configpolicy/roles/frigate/templates/frigate.service.j2

[Unit]
Description=Frigate

[Service]
Type=notify
NotifyAccess=all
ExecStartPre=-/usr/bin/podman container rm --ignore -f frigate
ExecStart=/usr/bin/podman run \
    --pull never \
    --sdnotify=conmon --cgroups=no-conmon \
    --rm \
    --network=host \
    --name frigate \
    -v /etc/frigate/frigate.yml:/config/config.yml:ro \
    -v /var/lib/frigate/tmp:/tmp:Z \
    -v /var/lib/frigate:/media/frigate:Z \
    --uidmap 0:{{ frigate_user.uid }}:1 \
    --gidmap 0:{{ frigate_user.group }}:1 \
    --uidmap 1:6000001:1024 \
    --gidmap 1:6000001:1024 \
    --uidmap 65534:6001025:1 \
    --gidmap 65534:6001025:1 \
{% if frigate_shm_size|d %}
    --shm-size {{ frigate_shm_size }}m \
{% endif %}
    docker.io/blakeblackshear/frigate:{{ frigate_image_tag }}
ProtectSystem=full
{% if ansible_distribution == 'Fedora' and ansible_distribution_version|int >= 36 %}
TemporaryFileSystem=/etc/containers/networks
ReadWritePaths=/etc/containers/networks
{% endif %}
UMask=0077

[Install]
WantedBy=multi-user.target