I’ve been a user of HomeKit, a software framework that lets users control smart-home appliances, for half a dozen years at this point. It has supported video feeds for a while, but because I use Unifi Protect, and there is no official integration, I haven’t been able to use it. Thankfully, Scrypted is a third-party tool that can bring Protect into HomeKit.

This is my fifteenth post documenting images I use at home. You can also read about how I run the Unifi controller, how I run Plex, how I update DuckDNS, how I run Duplicacy, how I run Heimdall, how I run Librespeed, how I run Home Assistant, how I run NetBox, how I run Scrutiny, how I run OpenVSCode Server, how I run QDirStat, how I run WireGuard, how I run Z-Wave JS UI, and how I run netboot.xyz.

About Scrypted

Scrypted is a multiplexer and demultiplexer (mux and demux) for bringing in various camera video input streams and outputting them to various home hubs. For example, you could bring in video streams from a combination of Reolink and Tuya cameras and output those streams to Google Home.

In my case, I input Unifi Protect video streams and output them to HomeKit. It looks like Scrypted can do more than mux and demux via third-party plugins, but I have not tried those and cannot speak to these capabilities.

Configuring the various applications

Unifi Protect

First, we must grant Unifi Protect permissions to Scrypted following Scrypted’s instructions. In my case, Protect is running on a UNVR device, and so my steps below are for that context.

1. Log into the Protect device and navigate to the UniFi OS context.
2. Click Admins in the left navigation.
3. Click the Add New Admin button.
4. Give the admin the default role or a customized role if you’d like. For customized roles, be sure to reference the Scrypted documentation linked above.
5. Uncheck the Allow Remote Access button.
6. Fill in a username and password for the user. In my case, I named it scrypted.
7. Click the Add button.

Configure Scrypted

I am going to run Scrypted via docker-compose alongside all the other various containers I am running. I will be following the reference Scrypted docker-compose configuration.

Here is the configuration I use within my docker-compose.yml file.

  scrypted:
    container_name: scrypted
    image: koush/scrypted:18-bullseye-thin.s6-v0.5.13
    restart: unless-stopped
  
    env_file:
      - ./common.env
      - ./secret.env
    environment:
      - SCRYPTED_WEBHOOK_UPDATE=http://localhost:10444/v1/update
    network_mode: host
    volumes:
      - ${SERVICE_DATA_DIR}/scrypted:/server/volume

In the first stanza, I set the container name, restart policy, and which image to use. As usual, I pin my images to specific versions. This allows me to control version updates carefully.

In the next stanza, I reference my environment files with common and secret values. For Scrypted, I added the SCRYPTED_WEBHOOK_UPDATE_AUTHORIZATION=Bearer SET_THIS_TO_SOME_RANDOM_TEXT pair to secret.env. For the random text, I filled in a made-up value.

Only one environment variable needs to be set — SCRYPTED_WEBHOOK_UPDATE — and I left this as the default value taken from Scrypted’s example. Truth be told, I don’t know what it does or when/why one would change it — perhaps for other plugins?

Lastly, I set up a persistent data volume alongside the volumes I have for other containers.

One thing I did not take from Scrypted’s example is the watchtower configuration and automated updates, since I do not want or allow my images to automatically update.

One annoying thing is that I tried, and was unable, to run this container as a non-root user using the user directive. I do not run images as root as long as the image supports it, and, apparently, this does not. I then needed to update my service data backup script to fix permissions before backing up my data to another system.

At any rate, with this docker-compose.yml configuration in place, I can now run docker-compose up -d scrypted to start up the Scrypted container.

HomeKit

HomeKit configuration is straightforward — as long as you don’t make the mistake almost all of us trip into. Instead of adding Scrypted as a hub, which one would normally expect to bring in the camera feeds, we need to add camera feeds individually. Why this is the case, whether it’s intentional or avoidable, is beyond me. It is what it is.

To add camera feeds:

1. Navigate to your new Scrypted instance on port 10443 and log in.
2. Click on Devices in the left navigation.
3. Scroll or search through the list to find the camera feed to add.
4. In the Settings box on the left, click the HomeKit subnav item.
5. In the Settings > HomeKit box that showed up, click the Pairing item.
6. Ensure Standalone Accessory Mode is checked.
7. Open your Home app, tap or click the + button, and Add Accessory.
8. Use the Home app to scan the QR code.

You’ll need to do this for each camera individually. When you’re done, you should now see the camera feeds directly within the HomeKit app.

Usage

I use the HomeKit app to take a quick peek at the feeds, e.g., look at the garage camera feed to see if my wife’s car is home. For more heavy-duty work, like reviewing recording history or events, I typically use the Protect app directly.

Run Scrypted Via Its Docker Image

Scrypted has been around for a while, but I didn’t have a significant need for it, so deferred setting it up. I’m glad I finally did. I’ve found the combination of HomeKit and Scrypted to be wicked fast to update, so I am super happy with this setup.