r/frigate: Add role to deploy Frigate

Frigate is an NVR that uses machine learning to detect objects on camera
in real time.  It integrates with Home Assistant to expose sensors which
can be used for automation, etc.

The only official way to deploy Frigate is with a container, so we use
Podman and systemd to manage it.

frigate.yml

@@ -0,0 +1,4 @@
+- hosts: frigate
+  roles:
+  - role: frigate
+    tags: frigate

hosts

@@ -41,6 +41,8 @@ bitwarden_rs
 [file-servers]
 file0.pyrocufflink.blue
 
+[frigate]
+
 [gitea]
 git0.pyrocufflink.blue
 

roles/frigate/defaults/main.yml

@@ -0,0 +1,7 @@
+frigate_image_tag: '{{ frigate_default_image_tag }}'
+frigate_mqtt:
+  host: localhost
+frigate_detectors:
+  cpu:
+    type: cpu
+frigate_cameras: {}

roles/frigate/handlers/main.yml

@@ -0,0 +1,8 @@
+- name: save firewalld configuration
+  command: firewall-cmd --runtime-to-permanent
+- name: reload systemd
+  command: systemctl daemon-reload
+- name: restart frigate
+  service:
+    name: frigate
+    state: restarted

roles/frigate/tasks/main.yml

@@ -0,0 +1,115 @@
+- name: load architecture-specific values
+  include_vars: '{{ item }}'
+  with_first_found:
+  - '{{ ansible_architecture }}.yml'
+  - defaults.yml
+  tags:
+  - always
+
+- name: ensure podman is installed
+  package:
+    name: '{{ frigate_podman_packages }}'
+    state: present
+  tags:
+  - install
+
+- name: ensure frigate user exists
+  user:
+    name: frigate
+    system: true
+    home: /var/lib/frigate
+    createhome: false
+  register: frigate_user
+  tags:
+  - user
+
+- name: ensure frigate home directory exists
+  file:
+    path: /var/lib/frigate
+    owner: frigate
+    group: frigate
+    mode: '0755'
+    state: directory
+  tags:
+  - datadir
+- name: ensure frigate tmp directory exists
+  file:
+    path: /var/lib/frigate/tmp
+    owner: frigate
+    group: frigate
+    mode: '0700'
+    state: directory
+  tags:
+  - datadir
+
+- name: ensure frigate container image is available
+  podman_image:
+    name: docker.io/blakeblackshear/frigate:{{ frigate_image_tag }}
+    tag: stable
+    state: present
+    force: '{{ frigate_update|d|bool }}'
+  notify:
+  - restart frigate
+  tags:
+  - container-image
+  - container
+
+- name: ensure frigate systemd unit is installed
+  template:
+    src: frigate.service.j2
+    dest: /etc/systemd/system/frigate.service
+    mode: '0644'
+  notify:
+  - reload systemd
+  - restart frigate
+  tags:
+  - systemd
+- name: ensure frigate starts at boot
+  service:
+    name: frigate
+    enabled: true
+  tags:
+  - service
+
+- name: ensure frigate configuration directory exists
+  file:
+    path: /etc/frigate
+    mode: '0750'
+    owner: root
+    group: frigate
+    state: directory
+  tags:
+  - config
+- name: ensure frigate is configured
+  copy:
+    dest: /etc/frigate/frigate.yml
+    content: >-
+      {{ frigate_config|to_nice_yaml(indent=2) }}
+    mode: '0640'
+    owner: root
+    group: frigate
+  notify:
+  - restart frigate
+  tags:
+  - config
+
+- meta: flush_handlers
+- name: ensure frigate is running
+  service:
+    name: frigate
+    state: started
+  tags:
+  - service
+
+- name: ensure firewall is configured for frigate
+  firewalld:
+    port: '{{ item }}/tcp'
+    immediate: true
+    permanent: false
+    state: enabled
+  loop:
+  - 5000  # Frigate web UI/API
+  - 1935  # RTMP
+  notify: save firewalld configuration
+  tags:
+  - firewall

roles/frigate/templates/frigate.service.j2

@@ -0,0 +1,31 @@
+[Unit]
+Description=Frigate
+
+[Service]
+Type=notify
+NotifyAccess=all
+ExecStartPre=-/usr/bin/podman container rm --ignore -f frigate
+ExecStart=/usr/bin/podman run \
+    --pull never \
+    --sdnotify=conmon --cgroups=no-conmon \
+    --rm \
+    --network=host \
+    --name frigate \
+    -v /etc/frigate/frigate.yml:/config/config.yml:ro \
+    -v /var/lib/frigate/tmp:/tmp:Z \
+    -v /var/lib/frigate:/media/frigate:Z \
+    --uidmap 0:{{ frigate_user.uid }}:1 \
+    --gidmap 0:{{ frigate_user.group }}:1 \
+    --uidmap 1:6000001:1024 \
+    --gidmap 1:6000001:1024 \
+    --uidmap 65534:6001025:1 \
+    --gidmap 65534:6001025:1 \
+{% if frigate_shm_size|d %}
+    --shm-size {{ frigate_shm_size }}m \
+{% endif %}
+    docker.io/blakeblackshear/frigate:{{ frigate_image_tag }}
+ProtectSystem=full
+UMask=0077
+
+[Install]
+WantedBy=multi-user.target

roles/frigate/vars/aarch64.yml

@@ -0,0 +1 @@
+frigate_default_image_tag: stable-aarch64

roles/frigate/vars/main.yml

@@ -0,0 +1,6 @@
+frigate_podman_packages:
+- podman
+frigate_config:
+  mqtt: '{{ frigate_mqtt }}'
+  detectors: '{{ frigate_detectors }}'
+  cameras: '{{ frigate_cameras }}'

roles/frigate/vars/x86_64.yml

@@ -0,0 +1 @@
+frigate_default_image_tag: stable-amd64