├── docker ├── deb-src.list ├── debian-rules-disable-udev.patch └── Dockerfile ├── .github ├── dependabot.yml └── workflows │ └── docker-publish.yml ├── docker-compose.yml ├── LICENSE ├── README.md └── frigate.syno-dsm7.json /docker/deb-src.list: -------------------------------------------------------------------------------- 1 | deb-src http://deb.debian.org/debian bullseye main 2 | -------------------------------------------------------------------------------- /docker/debian-rules-disable-udev.patch: -------------------------------------------------------------------------------- 1 | --- debian/rules 2022-01-01 22:11:07.713322324 +0000 2 | +++ debian/rules.patched 2022-01-01 22:12:06.863778098 +0000 3 | @@ -15,7 +15,7 @@ 4 | # Architecture targets 5 | # 6 | override_dh_auto_configure-arch: 7 | - dh_auto_configure --builddirectory build-deb -- --enable-tests-build 8 | + dh_auto_configure --builddirectory build-deb -- --enable-tests-build --disable-udev 9 | CFLAGS="$(CFLAGS) -Os" dh_auto_configure --builddirectory build-udeb -- --libdir=\$${prefix}/lib/ 10 | 11 | override_dh_auto_build-arch: 12 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "github-actions" 9 | directory: "/" 10 | schedule: 11 | interval: "daily" 12 | - package-ecosystem: "docker" # See documentation for possible values 13 | directory: "/docker" # Location of package manifests 14 | schedule: 15 | interval: "daily" 16 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | frigate: 3 | image: "ghcr.io/weltenwort/frigate-synology-dsm7:v0.11.1" 4 | privileged: true 5 | hostname: "frigate" 6 | restart: "unless-stopped" 7 | shm_size: "128mb" 8 | devices: 9 | - "/dev/dri/renderD128" # for intel hwaccel 10 | volumes: 11 | - "/dev/bus/usb:/dev/bus/usb" 12 | - "/etc/localtime:/etc/localtime:ro" 13 | - "/volume1/docker/volumes/frigate-0-config/config.yml:/config/config.yml:ro" 14 | - "/volume1/docker/volumes/frigate-0-media:/media/frigate:rw" 15 | - type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear 16 | target: /tmp/cache 17 | tmpfs: 18 | size: 1000000000 19 | ports: 20 | - "8001:5000" # web interface 21 | - "1935:1935" # RTMP feeds 22 | env_file: 23 | - "./secrets.env" 24 | environment: 25 | - LIBVA_DRIVER_NAME=i965 # if hwacl isn't working properly with the default iHD driver 26 | -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG FRIGATE_IMAGE=blakeblackshear/frigate:0.11.1 2 | ARG LIBUSB_PKG_VERSION=1.0.24 3 | ARG LIBUSB_PKG_BUILD=3 4 | 5 | FROM ${FRIGATE_IMAGE} AS build 6 | ARG DEBIAN_FRONTEND=noninteractive 7 | ARG LIBUSB_PKG_VERSION 8 | ADD deb-src.list /etc/apt/sources.list.d/ 9 | RUN apt-get update \ 10 | && apt-get install -y \ 11 | dpkg-dev 12 | RUN mkdir -p /root/libusb \ 13 | && cd /root/libusb \ 14 | && apt-get source libusb-1.0-0 \ 15 | && apt-get build-dep -y libusb-1.0-0 16 | ADD debian-rules-disable-udev.patch /root/ 17 | RUN cd "/root/libusb/libusb-1.0-${LIBUSB_PKG_VERSION}" \ 18 | && patch debian/rules < /root/debian-rules-disable-udev.patch \ 19 | && DEB_BUILD_OPTIONS="nocheck nodocs" dpkg-buildpackage -rfakeroot -b 20 | 21 | FROM ${FRIGATE_IMAGE} 22 | ARG DEBIAN_FRONTEND=noninteractive 23 | ARG LIBUSB_PKG_VERSION 24 | ARG LIBUSB_PKG_BUILD 25 | ARG TARGETARCH 26 | COPY --from=build "/root/libusb/libusb-1.0-0_${LIBUSB_PKG_VERSION}-${LIBUSB_PKG_BUILD}_${TARGETARCH}.deb" /root/ 27 | RUN dpkg -i "/root/libusb-1.0-0_${LIBUSB_PKG_VERSION}-${LIBUSB_PKG_BUILD}_${TARGETARCH}.deb" 28 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Felix Stürmer 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # frigate-synology-dsm7 2 | This provides a `Dockerfile` (with context) as well as a `docker-compose.yml` file to build a [frigate](https://github.com/blakeblackshear/frigate) docker image that supports using a Google Coral USB TPU. It is based on the official upstream frigate image but recompiles `libusb1` without `udev` support. 