numbus-server-module/modules/services/frigate.nix

{ config, pkgs, lib, ... }:

with lib;

let
  cfg = config.numbus.services.frigate;
  containerName = "frigate";
  pod = "home-assistant";
  composeFile = "podman/frigate/compose.yaml";
in

{
  options.numbus.services.frigate = {
    enable = mkEnableOption "Frigate fully-local NVR (Network Video Recorder)";

    configDir = mkOption {
      type = types.str;
      default = "/mnt/config/frigate";
      example = "/mnt/config/frigate";
      description = "The directory where Frigate's configuration files will be stored";
    };

    dataDir = mkOption {
      type = types.str;
      default = "/mnt/data/frigate";
      example = "/mnt/data/frigate";
      description = "The directory where Frigate's data (i.e. clips, recordings, exports) will be stored";
    };

    subdomain = mkOption {
      type = types.str;
      default = "frigate";
      example = "frigate";
      description = "The subdomain that Frigate will use (i.e. your-subdomain.your-domain.com)";
    };

    devices = mkOption {
      type = types.listOf types.str;
      default = [];
      example = [ "/dev/dri:/dev/dri" "/dev/bus/usb:/dev/bus/usb" "/dev/apex_0:/dev/apex_0" ];
      description = "List of devices to map into the container. /dev/dri is used for graphics acceleration, /dev/bus/usb for USB Coral TPUs, and /dev/apex_0 for PCI coral TPUs";
    };

    port = mkOption {
      type = types.str;
      default = "8971";
      example = "8971";
      description = "The port that Frigate will use. Be careful, do not use a port already in use such as 80 or 443";
    };
  };

  config = mkIf cfg.enable {
    environment.etc."${composeFile}".text =
      /*
      yaml
      */
      ''
        services:
          ${containerName}:
            image: ghcr.io/blakeblackshear/frigate:stable
            container_name: ${containerName}
            hostname: ${containerName}
            shm_size: "256mb"
            networks:
              home-assistant_frontend:
              home-assistant_backend:
            ports:
              - "${cfg.port}:8971/tcp"
            volumes:
              - ${cfg.configDir}:/config
              - ${cfg.dataDir}:/media/frigate
              - /etc/localtime:/etc/localtime:ro
              - type: tmpfs
                target: /tmp/cache
                tmpfs:
                  size: 1000000000
            environment:
              - FRIGATE_MQTT_USER=$FRIGATE_MQTT_USER
              - FRIGATE_MQTT_PASSWORD=$FRIGATE_MQTT_PASSWORD
${lib.optionalString (cfg.devices != []) ''
            devices:
${lib.concatStringsSep "\n" (map (d: "              - \"${d}\"") cfg.devices)}
''}
            restart: unless-stopped

        networks:
          home-assistant_backend:
            external: true
          home-assistant_frontend:
            external: true
      '';

    environment.etc."${config.numbus.services.traefikDynamicConfigDir}/frigate.yaml".text =
      /*
      yaml
      */
      ''
        http:
          routers:
            ${containerName}:
              rule: "Host(`${cfg.subdomain}.${config.numbus.services.domain}`)"
              entrypoints:
                - "websecure"
              service: ${containerName}
              middlewares:
                - secureHeaders
              tls:
                certresolver: "cloudflare"
                options: "secureTLS"
          services:
            ${containerName}:
              loadBalancer:
                servers:
                  - url: "https://host.containers.internal:${cfg.port}"
      '';

    systemd.services."${containerName}" = {
      description = "Podman container : ${containerName}";
      requires = [ "traefik.service" "home-assistant.service" "${config.numbus.services.dns}.service" ];
      after = [ "traefik.service" "home-assistant.service" "${config.numbus.services.dns}.service" ];
      wantedBy = [ "multi-user.target" ];
      path = [ pkgs.podman pkgs.podman-compose pkgs.coreutils pkgs.sudo ];
      serviceConfig = {
        Type = "exec";
        ExecStartPre = "bash -c 'sleep $((RANDOM % 180))'";
        ExecStart = "sudo -u numbus-admin podman-compose --in-pod ${pod} -f /etc/${composeFile} up --remove-orphans";
        ExecStop = "sudo -u numbus-admin podman-compose --in-pod ${pod} -f /etc/${composeFile} down";
        Restart = "on-failure";
        RestartSec = "1m";
        StartLimitBurst = "5";
      };
    };

    systemd.services."update-${containerName}" = {
      description = "Update ${containerName} container";
      path = [ pkgs.podman pkgs.podman-compose pkgs.sudo ];
      serviceConfig = {
        Type = "oneshot";
        ExecStart = [
          "sudo -u numbus-admin podman-compose --in-pod ${pod} -f /etc/${composeFile} pull"
          "sudo -u numbus-admin podman-compose --in-pod ${pod} -f /etc/${composeFile} down"
          "sudo -u numbus-admin podman-compose --in-pod ${pod} -f /etc/${composeFile} up -d"
        ];
      };
    };

    systemd.timers."update-${containerName}" = {
      timerConfig = {
        OnCalendar = "02:00";
        RandomizedDelaySec = "60m";
        Unit = "update-${containerName}.service";
      };
      wantedBy = [ "timers.target" ];
    };
  };
}