services:
  frigate:
    hostname: frigate
    privileged: true
    restart: unless-stopped
    image: ghcr.io/blakeblackshear/frigate:stable
    cap_add:
      - CAP_PERFMON
      - CAP_NET_ADMIN
      - CAP_NET_RAW
    shm_size: 128mb
    devices:
      - /dev/apex_0:/dev/apex_0
      - /dev/dri/renderD128:/dev/dri/renderD128
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /db/frigate:/db
      - /opt/frigate/config.yml:/config/config.yml
      - /mnt/frigate/media:/media/frigate
      - type: tmpfs
        target: /tmp/cache
        tmpfs:
          size: 1000000000
      - /certs:/certs
    ports:
      - 5000:5000 # (HTTP): Internal, unauthenticated access. Good for local access or Home Assistant integration, but should be blocked externally
      - 8554:8554 # (RTSP): For streaming camera feeds, especially the Birdseye view
      - 8555:8555/tcp # (WebRTC): For two-way audio and live streams, often used by mobile apps
      - 8555:8555/udp # (WebRTC): For two-way audio and live streams, often used by mobile apps
      - 8971:8971 # (HTTPS/WS): Main authenticated access for UI and API. Use with reverse proxies for TLS/SSL
    env_file: .frigate.env
networks: {}