Split out "full access" variants of frigate and frigate_beta add-ons

The "main" add-ons no longer enable full access, in order to improve their HA security ratings (while introducing "full access" variants for users with devices which don't work properly without disabling protection mode).

frigate/config.json

@@ -32,7 +32,7 @@
   ],
   "usb": true,
   "tmpfs": true,
-  "full_access": true,
+  "full_access": false,
   "environment": {
     "CONFIG_FILE": "/config/frigate.yml"
   },

frigate_beta/config.json

@@ -32,7 +32,7 @@
   ],
   "usb": true,
   "tmpfs": true,
-  "full_access": true,
+  "full_access": false,
   "environment": {
     "CONFIG_FILE": "/config/frigate.yml"
   },

frigate_beta_fa/.devcontainer/Dockerfile

@@ -0,0 +1,46 @@
+FROM mcr.microsoft.com/vscode/devcontainers/base:debian
+
+WORKDIR /workspaces
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Set Docker daemon config
+RUN \
+    mkdir -p /etc/docker \
+    && echo '{"storage-driver": "vfs"}' > /etc/docker/daemon.json
+
+# Installa aditional tools
+RUN \
+    apt-get update \
+    && apt-get install -y --no-install-recommends \
+        dbus \
+        network-manager \
+        libpulse0 \
+        xz-utils
+
+# Install docker
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        apt-transport-https \
+        ca-certificates \
+        curl \
+        software-properties-common \
+        gpg-agent \
+    && curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - \
+    && add-apt-repository "deb https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
+    && apt-get update && apt-get install -y --no-install-recommends \
+        docker-ce \
+        docker-ce-cli \
+        containerd.io \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install shellcheck
+RUN \
+    curl -fLs \
+        "https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.linux.x86_64.tar.xz" \
+        | tar -xJ \
+    \
+    && mv -f "./shellcheck-stable/shellcheck" "/usr/bin/shellcheck" \
+    && rm -rf "./shellcheck-stable"
+
+# Generate a machine-id for this container
+RUN rm /etc/machine-id && dbus-uuidgen --ensure=/etc/machine-id

frigate_beta_fa/.devcontainer/devcontainer.json

@@ -0,0 +1,18 @@
+{
+	"name": "Home Assistant Add-Ons",
+	"context": "..",
+	"dockerFile": "Dockerfile",
+	"appPort": ["7123:8123", "7357:4357"],
+    "postStartCommand": "service docker start",
+	"runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],
+	"containerEnv": {
+		"WORKSPACE_DIRECTORY": "${containerWorkspaceFolder}"
+	},
+	"extensions": [
+		"timonwong.shellcheck",
+		"esbenp.prettier-vscode"
+	],
+	"settings": { 
+		"terminal.integrated.shell.linux": "/bin/bash"
+	}
+}

frigate_beta_fa/.devcontainer/supervisor.sh

@@ -0,0 +1,145 @@
+#!/bin/bash
+set -eE
+
+SUPERVISOR_VERSON="$(curl -s https://version.home-assistant.io/stable.json | jq -e -r '.supervisor')"
+DOCKER_TIMEOUT=30
+DOCKER_PID=0
+
+function start_docker() {
+    local starttime
+    local endtime
+
+    if grep -q 'Alpine|standard-WSL' /proc/version; then
+        # The docker daemon does not start when running WSL2 without adjusting iptables
+        update-alternatives --set iptables /usr/sbin/iptables-legacy || echo "Fails adjust iptables"
+        update-alternatives --set ip6tables /usr/sbin/iptables-legacy || echo "Fails adjust ip6tables"
+    fi
+
+    echo "Starting docker."
+    dockerd 2> /dev/null &
+    DOCKER_PID=$!
+
+    echo "Waiting for docker to initialize..."
+    starttime="$(date +%s)"
+    endtime="$(date +%s)"
+    until docker info >/dev/null 2>&1; do
+        if [ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]; then
+            sleep 1
+            endtime=$(date +%s)
+        else
+            echo "Timeout while waiting for docker to come up"
+            exit 1
+        fi
+    done
+    echo "Docker was initialized"
+}
+
+function stop_docker() {
+    local starttime
+    local endtime
+
+    echo "Stopping in container docker..."
+    if [ "$DOCKER_PID" -gt 0 ] && kill -0 "$DOCKER_PID" 2> /dev/null; then
+        starttime="$(date +%s)"
+        endtime="$(date +%s)"
+
+        # Now wait for it to die
+        kill "$DOCKER_PID"
+        while kill -0 "$DOCKER_PID" 2> /dev/null; do
+            if [ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]; then
+                sleep 1
+                endtime=$(date +%s)
+            else
+                echo "Timeout while waiting for container docker to die"
+                exit 1
+            fi
+        done
+    else
+        echo "Your host might have been left with unreleased resources"
+    fi
+}
+
+
+function cleanup_lastboot() {
+    if [[ -f /tmp/supervisor_data/config.json ]]; then
+        echo "Cleaning up last boot"
+        cp /tmp/supervisor_data/config.json /tmp/config.json
+        jq -rM 'del(.last_boot)' /tmp/config.json > /tmp/supervisor_data/config.json
+        rm /tmp/config.json
+    fi
+}
+
+
+function cleanup_docker() {
+    echo "Cleaning up stopped containers..."
+    docker rm "$(docker ps -a -q)" || true
+}
+
+function run_supervisor() {
+    mkdir -p /tmp/supervisor_data
+    docker run --rm --privileged \
+        --name hassio_supervisor \
+        --privileged \
+        --security-opt seccomp=unconfined \
+        --security-opt apparmor:unconfined \
+        -v /run/docker.sock:/run/docker.sock:rw \
+        -v /run/dbus:/run/dbus:ro \
+        -v /run/udev:/run/udev:ro \
+        -v /tmp/supervisor_data:/data:rw \
+        -v "$WORKSPACE_DIRECTORY":/data/addons/local:rw \
+        -v /etc/machine-id:/etc/machine-id:ro \
+        -e SUPERVISOR_SHARE="/tmp/supervisor_data" \
+        -e SUPERVISOR_NAME=hassio_supervisor \
+        -e SUPERVISOR_DEV=1 \
+        -e SUPERVISOR_MACHINE="qemux86-64" \
+        "homeassistant/amd64-hassio-supervisor:${SUPERVISOR_VERSON}"
+}
+
+function init_dbus() {
+    if pgrep dbus-daemon; then
+        echo "Dbus is running"
+        return 0
+    fi
+
+    echo "Startup dbus"
+    mkdir -p /var/lib/dbus
+    cp -f /etc/machine-id /var/lib/dbus/machine-id
+
+    # cleanups
+    mkdir -p /run/dbus
+    rm -f /run/dbus/pid
+
+    # run
+    dbus-daemon --system --print-address
+}
+
+function init_udev() {
+    if pgrep systemd-udevd; then
+        echo "udev is running"
+        return 0
+    fi
+
+    echo "Startup udev"
+
+    # cleanups
+    mkdir -p /run/udev
+
+    # run
+    /lib/systemd/systemd-udevd --daemon
+    sleep 3
+    udevadm trigger && udevadm settle
+}
+
+echo "Start Test-Env"
+
+start_docker
+trap "stop_docker" ERR
+
+docker system prune -f
+
+cleanup_lastboot
+cleanup_docker
+init_dbus
+init_udev
+run_supervisor
+stop_docker

frigate_beta_fa/.gitattributes

@@ -0,0 +1 @@
+*.sh text eol=lf

frigate_beta_fa/.vscode/tasks.json

@@ -0,0 +1,31 @@
+{
+    // See https://go.microsoft.com/fwlink/?LinkId=733558
+    // for the documentation about the tasks.json format
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "Start Home Assistant",
+            "type": "shell",
+            "command": "./.devcontainer/supervisor.sh",
+            "group": {
+                "kind": "test",
+                "isDefault": true,
+            },
+            "presentation": {
+                "reveal": "always",
+                "panel": "new"
+            },
+            "problemMatcher": []
+        },{
+            "label": "Run Home Assistant CLI",
+            "type": "shell",
+            "command": "docker exec -ti hassio_cli /usr/bin/cli.sh",
+            "group": "test",
+            "presentation": {
+                "reveal": "always",
+                "panel": "new"
+            },
+            "problemMatcher": []
+        }
+    ]
+}

frigate_beta_fa/CHANGELOG.md

@@ -0,0 +1,60 @@
+### 2.5
+
+- 0.9.0 Release Candidate 6
+
+### 2.4
+
+- 0.9.0 Release Candidate 5
+
+### 2.3
+
+- 0.9.0 Release Candidate 4
+
+### 2.2
+
+- 0.9.0 Release Candidate 3
+- Allow access to side panel for non-admins
+
+### 2.1
+
+- 0.9.0 Release Candidate 2
+
+### 2.0
+
+- 0.9.0 Release Candidate 1
+
+### 1.8
+
+- 0.8.0 Release Candidate 6
+
+### 1.7
+
+- 0.8.0 Release Candidate 5
+
+### 1.6
+
+- 0.8.0 Release Candidate 4
+
+### 1.5
+
+- 0.8.0 Release Candidate 3
+
+### 1.4
+
+- 0.8.0 Release Candidate 2
+
+### 1.3
+
+- 0.8.0 Release Candidate 1
+
+### 1.2
+
+- 0.8.0 Beta 3
+
+### 1.1
+
+- 0.8.0 Beta 2
+
+### 1.0
+
+- 0.8.0 Beta 1

frigate_beta_fa/DOCS.md

@@ -0,0 +1,9 @@
+This is the beta addon for the 0.9.0 release. Please reference the [release notes](https://github.com/blakeblackshear/frigate/releases) for breaking changes.
+
+Frigate brings realtime object detection to any camera video feed supported by ffmpeg.
+
+## Required Dependencies
+- MQTT: Frigate communicates via MQTT
+
+## Support
+Please [open an issue](https://github.com/blakeblackshear/frigate/issues/new/choose) if you need support.

frigate_beta_fa/Dockerfile

@@ -0,0 +1,2 @@
+ARG BUILD_ARCH
+FROM blakeblackshear/frigate:0.9.0-rc6-${BUILD_ARCH}

frigate_beta_fa/README.md

@@ -0,0 +1,14 @@
+# Home Assistant Add-on: Frigate NVR Beta (Outdated)
+
+There is no current beta version. Please use the current official version.
+
+![Supports aarch64 Architecture][aarch64-shield] ![Supports amd64 Architecture][amd64-shield] ![Supports armv7 Architecture][armv7-shield]
+
+NVR with realtime local object detection for IP cameras.
+
+[Frigate]: https://docs.frigate.video
+[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
+[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
+[armhf-shield]: https://img.shields.io/badge/armhf-no-red.svg
+[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
+[i386-shield]: https://img.shields.io/badge/i386-no-red.svg