From dffa17410fe17c46086ea2285a1f1308d2e529c5 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Thu, 21 Sep 2023 16:29:30 -0500
Subject: [PATCH] frigate: Enable Frigate+ integration

To keep the API key a secret, we're encrypting the environment file in
the repository with GnuPG.  The decrypted copy only lives in the work
tree and is never committed. Changes have to be re-encrypted and
committed.
---
 .gitattributes    |   1 +
 .gitignore        |   1 +
 Makefile          |   3 +++
 frigate.container |   1 +
 frigate.env.gpg   | Bin 0 -> 358 bytes
 frigate.yaml      |   8 ++++++++
 6 files changed, 14 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 frigate.env.gpg

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..f97b721
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.gpg diff=gpg
diff --git a/.gitignore b/.gitignore
index 69f48e5..0b535ae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.ign
+frigate.env
diff --git a/Makefile b/Makefile
index a6c7693..9fdba50 100644
--- a/Makefile
+++ b/Makefile
@@ -17,6 +17,9 @@ endef
 
 $(foreach t,$(wildcard *.yaml),$(eval $(call genrules,$(t))))
 
+%.env: %.env.gpg
+	gpg2 --decrypt $< > $@
+
 publish: \
 		nvr1.ign
 	rsync -rti $^ files.pyrocufflink.blue:public_html/
diff --git a/frigate.container b/frigate.container
index 86de445..353bbce 100644
--- a/frigate.container
+++ b/frigate.container
@@ -12,6 +12,7 @@ PodmanArgs=--gidmap 0:209:1
 PodmanArgs=--uidmap 1:6000001:65536
 PodmanArgs=--gidmap 1:6000001:65536
 PodmanArgs=--shm-size 256m
+EnvironmentFile=/etc/sysconfig/frigate
 Volume=/var/lib/frigate/media:/media/frigate:rw,z
 Volume=/var/lib/frigate/tmp:/tmp:rw,z
 Volume=/var/lib/frigate/config:/config:rw,z
diff --git a/frigate.env.gpg b/frigate.env.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..ac86016ae66a4a864ec16ffb79a8f930b41b0554
GIT binary patch
literal 358
zcmV-s0h#`U!UG{q=7wgdE)x<2BLo3IorPV0_M*d(ut7S(U|F=wOeFMem73=uef%LH
z=l?eMvVrH{8YR%ZLw#5PxM+GG*`vem>GsMU*BeV<64V$L0aKf~wcip-?Pt>)38Fm^
zJpn?%tC2$pcpC@)19pW+vC}B2CJQS0z_%e8>^ppm+P-SL<K)DV^CVwE=F<CUnd&g{
z0o(3B?XDepL)ZaUw)y;qm9_%Q938B+2}~Vz_6vZrSJReo&bSAAk&1ow7|+SlpaF)(
zqkK=iIuQr@Aju78z^@IUWY|`4%M<?comeUIlWzW{GK?Nf?3Lt!{R~HuSOAs=w;Iph
zLXF(=z==JdQf@IltfLKJ>-+BP$Txo#CO&w8HKdoOmp>(*X~&Y&FygFxnf?1c`VYuN
zkQ|s1T%LuHc6s^ANvcd*JwsUA#s*xkTvhkpVtF-Dm!+R5VNGVih@IxJ`$bgpPEYAP
EaTT$%E&u=k

literal 0
HcmV?d00001

diff --git a/frigate.yaml b/frigate.yaml
index 3b8a270..937118e 100644
--- a/frigate.yaml
+++ b/frigate.yaml
@@ -15,6 +15,14 @@ storage:
     mode: 0644
     contents:
       local: frigate.tmpfiles
+  - path: /etc/sysconfig/frigate
+    mode: 0640
+    user:
+      id: 0
+    group:
+      id: 209
+    contents:
+      local: frigate.env
 
 systemd:
   units: