{
  pkgs,
  config,
  ...
}:
{
  # container image used for edgetpu support
  virtualisation.oci-containers.containers.frigate = {
    extraOptions = [
      "--privileged"
      "--shm-size=128mb"
      "--device=/dev/bus/usb:/dev/bus/usb"
    ];
    image = "ghcr.io/blakeblackshear/frigate:stable";
    volumes = [
      "/etc/localtime:/etc/localtime:ro"
      "/nix/persist/service/frigate/config:/config"
      "/nix/persist/service/frigate/data:/media/frigate"
      #"/tmp/frigate:/tmp/cache"
    ];
    ports = [
      "5000:5000"
      "8554:8554" # RTSP feeds
      "8555:8555/tcp" # WebRTC over tcp
      "8555:8555/udp" # WebRTC over udp
    ];
  };

  networking.firewall.interfaces.ss0.allowedTCPPorts = [
    5000
    8554
    8555
  ];
  networking.firewall.interfaces.ss0.allowedUDPPorts = [ 8555 ];

  global.fs.zfs.mountpoints."/nix/persist/service/frigate" = "service/frigate";
}