR

Docker Installation

 1# Install Docker
 2curl -fsSL https://get.docker.com -o get-docker.sh
 3sudo sh get-docker.sh
 4sudo usermod -aG docker $USER
 5
 6# Install Docker Compose
 7sudo apt install docker-compose-plugin
 8
 9# Verify installation
10docker --version
11docker compose version

Frigate Installation

Create Frigate directory structure:

1mkdir -p ~/frigate/{config,media,database}
2cd ~/frigate

Create docker-compose.yml:

 1version: "3.9"
 2services:
 3  frigate:
 4    container_name: frigate
 5    privileged: true
 6    restart: unless-stopped
 7    image: ghcr.io/blakeblackshear/frigate:stable
 8    shm_size: "64mb"
 9    devices:
10      - /dev/bus/usb:/dev/bus/usb  # Coral USB accelerator
11    volumes:
12      - /etc/localtime:/etc/localtime:ro
13      - ./config:/config
14      - ./media:/media/frigate
15      - type: tmpfs
16        target: /tmp/cache
17        tmpfs:
18          size: 1000000000
19    ports:
20      - "5000:5000"
21      - "8554:8554" # RTSP feeds
22      - "8555:8555/tcp" # WebRTC over tcp
23      - "8555:8555/udp" # WebRTC over udp
24    environment:
25      FRIGATE_RTSP_PASSWORD: "your_password_here"

Create Frigate configuration (config/config.yml):

 1mqtt:
 2  enabled: false
 3
 4database:
 5  path: /config/frigate.db
 6
 7detectors:
 8  cpu1:
 9    type: cpu
10    num_threads: 3
11
12cameras:
13  front_door:
14    ffmpeg:
15      inputs:
16        - path: rtsp://admin:[email protected]:554/stream1
17          roles:
18            - record
19            - detect
20        - path: rtsp://admin:[email protected]:554/stream2
21          roles:
22            - detect
23    detect:
24      width: 640
25      height: 480
26      fps: 5
27    record:
28      enabled: true
29      retain:
30        days: 7
31        mode: motion
32    snapshots:
33      enabled: true
34      timestamp: false
35      bounding_box: true
36
37  balcony:
38    ffmpeg:
39      inputs:
40        - path: rtsp://admin:[email protected]:554/stream1
41          roles:
42            - record
43            - detect
44    detect:
45      width: 640
46      height: 480
47      fps: 5
48    record:
49      enabled: true
50      retain:
51        days: 7
52        mode: motion
53
54go2rtc:
55  streams:
56    front_door:
57      - rtsp://admin:[email protected]:554/stream1
58    balcony:
59      - rtsp://admin:[email protected]:554/stream1

• Start Frigate: docker compose up -d
• Check logs: docker compose logs -f frigate
• Access web interface: http://your_nvr_ip:5000

Security

VLAN Configuration

Create Camera VLAN (VLAN 10):

• On managed switch, create VLAN 10
• Assign camera ports to VLAN 10
• Configure trunk port to router

Router/Firewall Rules:

• Block camera VLAN from internet access

• Allow NVR to access camera VLAN

• Block camera VLAN from other network segments

• Example iptables rules:

• Block cameras from internet iptables -A FORWARD -s 192.168.0.0/24 -o wan0 -j DROP

• Allow NVR access to cameras iptables -A FORWARD -s 192.168.1.100 -d 192.168.0.0/24 -j ACCEPT

UPS Backup Solution

UPS Recommendations:

• APC Back-UPS 600VA (₹4,000-6,000) - Basic protection
• CyberPower CP1500PFCLCD (₹12,000-15,000) - Pure sine wave
• APC Smart-UPS 1000VA (₹15,000-20,000) - Network management

UPS Configuration:

• Install NUT (Network UPS Tools) sudo apt install nut nut-client nut-server

• Configure UPS monitoring sudo nano /etc/nut/ups.conf

• Add your UPS configuration

• Set up automatic shutdown sudo nano /etc/nut/upsmon.conf

• Configure shutdown parameters

Remote Backup Strategy

Backup Media Directory:

• Create backup script nano ~/backup_frigate.sh

 1#!/bin/bash
 2# Frigate media backup script
 3SOURCE="/home/user/frigate/media"
 4DEST="user@backup-server:/backups/frigate"
 5DATE=$(date +%Y%m%d)
 6
 7# Sync recordings (keep last 30 days)
 8rsync -avz --delete --exclude="*.tmp" \
 9  --include="*/" --include="*.mp4" --include="*.jpg" \
10  --exclude="*" "$SOURCE/" "$DEST/"
11
12# Create daily archive of important events
13tar -czf "/tmp/frigate_events_$DATE.tar.gz" \
14  "$SOURCE/events" 2>/dev/null
15
16# Upload to remote server
17scp "/tmp/frigate_events_$DATE.tar.gz" \
18  "user@backup-server:/backups/archives/"
19
20# Cleanup local archive
21rm "/tmp/frigate_events_$DATE.tar.gz"
22
23# Log backup completion
24echo "$(date): Backup completed" >> /var/log/frigate_backup.log

Automate with Cron:

• Edit crontab crontab -e
• Add daily backup at 2 AM 0 2 * * * /home/user/backup_frigate.sh
• Weekly full backup 0 3 * * 0 rsync -avz /home/user/frigate/ user@backup-server:/backups/frigate_full/

Cloud Backup Options:

• Using rclone for cloud storage sudo apt install rclone
• Configure cloud provider (Google Drive, Dropbox, etc.) rclone config
• Sync important events to cloud rclone sync /home/user/frigate/media/events remote:frigate_backup

Additional Security Measures

Network Monitoring:

• Monitor network traffic sudo apt install ntopng
• Configure to monitor camera VLAN traffic
• Set up intrusion detection sudo apt install suricata
• Configure rules for camera network

Access Control:

• Set up Tailscale VPN for easy remote access curl -fsSL https://tailscale.com/install.sh | sh
• sudo tailscale up
• Access your NVR remotely via Tailscale IP
• No port forwarding or complex firewall rules needed
• Example: http://100.x.x.x:5000 (Tailscale assigns 100.x.x.x IPs)
• Use fail2ban for SSH protection sudo apt install fail2ban && sudo systemctl enable fail2ban

There are lot of things that can be improved:

• Add a motion detection zone to the camera.
• Add GPU or TPU to the Raspberry Pi for better performance.
• Add detection notifications via frigate.

Try reading the Frigate documentation for more information.