From b37884ffd6b9273a412f568bc4f8e9ba13717395 Mon Sep 17 00:00:00 2001
From: Annika Merris <annika@adhdgirl.dev>
Date: Fri, 30 Jan 2026 23:53:02 +0000
Subject: [PATCH] Added Frigate and samba share roles

---
 .../minilab/roles/frigate/tasks/main.yaml     | 46 +++++++++++++++++++
 .../frigate/templates/docker-compose.yaml.j2  | 27 +++++++++++
 .../minilab/roles/frigate/vars/main.yaml      |  9 ++++
 .../roles/service_share/tasks/main.yaml       | 41 +++++++++++++++++
 .../service_share/templates/smbcredentials.j2 |  2 +
 .../roles/service_share/vars/main.yaml        |  9 ++++
 inventory/group_vars/all.yaml                 |  2 +-
 inventory/host_vars/curren.yaml               |  3 ++
 inventory/hosts.yaml                          |  7 +++
 minilab.yaml                                  |  6 +++
 10 files changed, 151 insertions(+), 1 deletion(-)
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/frigate/tasks/main.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/frigate/templates/docker-compose.yaml.j2
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/frigate/vars/main.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/service_share/tasks/main.yaml
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/service_share/templates/smbcredentials.j2
 create mode 100644 collections/ansible_collections/adhdgirl/minilab/roles/service_share/vars/main.yaml
 create mode 100644 inventory/host_vars/curren.yaml

diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/frigate/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/frigate/tasks/main.yaml
new file mode 100644
index 0000000..797bc0e
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/frigate/tasks/main.yaml
@@ -0,0 +1,46 @@
+---
+- name: Load distro-specific variables
+  ansible.builtin.include_vars: '{{ item }}'
+  tags: always
+  with_first_found:
+    - files:
+        - "{{ ansible_facts['distribution'] }}.yaml"
+      skip: true
+
+- name: Ensure frigate is running on this device
+  block:
+    - name: Ensure presense of folders for frigate
+      tags: packages,docker,frigate
+      ansible.builtin.file:
+        path: /opt/frigate/config
+        state: directory
+        recurse: true
+        owner: 1000
+        group: 1000
+        mode: "0755"
+    - name: Ensure compose files are properly loaded on the server
+      tags: packages,docker,frigate
+      ansible.builtin.template:
+        src: docker-compose.yaml.j2
+        dest: /opt/frigate/docker-compose.yaml
+        owner: 1000
+        group: 1000
+        mode: "0644"
+    # - name: Ensure frigate config is available for container
+    #   tags: packages,frigate
+    #   ansible.builtin.template:
+    #     src: frigate-config.yaml.j2
+    #     dest: /opt/frigate/config/server.yml
+    #     owner: 1000
+    #     group: 1000
+    #     mode: "0644"
+    - name: Ensure docker containers are pulled and running
+      tags: packages,docker,frigate
+      community.docker.docker_compose_v2:
+        project_src: /opt/frigate
+        pull: policy
+
+  rescue:
+    - name: Set that this task failed
+      ansible.builtin.set_fact:
+        task_failed: true
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/frigate/templates/docker-compose.yaml.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/frigate/templates/docker-compose.yaml.j2
new file mode 100644
index 0000000..8e783dd
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/frigate/templates/docker-compose.yaml.j2
@@ -0,0 +1,27 @@
+---
+services:
+  frigate:
+    container_name: frigate
+    # privileged: true # this may not be necessary for all setups
+    restart: unless-stopped
+    stop_grace_period: 30s # allow enough time to shut down the various services
+    image: ghcr.io/blakeblackshear/frigate:{{ frigate_image_tag }}
+    shm_size: "512mb" # update for your cameras based on calculation above
+    devices:
+      - /dev/dri/renderD128:/dev/dri/renderD128 # For intel hwaccel, needs to be updated for your hardware
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /opt/frigate/config:/config
+      - /mnt/service-storage:/media/frigate
+      - type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear
+        target: /tmp/cache
+        tmpfs:
+          size: 1000000000
+    ports:
+      - "8971:8971"
+      # - "5000:5000" # Internal unauthenticated access. Expose carefully.