3 | 4 | ## Usage on the NAS with `docker-compose` but without `git` 5 | 6 | 1. SSH into the NAS. 7 | 8 | 2. Download the compose file: 9 | 10 | ```sh 11 | wget "https://github.com/weltenwort/frigate-synology-dsm7/raw/main/docker-compose.yml" 12 | ``` 13 | 14 | 3. Create environment file `secrets.env` to inject secrets: 15 | 16 | ```sh 17 | cat <secrets.env 18 | FRIGATE_MQTT_USERNAME=my-frigate-mqtt-username 19 | FRIGATE_MQTT_PASSWORD=my-frigate-mqtt-password 20 | FRIGATE_CAMERA_1_RTSP_CREDENTIALS=my-camera-1-username:my-camera-1-password 21 | FRIGATE_CAMERA_2_RTSP_CREDENTIALS=my-camera-2-username:my-camera-2-password 22 | EOF 23 | ``` 24 | 25 | 4. Create the volume directories (adjust paths if you changed them in the compose file): 26 | 27 | ```sh 28 | mkdir -p /volume1/docker/volumes/frigate-0-config 29 | mkdir -p /volume1/docker/volumes/frigate-0-media 30 | ``` 31 | 32 | 5. Edit the `docker-compose.yml` file and configure frigate with a config file at 33 | `/volume1/docker/volumes/frigate-0-config/config.yml` using the env 34 | variables. Adjust paths and env vars to match your choices above. 35 | 36 | 6. Start the container: 37 | 38 | ```sh 39 | sudo docker-compose up --detach --force-recreate 40 | ``` 41 | 42 | ## Usage on the NAS with `docker-compose` and `git` 43 | 44 | 1. SSH into the NAS. 45 | 46 | 2. Clone this repository: 47 | 48 | ```sh 49 | git clone https://github.com/weltenwort/frigate-synology-dsm7.git 50 | ``` 51 | 52 | 3. Create environment file `secrets.env` to inject secrets: 53 | 54 | ```sh 55 | cat <secrets.env 56 | FRIGATE_MQTT_USERNAME=my-frigate-mqtt-username 57 | FRIGATE_MQTT_PASSWORD=my-frigate-mqtt-password 58 | FRIGATE_CAMERA_1_RTSP_CREDENTIALS=my-camera-1-username:my-camera-1-password 59 | FRIGATE_CAMERA_2_RTSP_CREDENTIALS=my-camera-2-username:my-camera-2-password 60 | EOF 61 | ``` 62 | 63 | 4. Create the volume directories (adjust paths if you changed them in the compose file): 64 | 65 | ```sh 66 | mkdir -p /volume1/docker/volumes/frigate-0-config 67 | mkdir -p /volume1/docker/volumes/frigate-0-media 68 | ``` 69 | 70 | 5. Edit the `docker-compose.yml` file and configure frigate with a config file at 71 | `/volume1/docker/volumes/frigate-0-config/config.yml` using the env 72 | variables. Adjust paths and env vars to match your choices above. 73 | 74 | 6. Start the container: 75 | 76 | ```sh 77 | sudo docker-compose up --detach --force-recreate 78 | ``` 79 | -------------------------------------------------------------------------------- /frigate.syno-dsm7.json: -------------------------------------------------------------------------------- 1 | { 2 | "CapAdd" : null, 3 | "CapDrop" : null, 4 | "cmd" : "python3 -u -m frigate", 5 | "cpu_priority" : 0, 6 | "enable_publish_all_ports" : false, 7 | "enable_restart_policy" : false, 8 | "enabled" : false, 9 | "env_variables" : [ 10 | { 11 | "key" : "PATH", 12 | "value" : "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 13 | }, 14 | { 15 | "key" : "FLASK_ENV", 16 | "value" : "development" 17 | }, 18 | { 19 | "key" : "DEBIAN_FRONTEND", 20 | "value" : "noninteractive" 21 | }, 22 | { 23 | "key" : "LIBVA_DRIVER_NAME", 24 | "value" : "i965" 25 | }, 26 | { 27 | "key" : "FRIGATE_MQTT_USERNAME", 28 | "value" : "my-frigate-mqtt-username" 29 | }, 30 | { 31 | "key" : "FRIGATE_MQTT_PASSWORD", 32 | "value" : "my-frigate-mqtt-password" 33 | }, 34 | { 35 | "key" : "FRIGATE_CAMERA_1_RTSP_CREDENTIALS", 36 | "value" : "my-camera-1-username:my-camera-1-password" 37 | }, 38 | { 39 | "key" : "FRIGATE_CAMERA_2_RTSP_CREDENTIALS", 40 | "value" : "my-camera-2-username:my-camera-2-password" 41 | } 42 | ], 43 | "exporting" : false, 44 | "id" : "73409f302aa673eaf739a4b4e02dd98f23376150cf54f289f3349c2015dce5af", 45 | "image" : "ghcr.io/weltenwort/frigate-synology-dsm7:v0.11.1", 46 | "is_ddsm" : false, 47 | "is_package" : false, 48 | "links" : [], 49 | "memory_limit" : 0, 50 | "name" : "frigate", 51 | "network" : [ 52 | { 53 | "driver" : "bridge", 54 | "name" : "frigate_default" 55 | } 56 | ], 57 | "network_mode" : "frigate_default", 58 | "port_bindings" : [ 59 | { 60 | "container_port" : 1935, 61 | "host_port" : 1935, 62 | "type" : "tcp" 63 | }, 64 | { 65 | "container_port" : 5000, 66 | "host_port" : 8001, 67 | "type" : "tcp" 68 | } 69 | ], 70 | "privileged" : true, 71 | "shortcut" : { 72 | "enable_shortcut" : false, 73 | "enable_status_page" : false, 74 | "enable_web_page" : false, 75 | "web_page_url" : "" 76 | }, 77 | "use_host_network" : false, 78 | "volume_bindings" : [ 79 | { 80 | "host_absolute_path" : "/dev/bus/usb", 81 | "mount_point" : "/dev/bus/usb", 82 | "type" : "rw" 83 | }, 84 | { 85 | "host_absolute_path" : "/etc/localtime", 86 | "mount_point" : "/etc/localtime", 87 | "type" : "ro" 88 | }, 89 | { 90 | "host_volume_file" : "/docker/volumes/frigate-0-config/config.yml", 91 | "mount_point" : "/config/config.yml", 92 | "type" : "ro" 93 | }, 94 | { 95 | "host_volume_file" : "/docker/volumes/frigate-0-media", 96 | "mount_point" : "/media/frigate", 97 | "type" : "rw" 98 | } 99 | ] 100 | } 101 | -------------------------------------------------------------------------------- /.github/workflows/docker-publish.yml: -------------------------------------------------------------------------------- 1 | name: Build and publish docker image 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | # Publish semver tags as releases. 7 | tags: [ 'v*.*.*' ] 8 | pull_request: 9 | branches: [ main ] 10 | workflow_dispatch: 11 | 12 | env: 13 | # Use docker.io for Docker Hub if empty 14 | REGISTRY: ghcr.io 15 | # github.repository as / 16 | IMAGE_NAME: ${{ github.repository }} 17 | 18 | 19 | jobs: 20 | build: 21 | runs-on: ubuntu-latest 22 | permissions: 23 | contents: read 24 | packages: write 25 | # This is used to complete the identity challenge 26 | # with sigstore/fulcio when running outside of PRs. 27 | id-token: write 28 | 29 | steps: 30 | - name: Checkout repository 31 | uses: actions/checkout@v3 32 | 33 | # Install the cosign tool except on PR 34 | # https://github.com/sigstore/cosign-installer 35 | - name: Install cosign 36 | if: github.event_name != 'pull_request' 37 | uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b 38 | with: 39 | cosign-release: 'v1.12.1' 40 | 41 | # Workaround: https://github.com/docker/build-push-action/issues/461 42 | - name: Setup Docker buildx 43 | uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 44 | 45 | # Login against a Docker registry except on PR 46 | # https://github.com/docker/login-action 47 | - name: Log into registry ${{ env.REGISTRY }} 48 | if: github.event_name != 'pull_request' 49 | uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a 50 | with: 51 | registry: ${{ env.REGISTRY }} 52 | username: ${{ github.actor }} 53 | password: ${{ secrets.GITHUB_TOKEN }} 54 | 55 | # Extract metadata (tags, labels) for Docker 56 | # https://github.com/docker/metadata-action 57 | - name: Extract Docker metadata 58 | id: meta 59 | uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 60 | with: 61 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 62 | 63 | # Build and push Docker image with Buildx (don't push on PR) 64 | # https://github.com/docker/build-push-action 65 | - name: Build and push Docker image 66 | id: build-and-push 67 | uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 68 | with: 69 | platforms: linux/amd64 70 | context: ./docker 71 | push: ${{ github.event_name != 'pull_request' }} 72 | tags: ${{ steps.meta.outputs.tags }} 73 | labels: ${{ steps.meta.outputs.labels }} 74 | cache-from: type=gha 75 | cache-to: type=gha,mode=max 76 | 77 | # Sign the resulting Docker image digest except on PRs. 78 | # This will only write to the public Rekor transparency log when the Docker 79 | # repository is public to avoid leaking data. If you would like to publish 80 | # transparency data even for private images, pass --force to cosign below. 81 | # https://github.com/sigstore/cosign 82 | - name: Sign the published Docker image 83 | if: ${{ github.event_name != 'pull_request' }} 84 | env: 85 | COSIGN_EXPERIMENTAL: "true" 86 | # This step uses the identity token to provision an ephemeral certificate 87 | # against the sigstore community Fulcio instance. 88 | run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }} 89 | --------------------------------------------------------------------------------