Numbus/modules/server/services/applications/frigate.nix

{ config, pkgs, lib, ... }:

with lib;

let
  # Container config
  name = "frigate";
  # Version tagging
  frigateVersion = "0.16.4";
  # Helper
  helper = import ../service-helper.nix { inherit config pkgs lib; };
  cfg = config.numbus-server.services.frigate;
in

helper.mkPodmanService {
  inherit name;
  pod = "home-assistant";
  description = "Frigate, your fully-local NVR (Network Video Recorder)";
  defaultPort = "8971";
  scheme = "https";
  dependencies = [
    "sops-install-secrets.service"
    "traefik.service"
    "authelia.service"
    "home-assistant.service"
    "${config.numbus-server.services.dns}.service"
  ];
  middlewares = [
    "secureHeaders"
  ];
  dirPermissions = [
    "1000:100 ${cfg.configDir}"
    "1000:100 ${cfg.dataDir}"
  ];

  composeText = ''
    services:
      frigate:
        image: ghcr.io/blakeblackshear/frigate:${frigateVersion}
        container_name: frigate
        hostname: frigate
        shm_size: "256mb"
        networks:
          home-assistant:
            ipv4_address: 10.89.230.253
        ports:
          - "${cfg.port}:8971/tcp"
        volumes:
          - ${cfg.configDir}:/config
          - ${cfg.dataDir}:/media/frigate
          - /etc/localtime:/etc/localtime:ro
          - type: tmpfs
            target: /tmp/cache
            tmpfs:
              size: 1000000000
        environment:
          - FRIGATE_MQTT_USER=${config.sops.placeholder."home-assistant/mqtt_username"}
          - FRIGATE_MQTT_PASSWORD=${config.sops.placeholder."home-assistant/mqtt_password"}
    ${lib.optionalString (cfg.devices != []) ''
          devices:
    ${lib.concatStringsSep "\n" (map (d: "            - \"${d}\"") cfg.devices)}
    ''}
        security_opt:
          - no-new-privileges:true
        cap_drop:
          - NET_RAW
        stop_grace_period: 30s
        restart: unless-stopped

    networks:
      home-assistant:
        external: true
  '';

  extraOptions = {
    devices = mkOption {
      type = types.listOf types.str;
      default = [];
      example = [ "/dev/dri:/dev/dri" "/dev/bus/usb:/dev/bus/usb" "/dev/apex_0:/dev/apex_0" ];
      description = "List of devices to map into the container. /dev/dri is used for graphics acceleration, /dev/bus/usb for USB Coral TPUs, and /dev/apex_0 for PCI coral TPUs";
    };
  };
}