I've been running Frigate in Podman on Proxmox LXC for quite some time. But your video got me to try Quadlet too. Some notes: You can use apt pinning to get a newer podman from testing repos without upgrading to Trixie. You can also run podman under a non-root user and still use GPU passthrough. The frigate user must be in groups video and render and you add PodmanArgs=--group-add=keep-groups and PodmanArgs=--privileged. A privileged podman container retains the same user/group as the non-root user running it. Happy mine runs now with Quadlet too.
Wow, this vid is EXACTLY what I needed, just ran across Frigate a month ago and then started considering how to get that going on my proxmox setup and how adding a TPU would work... and you did all that! ty
That's a great tutorial, thank you! I appreciate your knowledge per content ratio: so little bs and so much to take away. Pls keep that calm and efficient delivery! 👍😁
Great video as always and I've learned a few things from your video since I started messing with Frigate a few months ago ...the funny thing is I've always pronounced it like: free-GAH-tay 😂
There's actually already an open PR to fix the nginx.conf in Frigate - github.com/blakeblackshear/frigate/pull/3497 It's been stale for over a year at this point. It's fully ready to go, the admins just haven't reviewed it, and now it needs to be rebased since it took so long.
Thanks for the video on camera NVR. I would like to run this more standalone minimal automation integration. I use Hubitat so the only thing I would push there is the ability for it to kick off a stream to the dashboard when front door occupancy is detected.
Thanks for the great video. Are you sure that you need to use a priv container? I have an unpriv one running docker and accessing the nvidia GPU just fine.
Love the video, I'd love to be able to get into promox and Caddy to get reverse proxy setup. Do you have a tutorial for setting up this / what hardware you are running or recommend? I'm a noob and don't just wanna follow the recommended hardware from frigate's documentation as I want to learn more.
This was a good walk through that worked on my last setup. I recently migrated my LXC frigate and TPU to PVE 8.1 and after following all steps. I am stuck at modprobe apex returning some error 'could not insert 'apex': Key was rejected by service'. What could be wrong? Kernal is 6.5.11-7 and header are installed. ls -l /dev does not show apex on the host terminal.
You'll have to rebuild the apex module for kernel 6.5. For some reason, Google fixed the module (the kernel changed in 6.4) but never rebuilt their release, so you have to go to the gasket repo, clone it, and debuild. Blame them for not maintaining their releases.
@@apalrdsadventures finally able to rebuild after some weird issues with BIOS secure boot preventing the apex to be discovered. Now, how do i find the frigate.container file as i dont have it under /etc/containers...
I'd like to see more on quadlet. I have a "project" I'm considering tackling using it. Basically housing some Minecraft bedrock servers via podman. There doesn't seem to be a lot of info around how the .volume, and .network files interact with the .container files.
I really like Quadlet so far, but I've only used .container files, not the rest. But they are all structured like systemd units and have the same inheritance / ordering / .. automagic that the rest of Systemd has.
Hi, exactly what I was looking for - thank you for the video! Only one question the host in the mqtt section of frigate config - is it your home assistant server, right?
It's whatever MQTT server you use with Home Assistant, so it could be HA OS itself if you are running an addon or something else if you are running HA Core.
Do you check how. power consumption increased when frigate is working? I heard it prevents idle mode due to constantly processing video from camera via CPU. But it was tested without Coral TPU I guess. I have a home lab server that most of the time is in idle state and down to less than 20W. File server, HA or or other lab vm stuff are not always needed in my case. I am considering setup a separate machine just to do the frigate + coral if power consumption increases much. Did you maybe investigate this topic more?
If you have a USB coral device it's pretty easy to just pass through the USB device to the LXC container and then into the Frigate docker container. I don't remember which setting does what, but my /etc/pve/lxc/123.conf has: lxc.mount.entry: /dev/bus/usb/003/ dev/bus/usb/003/ none bind,optional,create=dir 0,0 lxc.cgroup2.devices.allow: c 189:* rwm lxc.apparmor.profile: unconfined lxc.cgroup2.devices.allow: a lxc.cap.drop: lxc.mount.auto: cgroup:rw lxc.cgroup2.devices.allow: c 195:* rwm lxc.cgroup2.devices.allow: c 243:* rwm lxc.cgroup2.devices.allow: c 226:* rwm lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file lxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=file
Thanks for the best video on Proxmox and Frigate! I have a question: I'm setting up a cluster of 3 mini PCs for Home Assistant and using Proxmox for Home Assistant. On one of the hosts (mini PC), in my case, PC #1, my Home Assistant VM is running, and I'm using the HA (high availability) feature within the cluster. Now, I want to do the same with my Frigate container (same setup as yours in the video) on PC #3 (is now running stand alone but really good, thx) Before I use HA with Frigate, I wanted to know if this will work directly out of the box (which I don't think it will), or should I install the driver for the Coral accelerator for PCIe on both PC #1 and #2 as I did on pc #3 and then use HA? Or is there something else I need to do to achieve high availability for the Frigate container server, like with Home Assistant? Thanks in advance, Per Update: all 3 PCs have the coral acceraltor PCIe
If all three have the hardware, you can install the drivers on all of them and the container should be able to migrate. For a HAOS VM that should also work, unless you are using USB passthrough, then it's more complicated.
I don't get it. Are you using a laptop with full sizes cherry switches? but you said you recently rebuild your workstation =/= laptop? why does you keyboard(?) have a screen? explain!
@@apalrdsadventures Thanks a bunch for this reply. Individuals like you and your videos make it possible for individuals like myself to participate and enhance these technologies
Can I do GPU pass through for frigate and then run a VM Home desktop with same GPU passed through. So one will be displayed to monitors Home Desktop other will just being doing processing for frigate.
Hi guys, i did installation of frigate step by step with this awsome tutorial. Everything runs nice on my intel N100 board, also with iGPU and CPU aceleration, respons time is ~ 10 - 13 ms, CPU load around 6% for 4 1080p cameras. Now i am trying update frigate to version 13.0, but i dont know where to start. Does anyone success with update?
Something else to add about the Docker image, it's easily possible to make a Dockerfile which uses this image as a base and makes some changes to it. Only thing which I've not seen yet is a simple update util which checks if a new base exists and does a rebuild (I would guess it exists, but I've not looked for it extensively).
Containers share the same kernel as the host. A GPU has two 'nodes' in the /dev (render and card), multiple programs (even in different containers or directly on the host) can bind to the same render node to do rendering on the card. Only one can use the display outputs.
Really nice! I have been looking for a way to run this without Docker in the exact setup as you with TPU and Proxmox. Thank you for that! I wonder if the process of passing through the iGPU (Xeon 1245 v6) is the same? Is it possible to use vGPU or do I need to PCI passthrough the hardware GPU to the container?
Contaniers don't do PCIe passthrough, since the drivers are all loaded by the host kernel. We instead need to find the driver nodes in /dev and pass those through. Since the driver is loaded by the host kernel we can pass those driver nodes to as many containers as we want without vgpu (but not VMs). But yes, an igpu will work just fine, as long as it's enabled in the bios - some server boards disable the igpu if they have onboard VGA for IPMI.
I have a mix of cameras. The no-brand Aliexpress PoE cameras that I use for my 3D printers have a very web 1.0 look and are IPv4 only, but my name brand Dahua cameras that I use outdoors all do IPv6 (at least with static addresses), and are also 802.1X capable which is nice.
This is awesome, I'm currently collecting parts for a new proxmox 3 node cluster and plan to install Frigate on it. One question I had though - I also plan to run either Jellyfin or Plex on the cluster and want to passthrough my renderdri (all nodes will be using quicksync), is it possible to passthrough the redernd128 device to multiple containers at the same time? Alternatively, can I use proxmox HA configurations to somehow ensure that it tries to keep the two containers on separate nodes?
In Linux DRI/DRM, the 'cardX' node cannot be shared but the 'renderdXXX' node can be. The card node is the only one that can do display output, but as long as the app only needs off-screen rendering, you can share it between multiple apps. They will still need to share vram and gpu resources of course. You also need all of the nodes to have the same path to the render node on host (since HA doesn't allow a different config for each node), so if they have multiple GPUs that could be a complication.
Thanks, that's what I guessed. None of my nodes will have separate graphics cards and will just be using the quicksync in the intel CPUs, so I'm assuming they'll all have the same path.
yeah, renderD128 is always the first card (card0), renderD129 the second (card1), etc. There are some quirks if a card exists and supports kernel modesetting (kms) but not rendering, then you can end up with card1 = renderD128 if card0 doesn't support render. But in any case, all Intel CPUs with QSV they should all be renderD128 and all use the same opts (hopefully).
Hey man great tutorial! However I'm kind stuck with the pcie driver. I'm using a coral pcie m.2 tpu and its detected by the proxmox host as well. Trying to passthrough into a LXC but it isn't even detected by the host. lspci -nn | grep 089a 09:00.0 System peripheral [0880]: Global Unichip Corp. Coral Edge TPU [1ac1:089a]. However, running user@server:~$ ls /dev/apex_0 ls: cannot access '/dev/apex_0': No such file or directory Secureboot is disabled. Pve headers, gasket and apex are installed as well Kernels is 5.15.102-1-pve Proxmox 7.4-3 Can you please give me some directions? Thanks!
Did the dkms build succeed (`dkms autoinstall` will try to rebuild and tell you if there are errors). pve-headers will by default install the latest and it's likely you don't have the headers for 7.4-3, I believe the latest 7.x release was 7.4-15 and the kernel version is 5.15.108-1-pve afaik, so pve-headres will install the headers for that version. So update to the latest 7.x, reboot (so the new kernel is running), and that should make dkms happy.
