foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

frigate: Don't store plaintext passwords in config

Browse source
This commit is contained in:
Timo Makinen 2024-06-25 16:13:35 +00:00
parent 13e602a76d
commit acf2853223
4 changed files with 16 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
roles/frigate/tasks/main.yml
View file

@ -71,6 +71,15 @@
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
notify: Restart frigate notify: Restart frigate
- name: Create environment config for service
ansible.builtin.template:
dest: /etc/sysconfig/frigate-container
src: frigate-container.sysconfig.j2
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
notify: Restart frigate
- name: Enable service - name: Enable service
ansible.builtin.service: ansible.builtin.service:
name: frigate-container name: frigate-container

3
roles/frigate/templates/frigate-container.service.j2
View file

@ -5,6 +5,7 @@ After=network-online.target
[Service] [Service]
User=frigate User=frigate
EnvironmentFile=/etc/sysconfig/frigate-container
ExecStart=/usr/bin/podman run \ ExecStart=/usr/bin/podman run \
--rm -p 127.0.0.1:8007:5000 \ --rm -p 127.0.0.1:8007:5000 \
--name frigate \ --name frigate \
@ -12,7 +13,7 @@ ExecStart=/usr/bin/podman run \
--volume /etc/frigate.yml:/config/config.yml:ro \ --volume /etc/frigate.yml:/config/config.yml:ro \
--volume /srv/frigate/media:/media/frigate:rw \ --volume /srv/frigate/media:/media/frigate:rw \
--volume /dev/bus/usb:/dev/bus/usb:rw \ --volume /dev/bus/usb:/dev/bus/usb:rw \
ghcr.io/blakeblackshear/frigate:{{ frigate_version }} --env=FRIGATE_* ghcr.io/blakeblackshear/frigate:{{ frigate_version }}
ExecStop=/usr/bin/podman stop --ignore frigate ExecStop=/usr/bin/podman stop --ignore frigate
ExecStopPost=/usr/bin/podman rm -f --ignore frigate ExecStopPost=/usr/bin/podman rm -f --ignore frigate

3
roles/frigate/templates/frigate-container.sysconfig.j2 Normal file
View file

@ -0,0 +1,3 @@
{% for camera in cctv_cameras %}
FRIGATE_{{ camera.name | upper }}_PASS="{{ camera.pass }}"
{% endfor %}

4
roles/frigate/templates/frigate.yml.j2
View file

@ -23,12 +23,12 @@ cameras:
enabled: true enabled: true
ffmpeg: ffmpeg:
inputs: inputs:
- path: "rtsp://viewer:{{ camera.pass }}@{{ camera.addr}}/h264Preview_01_sub" - path: "rtsp://viewer:{FRIGATE_{{ camera.name | upper }}_PASS}@{{ camera.addr}}/h264Preview_01_sub"
input_args: preset-rtsp-restream input_args: preset-rtsp-restream
roles: roles:
- detect - detect
- rtmp - rtmp
- path: "rtsp://viewer:{{ camera.pass }}@{{ camera.addr}}/h264Preview_01_main" - path: "rtsp://viewer:{FRIGATE_{{ camera.name | upper }}_PASS}@{{ camera.addr}}/h264Preview_01_main"
input_args: preset-rtsp-restream input_args: preset-rtsp-restream
roles: roles:
- record - record