Until Proxmox's native method of running OCI containers inside LXC becomes more mature, I wanted to run the official Frigate OCI container nested in an LXC container. I found using
Containerd also runs as a OpenRC service and adheres to the restart policy set in the compose file. Alpine Linux does not use systemd but instead OpenRC which makes it a little bit complicated to use Podman, because Podman is daemonless and there needs to be a way to implement container lifecycle management which i havent found yet how to do in OpenRC. Podman is made to work along with systemd and has its own native way of managing containers lifecycle using systemd "Quadlets". I found this is a much more elegant and lightweight way of doing it.
On the host as root, run the following to enable GPU monitoring inside the container:
Make the change persistent across reboots:
Install the latest Alpine LXC from Proxmox template list.
Check
I chose 8 GB RAM and 16 GB disk which seem to be more than sufficient for my deployment.
Give it a mount point on a pool of your choice, point it to
Enter the console and do the regular Linux server deployment, install text editor, SSH server and the software you prefer.
Preferrably, setup Alpine's package manager to use a suitable mirror:
Install text editor of your choice, e.g nano:
Change version number to latest-stable and uncomment line for enabling community repository
Install containerd and nerdctl
Set containerd to runlevel default
Now, reboot server from Proxmox webUI and login to the container as root.
Create directories for Frigate
Place your frigate config in
Create your frigate docker-compose file:
Here is my compose file valid for using my intel GPU, but you can find both an example compose file and a frigate config reference in the Frigate documentation, to account for your specific hardware configuration. I used network mode host because I do not need port mappings due to Frigate being the only application running inside this LXC container.
Pull and start Frigate, check logs for errors.
Use
For example to update the container:
containerd along with nerdctl instead of Docker or Podman works right out of the box not stumbling on any of the other issues coming from using nested containers inside LXC such as cgroups issues or similar. Containerd seems also to be more lightweight than my previous Docker setup. For reference, my eight camera setup uses 1.8 GB RAM and 2.8 GB boot disk size when everything is up and running.Containerd also runs as a OpenRC service and adheres to the restart policy set in the compose file. Alpine Linux does not use systemd but instead OpenRC which makes it a little bit complicated to use Podman, because Podman is daemonless and there needs to be a way to implement container lifecycle management which i havent found yet how to do in OpenRC. Podman is made to work along with systemd and has its own native way of managing containers lifecycle using systemd "Quadlets". I found this is a much more elegant and lightweight way of doing it.
On the host as root, run the following to enable GPU monitoring inside the container:
sysctl kernel.perf_event_paranoid=0Make the change persistent across reboots:
echo "kernel.perf_event_paranoid = 0" > /etc/sysctl.d/gpu-monitor.confInstall the latest Alpine LXC from Proxmox template list.
Check
nesting, check unprivileged, check keyctlI chose 8 GB RAM and 16 GB disk which seem to be more than sufficient for my deployment.
Give it a mount point on a pool of your choice, point it to
/var/lib/frigate/mediainside the container. Set device pass through using the GUI /dev/dri/renderD128 or the card of your choice and mount it as root (leaving uid/gid unchecked, effectively uid=0 gid=0)Enter the console and do the regular Linux server deployment, install text editor, SSH server and the software you prefer.
Preferrably, setup Alpine's package manager to use a suitable mirror:
Code:
setup-apkrepos
apk updateInstall text editor of your choice, e.g nano:
apk add nanonano /etc/apk/repositoriesChange version number to latest-stable and uncomment line for enabling community repository
Install containerd and nerdctl
apk add nerdctlSet containerd to runlevel default
rc-update add containerdNow, reboot server from Proxmox webUI and login to the container as root.
Create directories for Frigate
mkdir -p /var/lib/frigate/{media,config}Place your frigate config in
/var/lib/frigate/configCreate your frigate docker-compose file:
/root/compose.yamlnano ~/compose.yamlHere is my compose file valid for using my intel GPU, but you can find both an example compose file and a frigate config reference in the Frigate documentation, to account for your specific hardware configuration. I used network mode host because I do not need port mappings due to Frigate being the only application running inside this LXC container.
Code:
services:
frigate:
container_name: frigate
restart: unless-stopped
stop_grace_period: 30s # allow enough time to shut down the various services
image: ghcr.io/blakeblackshear/frigate:stable
network_mode: host
shm_size: "512mb" # update for your cameras based on calculation above
cap_add:
- CAP_PERFMON # To enable GPU monitoring
devices:
- /dev/dri/renderD128:/dev/dri/renderD128
volumes:
- /var/lib/frigate/config:/config
- /var/lib/frigate/media:/media/frigate
- type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear
target: /tmp/cache
tmpfs:
size: 1000000000Pull and start Frigate, check logs for errors.
Code:
nerdctl compose up -d
nerdctl compose logs -fUse
nerdctl to start, stop and pull containers just as you use the docker command.For example to update the container:
Code:
nerdctl compose pull
nerdctl compose down
nerdctl compose up -d