@@apalrdsadventures Hey man, thanks for your reply! Actually as per your blog post, I upgraded everything to avoid any issues. apt update apt install pve-headers -y apt full-upgrade -y Then I rebooted, and fired: dkms autoinstall (Which didn't throw any error. The build was successful) As per that: --------------------------------------------------------------------- Proxmox: 7.4-17 Kernel: 5.15.131-1-pve PVE headers: 7.4-1 After which I fired: modprobe apex modprobe gasket Which didn't throw any output. Here are some of my confs and outputs: GRUB_CMDLINE_LINUX_DEFAULT="quiet nomodeset vga=794 disable_idle_d3=1 amd_iommu=on iommu=pt vfio_iommu_type1.allow_unsafe_interrupts=1 vfio-pci.ids=1ac1:089a kvm.ignore_msrs=1 pcie_aspm=off pcie_port_pm=off pcie_acs_overrride=downstream" --------------------------------------------------------------------- root@pve:~# lsmod | grep apex apex 28672 0 gasket 122880 1 apex --------------------------------------------------------------------- root@pve:~# lspci -nn | grep 089a 09:00.0 System peripheral [0880]: Global Unichip Corp. Coral Edge TPU [1ac1:089a] --------------------------------------------------------------------- root@pve:~# ls -al /dev/apex* ls: cannot access '/dev/apex*': No such file or directory --------------------------------------------------------------------- Apologies for making it a mess here. Consider me kinda desperate. I'm trying to have AI face detection for 5 of my home security cameras and make automations based on whose face I detect. I'd highly appreciate your support on this! In any case, thanks for your help! Love your work :)
@@apalrdsadventures Hey man, sorry. Tried that as well. removed it, update-grub, and rebooted. Still no apex_0. No ideas what's going wrong. How come lspci -nn | grep 089a detects that the device is present, and still no /dev/apex_0
Great tutorial ! I managed to get Frigate up and running, but you kind of lost me with the whole Caddy thing. I have little experience with reverse proxy. Do I need reverse proxy and if so for what's the purpose there? is it for remote access to Frigate? I have my own domain name at Cloudflare laying around. Can I use that for this proxy, and if so how? And im planning on using o Coral usb, do you have any config for that instead?
Frigate doesn't natively have any security on the front end, it's just plain HTTP and on a nonstandard port. Caddy adds TLS to that, and optionally you can configure authentication if you want (I didn't in this video).
This is awesome, I've been looking into setting up cameras at my house with a self-hosted solution ideally. What cameras are you using for this setup? I've been trying to research cameras and it sounds like there are some compatibility concerns with some, and others that like to "phone home"... Also, your website is very clean, do you use some specific app to create your pages? Something like Jekyll perhaps? Or maybe just raw html/css/js? Another thing that you might find clever. If you use `systemctl edit $SERVICE` instead of just nano'ing the relevant config file, you don't need to manually remember to `systemctl daemon-reload`. As an avid systemd fan, I'm surprised I haven't come across `.container` config files yet, do you have any reference docs anywhere or are they podman specific? I did do some googling but didn't find much. Very clever integration! Thanks for another cool video!!
Hello! I use cameras from Dahua, they are a few years old now. They are a mix of the DH-IPC-HDW2431TP and DH-IPC-HDW5831RP-ZE models. They don't phone home, support IPv6 and 802.1X port auth, and have worked very well for me. I also have a few cheaper no-name cameras that I use for my 3D printers and those ones do try to phone home all the time. My website is generated in Hugo, which is similar to Jekyll. .container files are specific to Podman Quadlet, under the hood it will dynamically generate a .service with the equivalent Podman Run command when it daemon-reloads. docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html is the docs for it, you can configure nearly everything in Podman via systemd files.
The mess of documentation... Frigate might work, but getting it to work - without buying into exactly every single piece of HW listed, is just a big bad hassle. Docs are just a big bunch of contradictions all over. Source is not building correctly.. amazed that it has such a big following.
You can share a coral device across multiple LXCs, although I'm not sure if the coral device itself supports being shared by multiple apps at the same time
Hi, i am a problem with the directory/etc/containers/systemd/frigate.container then copy this info, does'nt write this files. The error is [ Error writing /etc/containers/systemd/frigate.container: No such file or directory ] thanks you
The directory should be created automatically, but you can `mkdir -p /etc/containers/systemd/` to create it if it didn't get created by the podman install.