+      - "8554:8554" # RTSP feeds
+      - "8555:8555/tcp" # WebRTC over tcp
+      - "8555:8555/udp" # WebRTC over udp
+    environment:
+      FRIGATE_RTSP_PASSWORD: "{{ frigate_rtsp_passwd }}"
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/frigate/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/frigate/vars/main.yaml
new file mode 100644
index 0000000..49ece21
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/frigate/vars/main.yaml
@@ -0,0 +1,9 @@
+---
+frigate_rtsp_passwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32303838626238633166343130626263383237356566363830656432373637626237366162396131
+          3439633565626161303538353462636363323961656462300a323338383533386136376638376230
+          31363135633230333637366438346331656632353565323837356330363934656232333063646264
+          3561646234623133330a323731336437383438633630393065343363306636343634663162656539
+          3162
+frigate_image_tag: 0.16.4
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/service_share/tasks/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/service_share/tasks/main.yaml
new file mode 100644
index 0000000..e77eb24
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/service_share/tasks/main.yaml
@@ -0,0 +1,41 @@
+---
+- name: Load distro-specific variables
+  ansible.builtin.include_vars: '{{ item }}'
+  tags: always
+  with_first_found:
+    - files:
+        - "{{ ansible_facts['distribution'] }}.yaml"
+      skip: true
+
+- name: Ensure frigate is running on this device
+  block:
+    - name: Ensure mount point exists
+      tags: mount
+      ansible.builtin.file:
+        path: /mnt/service_storage
+        state: directory
+        recurse: true
+        owner: 1000
+        group: 1000
+        mode: "0775"
+    - name: Ensure mount settings are placed in fstab and the share is mounted
+      tags: nas,samba,mount
+      ansible.posix.mount:
+        path: /mnt/service_storage
+        src: //10.69.2.20/service_storage
+        fstype: cifs
+        opts: _netdev,x-systemd,automount,noatime,uid=1000,gid=1000,dir_mode=0775,file_mode=0775,credentials=/root/.smbcredentials
+        state: mounted
+    - name: Ensure share credentials are stored on the server
+      tags: nas,samba,credentials
+      ansible.builtin.template:
+        src: smbcredentials.j2
+        dest: /root/.smbcredentials
+        owner: root
+        group: root
+        mode: "0600"
+
+  rescue:
+    - name: Set that this task failed
+      ansible.builtin.set_fact:
+        task_failed: true
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/service_share/templates/smbcredentials.j2 b/collections/ansible_collections/adhdgirl/minilab/roles/service_share/templates/smbcredentials.j2
new file mode 100644
index 0000000..4175c48
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/service_share/templates/smbcredentials.j2
@@ -0,0 +1,2 @@
+username={{ service_share_smb_username }}
+password={{ service_share_smb_password }}
diff --git a/collections/ansible_collections/adhdgirl/minilab/roles/service_share/vars/main.yaml b/collections/ansible_collections/adhdgirl/minilab/roles/service_share/vars/main.yaml
new file mode 100644
index 0000000..9d7d77a
--- /dev/null
+++ b/collections/ansible_collections/adhdgirl/minilab/roles/service_share/vars/main.yaml
@@ -0,0 +1,9 @@
+---
+service_share_smb_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64363432323165386364323936663133396531316363646662616666343166326364356532646362
+          3265373066363734303930366638306461346435313234330a643361323764326135303936333363
+          31376433363166646335376265656266343335383864613266383131663165653630393663363062
+          6339633639653031330a613336376133363034663363663430396532663131613664643963353531
+          6130
+service_share_smb_username: annika
diff --git a/inventory/group_vars/all.yaml b/inventory/group_vars/all.yaml
index a6dce73..738b79e 100644
--- a/inventory/group_vars/all.yaml
+++ b/inventory/group_vars/all.yaml
@@ -6,5 +6,5 @@ debian_derivatives:
   - "Ubuntu"
 global_dns_servers:
   - 10.69.2.4
-  - 10.69.9.11
+  - 10.69.10.12
 # code: language=ansible
diff --git a/inventory/host_vars/curren.yaml b/inventory/host_vars/curren.yaml
new file mode 100644
index 0000000..ad3168d
--- /dev/null
+++ b/inventory/host_vars/curren.yaml
@@ -0,0 +1,3 @@
+---
+server_name: curren
+ansible_python_interpreter: /usr/bin/python3
diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml
index f5f2382..dcf943e 100644
--- a/inventory/hosts.yaml
+++ b/inventory/hosts.yaml
@@ -23,6 +23,8 @@ all:
       ansible_host: 10.69.2.52
     ida:
       ansible_host: 10.69.2.53
+    curren:
+      ansible_host: 10.69.10.13
   children:
     alpine:
       hosts:
@@ -39,6 +41,7 @@ all:
         knivi:
         reir:
         # trady:
+        curren:
     docker:
       hosts:
         adguard:
@@ -47,6 +50,7 @@ all:
         # trady:
         stephanie:
         nemetona:
+        curren:
     unifi_controller:
       hosts:
         # pump:
@@ -69,3 +73,6 @@ all:
     arr:
       hosts:
         nemetona:
+    frigate:
+      hosts:
+        curren:
diff --git a/minilab.yaml b/minilab.yaml
index 44ac57a..943b565 100644
--- a/minilab.yaml
+++ b/minilab.yaml
@@ -58,3 +58,9 @@
     - adhdgirl.minilab.ntfy
     - adhdgirl.minilab.cloudflared
     - adhdgirl.minilab.termix
+- name: Configure frigate
+  hosts: curren
+  tags: docker,frigate
+  become: true
+  roles:
+    - adhdgirl.minilab.frigate