r/frigate: Clean up Frigate role

* Switch to Quadlet-style `.container` for systemd unit * Update to new image tag naming scheme (not arch-specific) * Use environment variables for secrets * Allow the entire `frigate_config` variable to be overridden
2024-08-09 21:17:58 -05:00
parent 7b61a7da7e
commit 8dfb2e3e4f
7 changed files with 74 additions and 25 deletions
--- a/roles/frigate/templates/frigate.container.j2
+++ b/roles/frigate/templates/frigate.container.j2
@@ -0,0 +1,45 @@
+# vim: set ft=systemd.jinja :
+[Unit]
+Description=Frigate NVR
+Wants=network-online.target
+After=network-online.target
+{% if frigate_enable_tpu %}
+Requires=dev-apex_0.device
+After=dev-apex_0.device
+{% endif %}
+RequiresMountsFor=/var/lib/frigate
+
+[Container]
+Image={{ frigate_image }}
+Pull=never
+PodmanArgs=--uidmap 0:{{ frigate_user.uid }}:1
+PodmanArgs=--gidmap 0:{{ frigate_user.group }}:1
+PodmanArgs=--uidmap 1:6000001:65536
+PodmanArgs=--gidmap 1:6000001:65536
+{% if frigate_shm_size|d %}
+PodmanArgs=--shm-size {{ frigate_shm_size }}m
+{% endif %}
+EnvironmentFile=/etc/frigate/environ
+Volume=/var/lib/frigate/media:/media/frigate:rw,z,U
+Volume=/var/lib/frigate/tmp:/tmp:rw,z,U
+Volume=/etc/frigate/config.yml:/config/config.yml:ro
+{% if frigate_enable_tpu %}
+AddDevice=/dev/apex_0
+{% endif %}
+{% if frigate_enable_gpu %}
+AddDevice=/dev/dri/renderD128
+{% endif %}
+AddCapability=CAP_PERFMON
+Network=host
+Annotation=org.systemd.property.KillMode='none'
+
+[Service]
+UMask=0077
+Restart=always
+RestartSec=1
+TimeoutStopSec=infinity
+StateDirectory=%N/tmp
+StateDirectory=%N/media
+
+[Install]
+WantedBy=multi-user.target