Added Frigate

README.md

@@ -90,6 +90,7 @@ ScaleTail provides ready-to-run [Docker Compose](https://docs.docker.com/compose
 | 🎧 **Audiobookshelf** | A self-hosted audiobook and podcast server with multi-user support and playback syncing.    | [Details](services/audiobookshelf) |
 | 🎥 **Bazarr**         | A companion tool to Radarr and Sonarr for managing subtitles.                               | [Details](services/bazarr)         |
 | 📚 **BookLore**       | A self-hosted application for managing and reading books.                                   | [Details](services/booklore)       |
+| 🎥 **Frigate**        | A self-hosted NVR with real-time AI object detection for IP cameras and local video monitoring. | [Details](services/frigate)        |
 | 🎮 **Hytale**         | A self-hosted Hytale game server.                                                           | [Details](services/hytale)         |
 | 🖼️ **Immich**         | A self-hosted Google Photos alternative with face recognition and mobile sync.              | [Details](services/immich)         |
 | 📺 **Jellyfin**       | An open-source media system that puts you in control of managing and streaming your media.  | [Details](services/jellyfin)       |

services/frigate/.env

@@ -0,0 +1,17 @@
+#version=1.1
+#URL=https://github.com/tailscale-dev/ScaleTail
+#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure.
+
+# Service Configuration
+SERVICE=frigate # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}).
+IMAGE_URL=ghcr.io/blakeblackshear/frigate:stable # Docker image URL from container registry (e.g., adguard/adguard-home).
+
+# Network Configuration
+SERVICEPORT=8971 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable.
+DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable.
+
+# Tailscale Configuration
+TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions.
+
+# Optional Service variables
+# PUID=1000

services/frigate/README.md

@@ -0,0 +1,40 @@
+# Frigate with Tailscale Sidecar Configuration
+
+This Docker Compose configuration sets up **Frigate** with Tailscale as a sidecar container, enabling secure, private access to your NVR and AI-based camera monitoring system over your Tailnet.
+
+## Frigate
+
+[Frigate](https://github.com/blakeblackshear/frigate) is an open-source network video recorder (NVR) designed for real-time object detection using AI. It integrates with IP cameras and leverages hardware acceleration (such as Google Coral, GPUs, or CPUs) to detect objects like people, cars, and animals with high efficiency.
+
+Frigate is often paired with Tailscale to ensure that camera feeds, recordings, and detection events remain completely private, accessible only from trusted devices on your Tailnet rather than being exposed to the public internet.
+
+## Configuration Overview
+
+In this setup, the `tailscale-frigate` service runs Tailscale, which manages secure networking for Frigate. The `frigate` container shares the network stack using Docker’s `network_mode: service:tailscale-frigate`.
+
+This ensures:
+
+- No public ports are exposed by default
+- Access is restricted to your Tailnet
+- HTTPS access can be enabled via Tailscale Serve if desired
+
+## Key Features
+
+- Real-time AI object detection (people, vehicles, animals, etc.)
+- Local processing with optional hardware acceleration (Coral, GPU, CPU)
+- RTSP camera support
+- Event-based recording and snapshots
+- Web UI for live view and playback
+- MQTT integration for automation systems like Home Assistant
+
+## Files to Check
+
+Please review:
+
+- `.env` → Ensure `TS_AUTHKEY` is set
+
+## Useful Links
+
+- Frigate Documentation: <https://docs.frigate.video/>
+- GitHub Repository: <https://github.com/blakeblackshear/frigate>
+- Hardware Acceleration Guide: <https://docs.frigate.video/hardware/>

services/frigate/compose.yaml

@@ -0,0 +1,89 @@
+configs:
+  ts-serve:
+    content: |
+      {"TCP":{"443":{"HTTPS":true}},
+      "Web":{"$${TS_CERT_DOMAIN}:443":
+          {"Handlers":{"/":
+          {"Proxy":"https+insecure://127.0.0.1:8971"}}}},
+      "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}}
+
+services:
+# Make sure you have updated/checked the .env file with the correct variables. 
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: tailscale-${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true              # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234       # The <addr>:<port> for the healthz endpoint
+      #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
+      - TS_AUTH_ONCE=true
+    configs:
+      - source: ts-serve
+        target: /config/serve.json
+    volumes:
+      - ./config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+    ports:
+      # - "5000:5000" # Internal unauthenticated access. Expose carefully.
+      - "8554:8554" # RTSP feeds
+      - "8555:8555/tcp" # WebRTC over tcp
+      - "8555:8555/udp" # WebRTC over udp
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    #dns: 
+    #  - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  application:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE} # Name for local container management
+    privileged: true # this may not be necessary for all setups, but Frigate needs access to the host's hardware for video processing. Adjust as needed for your specific setup and security requirements.
+    stop_grace_period: 30s # allow enough time to shut down the various services
+    shm_size: "512mb" # update for your cameras based on calculation above
+    # devices:
+    #   - /dev/bus/usb:/dev/bus/usb # Passes the USB Coral, needs to be modified for other versions
+    #   - /dev/apex_0:/dev/apex_0 # Passes a PCIe Coral, follow driver instructions here https://github.com/jnicolson/gasket-builder
+    #   - /dev/video11:/dev/video11 # For Raspberry Pi 4B
+    #   - /dev/dri/renderD128:/dev/dri/renderD128 # AMD / Intel GPU, needs to be updated for your hardware
+    #   - /dev/accel:/dev/accel # Intel NPU
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+      - FRIGATE_RTSP_PASSWORD=password
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ./${SERVICE}-data/config:/config
+      - ./${SERVICE}-data/storage:/media/frigate
+      - type: tmpfs # 1GB In-memory filesystem for recording segment storage
+        target: /tmp/cache
+        tmpfs:
+          size: 1000000000
+    depends_on:
+      tailscale:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 30s # Time to wait before starting health checks
+    restart: always