From 8dfb2e3e4fdcc9e1d1d5d1d78f8713ebf9e0bdef Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Fri, 9 Aug 2024 21:17:58 -0500 Subject: [PATCH] r/frigate: Clean up Frigate role * Switch to Quadlet-style `.container` for systemd unit * Update to new image tag naming scheme (not arch-specific) * Use environment variables for secrets * Allow the entire `frigate_config` variable to be overridden --- roles/frigate/defaults/main.yml | 11 ++++- roles/frigate/tasks/main.yml | 34 +++++++-------- roles/frigate/templates/frigate.container.j2 | 45 ++++++++++++++++++++ roles/frigate/templates/frigate.environ.j2 | 3 ++ roles/frigate/vars/aarch64.yml | 1 - roles/frigate/vars/main.yml | 4 -- roles/frigate/vars/x86_64.yml | 1 - 7 files changed, 74 insertions(+), 25 deletions(-) create mode 100644 roles/frigate/templates/frigate.container.j2 create mode 100644 roles/frigate/templates/frigate.environ.j2 diff --git a/roles/frigate/defaults/main.yml b/roles/frigate/defaults/main.yml index c448bae..30b2b9b 100644 --- a/roles/frigate/defaults/main.yml +++ b/roles/frigate/defaults/main.yml @@ -1,7 +1,16 @@ -frigate_image_tag: '{{ frigate_default_image_tag }}' +frigate_image_tag: 0.12.1 +frigate_image: ghcr.io/blakeblackshear/frigate:{{ frigate_image_tag }} frigate_mqtt: host: localhost frigate_detectors: cpu: type: cpu frigate_cameras: {} +frigate_enable_gpu: false +frigate_enable_tpu: false +frigate_shm_size: 256 +frigate_config: + mqtt: '{{ frigate_mqtt }}' + detectors: '{{ frigate_detectors }}' + cameras: '{{ frigate_cameras }}' +frigate_env: {} diff --git a/roles/frigate/tasks/main.yml b/roles/frigate/tasks/main.yml index 0248946..71c48ef 100644 --- a/roles/frigate/tasks/main.yml +++ b/roles/frigate/tasks/main.yml @@ -44,7 +44,7 @@ - name: ensure frigate container image is available podman_image: - name: docker.io/blakeblackshear/frigate:{{ frigate_image_tag }} + name: '{{ frigate_image }}' tag: stable state: present force: '{{ frigate_update|d|bool }}' @@ -54,22 +54,16 @@ - container-image - container -- name: ensure frigate systemd unit is installed +- name: ensure frigate container unit is installed template: - src: frigate.service.j2 - dest: /etc/systemd/system/frigate.service - mode: '0644' + src: frigate.container.j2 + dest: /etc/containers/systemd/frigate.container + mode: u=rw,go=r notify: - reload systemd - restart frigate tags: - systemd -- name: ensure frigate starts at boot - service: - name: frigate - enabled: true - tags: - - service - name: ensure frigate configuration directory exists file: @@ -82,7 +76,7 @@ - config - name: ensure frigate is configured copy: - dest: /etc/frigate/frigate.yml + dest: /etc/frigate/config.yml content: >- {{ frigate_config|to_nice_yaml(indent=2) }} mode: '0640' @@ -92,13 +86,17 @@ - restart frigate tags: - config - -- name: ensure frigate starts at boot - service: - name: frigate - enabled: true +- name: ensure frigate environment is set + template: + src: frigate.environ.j2 + dest: /etc/frigate/environ + mode: u=r,go= + owner: root + group: root + notify: + - restart frigate tags: - - service + - config - name: flush handlers meta: flush_handlers diff --git a/roles/frigate/templates/frigate.container.j2 b/roles/frigate/templates/frigate.container.j2 new file mode 100644 index 0000000..08373c5 --- /dev/null +++ b/roles/frigate/templates/frigate.container.j2 @@ -0,0 +1,45 @@ +# vim: set ft=systemd.jinja : +[Unit] +Description=Frigate NVR +Wants=network-online.target +After=network-online.target +{% if frigate_enable_tpu %} +Requires=dev-apex_0.device +After=dev-apex_0.device +{% endif %} +RequiresMountsFor=/var/lib/frigate + +[Container] +Image={{ frigate_image }} +Pull=never +PodmanArgs=--uidmap 0:{{ frigate_user.uid }}:1 +PodmanArgs=--gidmap 0:{{ frigate_user.group }}:1 +PodmanArgs=--uidmap 1:6000001:65536 +PodmanArgs=--gidmap 1:6000001:65536 +{% if frigate_shm_size|d %} +PodmanArgs=--shm-size {{ frigate_shm_size }}m +{% endif %} +EnvironmentFile=/etc/frigate/environ +Volume=/var/lib/frigate/media:/media/frigate:rw,z,U +Volume=/var/lib/frigate/tmp:/tmp:rw,z,U +Volume=/etc/frigate/config.yml:/config/config.yml:ro +{% if frigate_enable_tpu %} +AddDevice=/dev/apex_0 +{% endif %} +{% if frigate_enable_gpu %} +AddDevice=/dev/dri/renderD128 +{% endif %} +AddCapability=CAP_PERFMON +Network=host +Annotation=org.systemd.property.KillMode='none' + +[Service] +UMask=0077 +Restart=always +RestartSec=1 +TimeoutStopSec=infinity +StateDirectory=%N/tmp +StateDirectory=%N/media + +[Install] +WantedBy=multi-user.target diff --git a/roles/frigate/templates/frigate.environ.j2 b/roles/frigate/templates/frigate.environ.j2 new file mode 100644 index 0000000..c02aadc --- /dev/null +++ b/roles/frigate/templates/frigate.environ.j2 @@ -0,0 +1,3 @@ +{% for key, value in frigate_env.items() %} +{{ key }}={{ value }} +{% endfor %} diff --git a/roles/frigate/vars/aarch64.yml b/roles/frigate/vars/aarch64.yml index 5ac6d2f..e69de29 100644 --- a/roles/frigate/vars/aarch64.yml +++ b/roles/frigate/vars/aarch64.yml @@ -1 +0,0 @@ -frigate_default_image_tag: stable-aarch64 diff --git a/roles/frigate/vars/main.yml b/roles/frigate/vars/main.yml index 294fd1f..83b6884 100644 --- a/roles/frigate/vars/main.yml +++ b/roles/frigate/vars/main.yml @@ -1,6 +1,2 @@ frigate_podman_packages: - podman -frigate_config: - mqtt: '{{ frigate_mqtt }}' - detectors: '{{ frigate_detectors }}' - cameras: '{{ frigate_cameras }}' diff --git a/roles/frigate/vars/x86_64.yml b/roles/frigate/vars/x86_64.yml index 7b9881c..e69de29 100644 --- a/roles/frigate/vars/x86_64.yml +++ b/roles/frigate/vars/x86_64.yml @@ -1 +0,0 @@ -frigate_default_image_tag: stable-amd64