diff --git a/frigate.yml b/frigate.yml
new file mode 100644
index 0000000..0112a7b
--- /dev/null
+++ b/frigate.yml
@@ -0,0 +1,4 @@
+- hosts: frigate
+  roles:
+  - role: frigate
+    tags: frigate
diff --git a/hosts b/hosts
index 9fc1a19..2810bc2 100644
--- a/hosts
+++ b/hosts
@@ -41,6 +41,8 @@ bitwarden_rs
 [file-servers]
 file0.pyrocufflink.blue
 
+[frigate]
+
 [gitea]
 git0.pyrocufflink.blue
 
diff --git a/roles/frigate/defaults/main.yml b/roles/frigate/defaults/main.yml
new file mode 100644
index 0000000..c448bae
--- /dev/null
+++ b/roles/frigate/defaults/main.yml
@@ -0,0 +1,7 @@
+frigate_image_tag: '{{ frigate_default_image_tag }}'
+frigate_mqtt:
+  host: localhost
+frigate_detectors:
+  cpu:
+    type: cpu
+frigate_cameras: {}
diff --git a/roles/frigate/handlers/main.yml b/roles/frigate/handlers/main.yml
new file mode 100644
index 0000000..50c35b0
--- /dev/null
+++ b/roles/frigate/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: save firewalld configuration
+  command: firewall-cmd --runtime-to-permanent
+- name: reload systemd
+  command: systemctl daemon-reload
+- name: restart frigate
+  service:
+    name: frigate
+    state: restarted
diff --git a/roles/frigate/tasks/main.yml b/roles/frigate/tasks/main.yml
new file mode 100644
index 0000000..cf60223
--- /dev/null
+++ b/roles/frigate/tasks/main.yml
@@ -0,0 +1,115 @@
+- name: load architecture-specific values
+  include_vars: '{{ item }}'
+  with_first_found:
+  - '{{ ansible_architecture }}.yml'
+  - defaults.yml
+  tags:
+  - always
+
+- name: ensure podman is installed
+  package:
+    name: '{{ frigate_podman_packages }}'
+    state: present
+  tags:
+  - install
+
+- name: ensure frigate user exists
+  user:
+    name: frigate
+    system: true
+    home: /var/lib/frigate
+    createhome: false
+  register: frigate_user
+  tags:
+  - user
+
+- name: ensure frigate home directory exists
+  file:
+    path: /var/lib/frigate
+    owner: frigate
+    group: frigate
+    mode: '0755'
+    state: directory
+  tags:
+  - datadir
+- name: ensure frigate tmp directory exists
+  file:
+    path: /var/lib/frigate/tmp
+    owner: frigate
+    group: frigate
+    mode: '0700'
+    state: directory
+  tags:
+  - datadir
+
+- name: ensure frigate container image is available
+  podman_image:
+    name: docker.io/blakeblackshear/frigate:{{ frigate_image_tag }}
+    tag: stable
+    state: present
+    force: '{{ frigate_update|d|bool }}'
+  notify:
+  - restart frigate
+  tags:
+  - container-image
+  - container
+
+- name: ensure frigate systemd unit is installed
+  template:
+    src: frigate.service.j2
+    dest: /etc/systemd/system/frigate.service
+    mode: '0644'
+  notify:
+  - reload systemd
+  - restart frigate
+  tags:
+  - systemd
+- name: ensure frigate starts at boot
+  service:
+    name: frigate
+    enabled: true
+  tags:
+  - service
+
+- name: ensure frigate configuration directory exists
+  file:
+    path: /etc/frigate
+    mode: '0750'
+    owner: root
+    group: frigate
+    state: directory
+  tags:
+  - config
+- name: ensure frigate is configured
+  copy:
+    dest: /etc/frigate/frigate.yml
+    content: >-
+      {{ frigate_config|to_nice_yaml(indent=2) }}
+    mode: '0640'
+    owner: root
+    group: frigate
+  notify:
+  - restart frigate
+  tags:
+  - config
+
+- meta: flush_handlers
+- name: ensure frigate is running
+  service:
+    name: frigate
+    state: started
+  tags:
+  - service
+
+- name: ensure firewall is configured for frigate
+  firewalld:
+    port: '{{ item }}/tcp'
+    immediate: true
+    permanent: false
+    state: enabled
+  loop:
+  - 5000  # Frigate web UI/API
+  - 1935  # RTMP
+  notify: save firewalld configuration
+  tags:
+  - firewall
diff --git a/roles/frigate/templates/frigate.service.j2 b/roles/frigate/templates/frigate.service.j2
new file mode 100644
index 0000000..da3ad8c
--- /dev/null
+++ b/roles/frigate/templates/frigate.service.j2
@@ -0,0 +1,31 @@
+[Unit]
+Description=Frigate
+
+[Service]
+Type=notify
+NotifyAccess=all
+ExecStartPre=-/usr/bin/podman container rm --ignore -f frigate
+ExecStart=/usr/bin/podman run \
+    --pull never \
+    --sdnotify=conmon --cgroups=no-conmon \
+    --rm \
+    --network=host \
+    --name frigate \
+    -v /etc/frigate/frigate.yml:/config/config.yml:ro \
+    -v /var/lib/frigate/tmp:/tmp:Z \
+    -v /var/lib/frigate:/media/frigate:Z \
+    --uidmap 0:{{ frigate_user.uid }}:1 \
+    --gidmap 0:{{ frigate_user.group }}:1 \
+    --uidmap 1:6000001:1024 \
+    --gidmap 1:6000001:1024 \
+    --uidmap 65534:6001025:1 \
+    --gidmap 65534:6001025:1 \
+{% if frigate_shm_size|d %}
+    --shm-size {{ frigate_shm_size }}m \
+{% endif %}
+    docker.io/blakeblackshear/frigate:{{ frigate_image_tag }}
+ProtectSystem=full
+UMask=0077
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/frigate/vars/aarch64.yml b/roles/frigate/vars/aarch64.yml
new file mode 100644
index 0000000..5ac6d2f
--- /dev/null
+++ b/roles/frigate/vars/aarch64.yml
@@ -0,0 +1 @@
+frigate_default_image_tag: stable-aarch64
diff --git a/roles/frigate/vars/main.yml b/roles/frigate/vars/main.yml
new file mode 100644
index 0000000..294fd1f
--- /dev/null
+++ b/roles/frigate/vars/main.yml
@@ -0,0 +1,6 @@
+frigate_podman_packages:
+- podman
+frigate_config:
+  mqtt: '{{ frigate_mqtt }}'
+  detectors: '{{ frigate_detectors }}'
+  cameras: '{{ frigate_cameras }}'
diff --git a/roles/frigate/vars/x86_64.yml b/roles/frigate/vars/x86_64.yml
new file mode 100644
index 0000000..7b9881c
--- /dev/null
+++ b/roles/frigate/vars/x86_64.yml
@@ -0,0 +1 @@
+frigate_default_image_tag: stable-amd64