@@apalrdsadventures thanks you it's ok but i doesn't have running the container. the log systemctl start frigate Job for frigate.service failed because the control process exited with error code. See "systemctl status frigate.service" and "journalctl -xeu frigate.service" for details
I install Caddy on each service (if the service doesn't do HTTPS natively). I want all of my services to use standard ports and HTTPS, and if they don't do it natively, they need a reverse proxy to do it. Gitea for example does not have a Caddy proxy since it does HTTPS and Let's Encrypt natively. It's possible to do a single reverse proxy, and I do use HAProxy (in TCP mode, so it's not dealing with certificates) to break out incoming IPv4 connections, but the downside to that approach is the traffic from the reverse proxy to the backend service is unencrypted, meaning it needs more firewalling to keep traffic out of that path. By running the proxy on the same service host/container I can just bind Frigate to localhost and there is no more complication.
serious question, when i have reolink cams with ptz and buildin person/animal/movement detection, auto tracking and auto recording do i really need that coral usb stick? my proxmox system is dual a xeon with 28cores/56threads and 64 gb ram ... i think that system does not need an usb co-processor, am i wrong? or does frigate not run without that stick?
Frigate doesn't use any detection built-in to the camera. It can do detection on CPU, nvidia and intel GPUs (not currently AMD), or the Coral TPU. It can also do video decoding on CPU or GPU. The CPU detector does use a ton of CPU resources so any of the other options (TPU, CUDA, Intel OpenVINO, AMD ROCm is coming) are preferred. Decoding the video stream is also somewhat intensive, and nvidia / intel / AMD can all offload that fairly easily.
@@apalrdsadventures perhaps I have expressed myself incorrectly. I already have a shinobi nvr vm running, with 4 reolink outdoor E1 pro cams. The "slightly more expensive" reolink cams have autotracking and person recognition built in. Shinobi only takes the rtsp stream and displays or records it. And I can control the cams live via onvif. I just want to compare shinobi and frigate and decide which one I want to continue using. If the cams can already track/recognize out of the box, why does frigate have to do it again? with additional hardware? According to the frigate documentation, my cams are fully supported. So do I still need the coral tpu? Is it rather necessary for less performant servers like raspi5 or n100 cpus? or always? and while i'm at it, what my reolink cams can't do, only the very expensive models, is the patrol run ... i.e. to monitor a large area by panning (leftright) the camera 24/7. can frigate do that? i.e. let the cam scan a wide area? kind regards
@@apalrdsadventures ok, i understand, that does not really answer my questions, but since shinobi runs good on proxmox without that docker/portainer quirks, and extra costs for coral tpu, i will stick to shinobi 😉
Unleash your cameras with frigate….as long as you have these 4 or 5 other platforms running, have integrated these 20 profiles and systems, and just happen to have the right cameras.
I was all good up until you mentioned... docker. Not sure why you wouldn't install it directly within the LXC container. If the answer is that it is ONLY available locked up inside a docker container, then it's something I'll never look at deploying. My loss.
Missing from caddy installation instructions: apt install -y curl By default it's missing, which leads to the instruction not working. An awesome guide, though would appreciate a little more detailed explanation for us noobs - we are watching this specifically because we don't know how to do it 😄
I've been running Frigate in Podman on Proxmox LXC for quite some time. But your video got me to try Quadlet too. Some notes:
You can use apt pinning to get a newer podman from testing repos without upgrading to Trixie.
You can also run podman under a non-root user and still use GPU passthrough. The frigate user must be in groups video and render and you add PodmanArgs=--group-add=keep-groups and PodmanArgs=--privileged.
A privileged podman container retains the same user/group as the non-root user running it.
Happy mine runs now with Quadlet too.
I like the inset video of your screen area while you're talking. Worked out good.
Wow, this vid is EXACTLY what I needed, just ran across Frigate a month ago and then started considering how to get that going on my proxmox setup and how adding a TPU would work... and you did all that! ty
That's a great tutorial, thank you! I appreciate your knowledge per content ratio: so little bs and so much to take away. Pls keep that calm and efficient delivery! 👍😁
Great video as always and I've learned a few things from your video since I started messing with Frigate a few months ago ...the funny thing is I've always pronounced it like: free-GAH-tay 😂
Maybe submit a PR to the frigate repo to get the listen address changed from 0.0.0.0 to "*" ? Great content btw.
There's actually already an open PR to fix the nginx.conf in Frigate - github.com/blakeblackshear/frigate/pull/3497
It's been stale for over a year at this point. It's fully ready to go, the admins just haven't reviewed it, and now it needs to be rebased since it took so long.
Nice project! I have the NVIDIA Tesla P4 (got em real cheap on ebay) in use on my third ProxMox node so may give this one a try.
Greatly decreased the CPU usage. Thanks!
Thanks for the video on camera NVR. I would like to run this more standalone minimal automation integration. I use Hubitat so the only thing I would push there is the ability for it to kick off a stream to the dashboard when front door occupancy is detected.
Can you do a review on firescrew, it looks very similar to frigate
Thanks for the great video.
Are you sure that you need to use a priv container? I have an unpriv one running docker and accessing the nvidia GPU just fine.
