frigate: Enable Frigate+ integration

To keep the API key a secret, we're encrypting the environment file in the repository with GnuPG. The decrypted copy only lives in the work tree and is never committed. Changes have to be re-encrypted and committed.
2023-09-21 16:29:30 -05:00 · 2023-09-21 16:29:30 -05:00 · dffa17410f
parent b80bee461a
commit dffa17410f
6 changed files with 14 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
+*.gpg diff=gpg
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 *.ign
+frigate.env
--- a/3
+++ b/3
@ -17,6 +17,9 @@ endef

 $(foreach t,$(wildcard *.yaml),$(eval $(call genrules,$(t))))

+%.env: %.env.gpg
+	gpg2 --decrypt $< > $@
+
 publish: \
 		nvr1.ign
 	rsync -rti $^ files.pyrocufflink.blue:public_html/
--- a/frigate.container
+++ b/frigate.container
@ -12,6 +12,7 @@ PodmanArgs=--gidmap 0:209:1
 PodmanArgs=--uidmap 1:6000001:65536
 PodmanArgs=--gidmap 1:6000001:65536
 PodmanArgs=--shm-size 256m
+EnvironmentFile=/etc/sysconfig/frigate
 Volume=/var/lib/frigate/media:/media/frigate:rw,z
 Volume=/var/lib/frigate/tmp:/tmp:rw,z
 Volume=/var/lib/frigate/config:/config:rw,z
--- a/frigate.env.gpg
+++ b/frigate.env.gpg
--- a/frigate.yaml
+++ b/frigate.yaml
@ -15,6 +15,14 @@ storage:
    mode: 0644
    contents:
      local: frigate.tmpfiles
+  - path: /etc/sysconfig/frigate
+    mode: 0640
+    user:
+      id: 0
+    group:
+      id: 209
+    contents:
+      local: frigate.env

 systemd:
  units: