{ config, pkgs, lib, ... }: with lib; let # Container config name = "frigate"; # Version tagging frigateVersion = "0.16.4"; # Helper helper = import ../service-helper.nix { inherit config pkgs lib; }; cfg = config.numbus-server.services.frigate; in helper.mkPodmanService { inherit name; pod = "home-assistant"; description = "Frigate, your fully-local NVR (Network Video Recorder)"; defaultPort = "8971"; scheme = "https"; dependencies = [ "sops-install-secrets.service" "traefik.service" "authelia.service" "home-assistant.service" "${config.numbus-server.services.dns}.service" ]; middlewares = [ "secureHeaders" ]; dirPermissions = [ "1000:100 ${cfg.configDir}" "1000:100 ${cfg.dataDir}" ]; composeText = '' services: frigate: image: ghcr.io/blakeblackshear/frigate:${frigateVersion} container_name: frigate hostname: frigate shm_size: "256mb" networks: home-assistant: ipv4_address: 10.89.230.253 ports: - "${cfg.port}:8971/tcp" volumes: - ${cfg.configDir}:/config - ${cfg.dataDir}:/media/frigate - /etc/localtime:/etc/localtime:ro - type: tmpfs target: /tmp/cache tmpfs: size: 1000000000 environment: - FRIGATE_MQTT_USER=${config.sops.placeholder."home-assistant/mqtt_username"} - FRIGATE_MQTT_PASSWORD=${config.sops.placeholder."home-assistant/mqtt_password"} ${lib.optionalString (cfg.devices != []) '' devices: ${lib.concatStringsSep "\n" (map (d: " - \"${d}\"") cfg.devices)} ''} security_opt: - no-new-privileges:true cap_drop: - NET_RAW stop_grace_period: 30s restart: unless-stopped networks: home-assistant: external: true ''; extraOptions = { devices = mkOption { type = types.listOf types.str; default = []; example = [ "/dev/dri:/dev/dri" "/dev/bus/usb:/dev/bus/usb" "/dev/apex_0:/dev/apex_0" ]; description = "List of devices to map into the container. /dev/dri is used for graphics acceleration, /dev/bus/usb for USB Coral TPUs, and /dev/apex_0 for PCI coral TPUs"; }; }; }