Great video!
Thanks
Great content and just at the right time. Thank you very much.
Question. What is the setup with the mechanical keyboard and screen?
It's a Kwumsy K3
cat detection is actually very important
Fox 🦊 detection, not sure if AI can distinguish the difference?
Cat to ignore!
Excellent!
what is that screen / keyboard combo ?
Love the video, I'd love to be able to get into promox and Caddy to get reverse proxy setup. Do you have a tutorial for setting up this / what hardware you are running or recommend? I'm a noob and don't just wanna follow the recommended hardware from frigate's documentation as I want to learn more.
This was a good walk through that worked on my last setup. I recently migrated my LXC frigate and TPU to PVE 8.1 and after following all steps. I am stuck at modprobe apex returning some error 'could not insert 'apex': Key was rejected by service'. What could be wrong? Kernal is 6.5.11-7 and header are installed. ls -l /dev does not show apex on the host terminal.
You'll have to rebuild the apex module for kernel 6.5. For some reason, Google fixed the module (the kernel changed in 6.4) but never rebuilt their release, so you have to go to the gasket repo, clone it, and debuild. Blame them for not maintaining their releases.
@@apalrdsadventures finally able to rebuild after some weird issues with BIOS secure boot preventing the apex to be discovered. Now, how do i find the frigate.container file as i dont have it under /etc/containers...
I'd like to see more on quadlet. I have a "project" I'm considering tackling using it. Basically housing some Minecraft bedrock servers via podman. There doesn't seem to be a lot of info around how the .volume, and .network files interact with the .container files.
I really like Quadlet so far, but I've only used .container files, not the rest. But they are all structured like systemd units and have the same inheritance / ordering / .. automagic that the rest of Systemd has.
@@apalrdsadventures ahh. My use case is basically trying to template a container creation so it's easy to add a new similar but different container.
Usually you can template it the same way you'd template a new machine, using a script or ansible or the like
Hi, exactly what I was looking for - thank you for the video! Only one question the host in the mqtt section of frigate config - is it your home assistant server, right?
It's whatever MQTT server you use with Home Assistant, so it could be HA OS itself if you are running an addon or something else if you are running HA Core.
Do you check how. power consumption increased when frigate is working? I heard it prevents idle mode due to constantly processing video from camera via CPU. But it was tested without Coral TPU I guess. I have a home lab server that most of the time is in idle state and down to less than 20W. File server, HA or or other lab vm stuff are not always needed in my case. I am considering setup a separate machine just to do the frigate + coral if power consumption increases much. Did you maybe investigate this topic more?
My system is very low power already, so it's not something I'm particularly concerned with given the TDP is only like 10W.
@@apalrdsadventures 10W on machine that runs frigate + coral? That's a good info to me. Thanks :)
10W for the CPU, about 30 at the wall with drives
If you have a USB coral device it's pretty easy to just pass through the USB device to the LXC container and then into the Frigate docker container.
I don't remember which setting does what, but my /etc/pve/lxc/123.conf has:
lxc.mount.entry: /dev/bus/usb/003/ dev/bus/usb/003/ none bind,optional,create=dir 0,0
lxc.cgroup2.devices.allow: c 189:* rwm
lxc.apparmor.profile: unconfined
lxc.cgroup2.devices.allow: a
lxc.cap.drop:
lxc.mount.auto: cgroup:rw
lxc.cgroup2.devices.allow: c 195:* rwm
lxc.cgroup2.devices.allow: c 243:* rwm
lxc.cgroup2.devices.allow: c 226:* rwm
lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
lxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=file
Thanks for the best video on Proxmox and Frigate! I have a question: I'm setting up a cluster of 3 mini PCs for Home Assistant and using Proxmox for Home Assistant. On one of the hosts (mini PC), in my case, PC #1, my Home Assistant VM is running, and I'm using the HA (high availability) feature within the cluster. Now, I want to do the same with my Frigate container (same setup as yours in the video) on PC #3 (is now running stand alone but really good, thx)
Before I use HA with Frigate, I wanted to know if this will work directly out of the box (which I don't think it will), or should I install the driver for the Coral accelerator for PCIe on both PC #1 and #2 as I did on pc #3 and then use HA? Or is there something else I need to do to achieve high availability for the Frigate container server, like with Home Assistant?
Thanks in advance,
Per
Update: all 3 PCs have the coral acceraltor PCIe
If all three have the hardware, you can install the drivers on all of them and the container should be able to migrate.
For a HAOS VM that should also work, unless you are using USB passthrough, then it's more complicated.
@@apalrdsadventures thx, was my idea too but good to get a confirmation since proxmox is like try and pray:) thx 😊
What hardware do I need to do this?
I don't get it. Are you using a laptop with full sizes cherry switches? but you said you recently rebuild your workstation =/= laptop? why does you keyboard(?) have a screen? explain!
