Update modules/server/containers/apps/frigate.nix

2026-05-13 17:30:24 +02:00
parent 7e62883e66
commit 973fd78c1b
1 changed files with 95 additions and 3 deletions
--- a/modules/server/containers/apps/frigate.nix
+++ b/modules/server/containers/apps/frigate.nix
@@ -1,3 +1,95 @@
-{...}:{
+{ config, containerCfg, pkgs, lib, builder, name, ... }:
+let 
+  serverCfg = config.syscfg.server;
  
+  # Ensure the package is available (Nixpkgs includes frigate)
+  frigatePkg = pkgs.frigate;
+
+  image = pkgs.dockerTools.streamLayeredImage {
+    name = "frigate";
+    tag = frigatePkg.version;
+    contents = [ 
+      pkgs.bashInteractive 
+      frigatePkg
+      pkgs.ffmpeg # Explicitly included for video stream processing
+    ];
+    config = {
+      Entrypoint = [ "${frigatePkg}/bin/frigate" ];
+      Cmd = [ "start" ];
+      ExposedPorts = {
+        "5000/tcp" = {}; # Web UI / API
+        "8554/tcp" = {}; # RTSP Feeds
+        "8555/tcp" = {}; # WebRTC
+      };
+      Env = [
+        "FRIGATE_RTSP_PASSWORD=secret" # Base fallback, overridden by envFile/sops
+      ];
+    };
+  };
+in {
+  sops = true; # Enabled to safeguard sensitive camera RTSP stream credentials
+  db = false;  # Internal SQLite is used by default in Frigate
+
+  paths = [
+    {
+      path = "${serverCfg.configPath}/frigate/";
+      mode = "0755";
+    }
+    {
+      path = "/var/lib/frigate/storage/";
+      mode = "0755"; # Dedicated path for heavy video recordings and media
+    }
+  ];
+
+  containers = {
+    server = builder.mkContainer {
+      subdomain = containerCfg.subdomain;
+      imageStream = image;
+      port = 5000;
+      secret = name;
+      extraEnv = {
+        PLUS_API_KEY = ""; # Optional: For Frigate Plus users
+      };
+      overrides = {
+        cmd = [ ];
+        volumes = [
+          "${serverCfg.configPath}/frigate:/config"
+          "/var/lib/frigate/storage:/media/frigate"
+          "/dev/bus/usb:/dev/bus/usb" # Passes Google Coral USB TPU to the container
+          "/dev/dri:/dev/dri"         # Passes Intel/AMD GPU for hardware video decoding
+        ];
+      };
+    };
+  };
+
+  setup = {
+    trigger = "server";
+    envFile = config.sops.secrets."FRIGATE_ENV".path;
+    script = pkgs.writeShellScript "setup-frigate" ''
+      mkdir -p "${serverCfg.configPath}/frigate"
+      mkdir -p "/var/lib/frigate/storage"
+      
+      # Bootstrap a standard configuration layout if missing
+      if [ ! -f "${serverCfg.configPath}/frigate/config.yml" ]; then
+        cat <<EOF > "${serverCfg.configPath}/frigate/config.yml"
+mqtt:
+  enabled: False # Set to True and define host if connecting to Home Assistant
+
+database:
+  path: /config/frigate.db
+
+cameras:
+  dummy_camera: # Replace with your actual RTSP stream details
+    enabled: false
+    ffmpeg:
+      inputs:
+        - path: rtsp://127.0.0.1:554/live
+          roles:
+            - detect
+    detect:
+      enabled: false
+EOF
+      fi
+    '';
+  };
 }