Add frigate-notify nix container build

Mirrors 0x2142/frigate-notify at v0.5.4 and builds it locally with buildGoModule + dockerTools.buildLayeredImage for the ringtail k3s cluster. Uses the `goolm` build tag to avoid the libolm CGO dependency (our alerting config only uses ntfy, but the matrix notifier is imported unconditionally). Kustomization update (image swap to registry.ops.eblu.me) will follow post-merge once a main-SHA tag is released. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 09:23:37 -07:00 · 2026-04-21 09:23:37 -07:00 · 9a044b12c6
commit 9a044b12c6
parent 30f39ae050
2 changed files with 58 additions and 0 deletions
--- a/containers/frigate-notify/default.nix
+++ b/containers/frigate-notify/default.nix
@ -0,0 +1,57 @@
+# Nix-built frigate-notify — polls Frigate webapi and pushes alerts to ntfy.
+{ pkgs ? import <nixpkgs> { } }:
+
+let
+  version = "0.5.4";
+
+  src = pkgs.fetchgit {
+    url = "https://forge.ops.eblu.me/mirrors/frigate-notify.git";
+    rev = "v${version}";
+    hash = "sha256-c/QOSQNNJ+ElMDm45lBOsru/ujBhCWethiRefj3hBOk=";
+  };
+
+  frigate-notify = pkgs.buildGoModule {
+    inherit src version;
+    pname = "frigate-notify";
+
+    vendorHash = "sha256-Ho9oaK01wJDPf3ufV2klV1dG4qFNVNJkWmWvEgAy10s=";
+
+    doCheck = false;
+    subPackages = [ "." ];
+
+    # `goolm` swaps the matrix crypto backend from libolm (CGO) to pure-Go olm,
+    # avoiding the libolm.h dependency. Our deployment doesn't use matrix, but
+    # the package is imported unconditionally.
+    tags = [ "goolm" ];
+
+    ldflags = [ "-s" "-w" ];
+
+    meta = with pkgs.lib; {
+      description = "Bridge between Frigate NVR events and notification services";
+      homepage = "https://github.com/0x2142/frigate-notify";
+      license = licenses.mit;
+      mainProgram = "frigate-notify";
+    };
+  };
+in
+
+pkgs.dockerTools.buildLayeredImage {
+  name = "blumeops/frigate-notify";
+  contents = [
+    frigate-notify
+    pkgs.cacert
+    pkgs.tzdata
+  ];
+
+  config = {
+    Entrypoint = [ "${frigate-notify}/bin/frigate-notify" ];
+    Env = [
+      "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+      "TZDIR=${pkgs.tzdata}/share/zoneinfo"
+    ];
+    ExposedPorts = {
+      "8000/tcp" = { };
+    };
+    User = "65534";
+  };
+}
--- a/docs/changelog.d/+frigate-notify-local.infra.md
+++ b/docs/changelog.d/+frigate-notify-local.infra.md
@ -0,0 +1 @@
+Add local nix container build for `frigate-notify` (`containers/frigate-notify/default.nix`) so the Frigate→ntfy bridge is rebuilt on ringtail from the forge mirror instead of pulled from `ghcr.io/0x2142/frigate-notify`.
				`@ -0,0 +1 @@`
				Add local nix container build for `frigate-notify` (`containers/frigate-notify/default.nix`) so the Frigate→ntfy bridge is rebuilt on ringtail from the forge mirror instead of pulled from `ghcr.io/0x2142/frigate-notify`.