It's a Kwumsy K3, so it's part of the workstation setup now
sorry for my ignorance. why not installing frigate in a vm?
Much less overhead of the container vs VM, and being able to share hardware across multiple containers vs passthrough to a single VM.
@@apalrdsadventures Thanks a bunch for this reply. Individuals like you and your videos make it possible for individuals like myself to participate and enhance these technologies
Thank you again! What is your keyboard device?
It's a Kwumsy K3
Can I do GPU pass through for frigate and then run a VM Home desktop with same GPU passed through. So one will be displayed to monitors Home Desktop other will just being doing processing for frigate.
You can share a GPU between multiple LXC containers but not with more than one VM.
Hi guys, i did installation of frigate step by step with this awsome tutorial. Everything runs nice on my intel N100 board, also with iGPU and CPU aceleration, respons time is ~ 10 - 13 ms, CPU load around 6% for 4 1080p cameras. Now i am trying update frigate to version 13.0, but i dont know where to start. Does anyone success with update?
Have you considered doing apt pinning instead of a full upgrade ?
Debian testing is essentially a rolling distro, it's not their unstable branch (that's Sid).
@@apalrdsadventures I meant you don't have to upgrade, you can just pull in 1 package and it's dependencies.
Something else to add about the Docker image, it's easily possible to make a Dockerfile which uses this image as a base and makes some changes to it. Only thing which I've not seen yet is a simple update util which checks if a new base exists and does a rebuild (I would guess it exists, but I've not looked for it extensively).
great
So can you pass through the only GPU in your system to a container? In my case I just have the Intel iGPU in my 13500.
Containers share the same kernel as the host. A GPU has two 'nodes' in the /dev (render and card), multiple programs (even in different containers or directly on the host) can bind to the same render node to do rendering on the card. Only one can use the display outputs.
Really nice! I have been looking for a way to run this without Docker in the exact setup as you with TPU and Proxmox. Thank you for that!
I wonder if the process of passing through the iGPU (Xeon 1245 v6) is the same? Is it possible to use vGPU or do I need to PCI passthrough the hardware GPU to the container?
Contaniers don't do PCIe passthrough, since the drivers are all loaded by the host kernel. We instead need to find the driver nodes in /dev and pass those through. Since the driver is loaded by the host kernel we can pass those driver nodes to as many containers as we want without vgpu (but not VMs).
But yes, an igpu will work just fine, as long as it's enabled in the bios - some server boards disable the igpu if they have onboard VGA for IPMI.
BTW what cams are you using that support IPv6? I've been searching forever for this.
I have a mix of cameras. The no-brand Aliexpress PoE cameras that I use for my 3D printers have a very web 1.0 look and are IPv4 only, but my name brand Dahua cameras that I use outdoors all do IPv6 (at least with static addresses), and are also 802.1X capable which is nice.
Is Frigate runnable on a thin CPU you've been recommending for HA?
I have a very slightly more powerful NAS that I'm using, it's a dual core Atom, but it has NVMe support and more drive bays for storage.
This is awesome, I'm currently collecting parts for a new proxmox 3 node cluster and plan to install Frigate on it. One question I had though - I also plan to run either Jellyfin or Plex on the cluster and want to passthrough my renderdri (all nodes will be using quicksync), is it possible to passthrough the redernd128 device to multiple containers at the same time? Alternatively, can I use proxmox HA configurations to somehow ensure that it tries to keep the two containers on separate nodes?
In Linux DRI/DRM, the 'cardX' node cannot be shared but the 'renderdXXX' node can be. The card node is the only one that can do display output, but as long as the app only needs off-screen rendering, you can share it between multiple apps. They will still need to share vram and gpu resources of course.
You also need all of the nodes to have the same path to the render node on host (since HA doesn't allow a different config for each node), so if they have multiple GPUs that could be a complication.
Thanks, that's what I guessed. None of my nodes will have separate graphics cards and will just be using the quicksync in the intel CPUs, so I'm assuming they'll all have the same path.
yeah, renderD128 is always the first card (card0), renderD129 the second (card1), etc.
There are some quirks if a card exists and supports kernel modesetting (kms) but not rendering, then you can end up with card1 = renderD128 if card0 doesn't support render.
But in any case, all Intel CPUs with QSV they should all be renderD128 and all use the same opts (hopefully).
Which cameras do you use ?
They are all Dahua PoE cameras, a few years old.
Hey man great tutorial! However I'm kind stuck with the pcie driver. I'm using a coral pcie m.2 tpu and its detected by the proxmox host as well. Trying to passthrough into a LXC but it isn't even detected by the host.
lspci -nn | grep 089a
09:00.0 System peripheral [0880]: Global Unichip Corp. Coral Edge TPU [1ac1:089a].
However, running
user@server:~$ ls /dev/apex_0
ls: cannot access '/dev/apex_0': No such file or directory
Secureboot is disabled.
Pve headers, gasket and apex are installed as well
Kernels is 5.15.102-1-pve
Proxmox 7.4-3
Can you please give me some directions?
Thanks!
Did the dkms build succeed (`dkms autoinstall` will try to rebuild and tell you if there are errors). pve-headers will by default install the latest and it's likely you don't have the headers for 7.4-3, I believe the latest 7.x release was 7.4-15 and the kernel version is 5.15.108-1-pve afaik, so pve-headres will install the headers for that version. So update to the latest 7.x, reboot (so the new kernel is running), and that should make dkms happy.
@@apalrdsadventures Hey man, thanks for your reply! Actually as per your blog post, I upgraded everything to avoid any issues.
apt update
apt install pve-headers -y
apt full-upgrade -y
Then I rebooted, and fired: dkms autoinstall (Which didn't throw any error. The build was successful)
As per that:
---------------------------------------------------------------------
Proxmox: 7.4-17
Kernel: 5.15.131-1-pve
PVE headers: 7.4-1
After which I fired:
modprobe apex
modprobe gasket
Which didn't throw any output.
Here are some of my confs and outputs:
GRUB_CMDLINE_LINUX_DEFAULT="quiet nomodeset vga=794 disable_idle_d3=1 amd_iommu=on iommu=pt vfio_iommu_type1.allow_unsafe_interrupts=1 vfio-pci.ids=1ac1:089a kvm.ignore_msrs=1 pcie_aspm=off pcie_port_pm=off pcie_acs_overrride=downstream"
---------------------------------------------------------------------
root@pve:~# lsmod | grep apex
apex 28672 0
gasket 122880 1 apex
---------------------------------------------------------------------
root@pve:~# lspci -nn | grep 089a
09:00.0 System peripheral [0880]: Global Unichip Corp. Coral Edge TPU [1ac1:089a]
---------------------------------------------------------------------
root@pve:~# ls -al /dev/apex*
ls: cannot access '/dev/apex*': No such file or directory
---------------------------------------------------------------------
Apologies for making it a mess here. Consider me kinda desperate. I'm trying to have AI face detection for 5 of my home security cameras and make automations based on whose face I detect. I'd highly appreciate your support on this!
In any case, thanks for your help! Love your work :)
It looks like the driver won't load because it's already bound to vfio-pci? Try removing that argument from the cmdline and reboot
@@apalrdsadventures Hey man, sorry. Tried that as well. removed it, update-grub, and rebooted. Still no apex_0. No ideas what's going wrong. How come lspci -nn | grep 089a
detects that the device is present, and still no /dev/apex_0
lspci -k will tell you what kernel module is currently using it. Apex is loaded in the kernel, so some other driver is taking priority.
Man that keyboard sounds so sexy
Great tutorial ! I managed to get Frigate up and running, but you kind of lost me with the whole Caddy thing. I have little experience with reverse proxy. Do I need reverse proxy and if so for what's the purpose there? is it for remote access to Frigate? I have my own domain name at Cloudflare laying around. Can I use that for this proxy, and if so how? And im planning on using o Coral usb, do you have any config for that instead?
Frigate doesn't natively have any security on the front end, it's just plain HTTP and on a nonstandard port. Caddy adds TLS to that, and optionally you can configure authentication if you want (I didn't in this video).
This is awesome, I've been looking into setting up cameras at my house with a self-hosted solution ideally. What cameras are you using for this setup? I've been trying to research cameras and it sounds like there are some compatibility concerns with some, and others that like to "phone home"...
Also, your website is very clean, do you use some specific app to create your pages? Something like Jekyll perhaps? Or maybe just raw html/css/js?
Another thing that you might find clever. If you use `systemctl edit $SERVICE` instead of just nano'ing the relevant config file, you don't need to manually remember to `systemctl daemon-reload`.
As an avid systemd fan, I'm surprised I haven't come across `.container` config files yet, do you have any reference docs anywhere or are they podman specific? I did do some googling but didn't find much. Very clever integration!
Thanks for another cool video!!
Hello!
I use cameras from Dahua, they are a few years old now. They are a mix of the DH-IPC-HDW2431TP and DH-IPC-HDW5831RP-ZE models. They don't phone home, support IPv6 and 802.1X port auth, and have worked very well for me. I also have a few cheaper no-name cameras that I use for my 3D printers and those ones do try to phone home all the time.
My website is generated in Hugo, which is similar to Jekyll.
.container files are specific to Podman Quadlet, under the hood it will dynamically generate a .service with the equivalent Podman Run command when it daemon-reloads. docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html is the docs for it, you can configure nearly everything in Podman via systemd files.
The mess of documentation... Frigate might work, but getting it to work - without buying into exactly every single piece of HW listed, is just a big bad hassle. Docs are just a big bunch of contradictions all over. Source is not building correctly.. amazed that it has such a big following.
