From e92805409e05961919fb71ee32605e67a86eb21c Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Tue, 21 Apr 2026 09:43:00 -0700 Subject: [PATCH] fix(frigate-notify): set WorkingDir=/app and create writable /app MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The upstream binary expects CWD=/app (relative config.yml lookup, lumberjack logfile at ./log/app.log). Without this, the pod crashed on startup — the ConfigMap-mounted /app/config.yml wasn't found and zerolog spammed "mkdir log: permission denied" as it tried to create ./log at / as nonroot. Creates /app as 1777 (tmp-style) so nonroot can write logs; WorkingDir set to /app so the default config path resolves correctly. Co-Authored-By: Claude Opus 4.7 (1M context) --- containers/frigate-notify/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/containers/frigate-notify/default.nix b/containers/frigate-notify/default.nix index 1ddbe4e..701b194 100644 --- a/containers/frigate-notify/default.nix +++ b/containers/frigate-notify/default.nix @@ -43,8 +43,17 @@ pkgs.dockerTools.buildLayeredImage { pkgs.tzdata ]; + # Upstream Dockerfile expects WORKDIR=/app (config at ./config.yml, logfile at + # ./log/app.log via lumberjack). Create /app world-writable so nonroot can + # write logs; the config is mounted in from a ConfigMap. + extraCommands = '' + mkdir -p app + chmod 1777 app + ''; + config = { Entrypoint = [ "${frigate-notify}/bin/frigate-notify" ]; + WorkingDir = "/app"; Env = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" "TZDIR=${pkgs.tzdata}/share/zoneinfo"