If you setup compreface with podman quadlet in the same lxc as frigate, can you use the same coral device for frigate and compreface at the same time?
You can share a coral device across multiple LXCs, although I'm not sure if the coral device itself supports being shared by multiple apps at the same time
Hi, i am a problem with the directory/etc/containers/systemd/frigate.container
then copy this info, does'nt write this files.
The error is [ Error writing /etc/containers/systemd/frigate.container: No such file or directory ]
thanks you
The directory should be created automatically, but you can `mkdir -p /etc/containers/systemd/` to create it if it didn't get created by the podman install.
@@apalrdsadventures
thanks you it's ok but i doesn't have running the container.
the log
systemctl start frigate
Job for frigate.service failed because the control process exited with error code.
See "systemctl status frigate.service" and "journalctl -xeu frigate.service" for details
Same here. I'm stuck with same error, journalctl show that /tmp/cache not exist but this ist not true. Any ideas what's wrong?
@@anthonypondepeyre5497 I'm also having this error. I tried several new LXC to make sure I didn't miss anything, but it happens every time.
How do I add the camera if I have a username and password on them ?
rtsp://username:password@hostname:port
Is Caddy meant to be installed on every host server for https?
Can it be like a central reverse proxy for all the hosts like NGINX or HAproxy?
I install Caddy on each service (if the service doesn't do HTTPS natively). I want all of my services to use standard ports and HTTPS, and if they don't do it natively, they need a reverse proxy to do it. Gitea for example does not have a Caddy proxy since it does HTTPS and Let's Encrypt natively.
It's possible to do a single reverse proxy, and I do use HAProxy (in TCP mode, so it's not dealing with certificates) to break out incoming IPv4 connections, but the downside to that approach is the traffic from the reverse proxy to the backend service is unencrypted, meaning it needs more firewalling to keep traffic out of that path. By running the proxy on the same service host/container I can just bind Frigate to localhost and there is no more complication.
serious question, when i have reolink cams with ptz and buildin person/animal/movement detection, auto tracking and auto recording
do i really need that coral usb stick?
my proxmox system is dual a xeon with 28cores/56threads and 64 gb ram ... i think that system does not need an usb co-processor,
am i wrong? or does frigate not run without that stick?
Frigate doesn't use any detection built-in to the camera. It can do detection on CPU, nvidia and intel GPUs (not currently AMD), or the Coral TPU. It can also do video decoding on CPU or GPU.
The CPU detector does use a ton of CPU resources so any of the other options (TPU, CUDA, Intel OpenVINO, AMD ROCm is coming) are preferred. Decoding the video stream is also somewhat intensive, and nvidia / intel / AMD can all offload that fairly easily.
@@apalrdsadventures
perhaps I have expressed myself incorrectly.
I already have a shinobi nvr vm running, with 4 reolink outdoor E1 pro cams. The "slightly more expensive" reolink cams have
autotracking and person recognition built in. Shinobi only takes the rtsp stream and displays or records it. And I can control the cams live via onvif.
I just want to compare shinobi and frigate and decide which one I want to continue using.
If the cams can already track/recognize out of the box, why does frigate have to do it again? with additional hardware?
According to the frigate documentation, my cams are fully supported.
So do I still need the coral tpu? Is it rather necessary for less performant servers like raspi5 or n100 cpus? or always?
and while i'm at it, what my reolink cams can't do, only the very expensive models, is the patrol run ... i.e. to monitor a large area by panning (leftright) the camera 24/7.
can frigate do that? i.e. let the cam scan a wide area?
kind regards
From Frigate's perspective they want a consistent experience and dataset for any camera without dealing with the API quirks of each manufacturer.
@@apalrdsadventures ok, i understand, that does not really answer my questions, but since shinobi runs good on proxmox without that docker/portainer quirks, and extra costs for coral tpu, i will stick to shinobi 😉
Unleash your cameras with frigate….as long as you have these 4 or 5 other platforms running, have integrated these 20 profiles and systems, and just happen to have the right cameras.
I was all good up until you mentioned... docker. Not sure why you wouldn't install it directly within the LXC container. If the answer is that it is ONLY available locked up inside a docker container, then it's something I'll never look at deploying. My loss.
It's unfortunate when software isn't deployable using normal methods (i.e. compiling from source, or deb packages, or really anything else).
I installed it using Nix, so it can be installed without a container. Using Docker is just simpler in most cases.
Wow. What kind of laptop is that?
It's a Kwumsy K3, it's a display and keyboard for the workstation
@@apalrdsadventures thanks
Missing from caddy installation instructions: apt install -y curl
By default it's missing, which leads to the instruction not working.
An awesome guide, though would appreciate a little more detailed explanation for us noobs - we are watching this specifically because we don't know how to do it 😄