*: deployment fixes
parent
2b8d5529f7
commit
56df3a536f
10
default.nix
10
default.nix
|
@ -17,6 +17,7 @@ let
|
||||||
inherit prometheus_client;
|
inherit prometheus_client;
|
||||||
inherit pyjwt;
|
inherit pyjwt;
|
||||||
inherit pytest;
|
inherit pytest;
|
||||||
|
inherit pyserial;
|
||||||
inherit qrcode;
|
inherit qrcode;
|
||||||
inherit raspberrypi-tools;
|
inherit raspberrypi-tools;
|
||||||
inherit requests;
|
inherit requests;
|
||||||
|
@ -106,19 +107,11 @@ in with upstream; let
|
||||||
propagatedBuildInputs = [ raspberrypi-tools ];
|
propagatedBuildInputs = [ raspberrypi-tools ];
|
||||||
};
|
};
|
||||||
|
|
||||||
cygpio = buildPythonPackage {
|
|
||||||
pname = "cygpio";
|
|
||||||
version = "1.0.0";
|
|
||||||
src = ./cygpio;
|
|
||||||
propagatedBuildInputs = [ pigpio cython ];
|
|
||||||
};
|
|
||||||
|
|
||||||
in buildPythonPackage rec {
|
in buildPythonPackage rec {
|
||||||
name = "bitvend";
|
name = "bitvend";
|
||||||
src = ./.;
|
src = ./.;
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
propagatedBuildInputs = [
|
propagatedBuildInputs = [
|
||||||
cygpio
|
|
||||||
flask
|
flask
|
||||||
flask_sqlalchemy
|
flask_sqlalchemy
|
||||||
websocket_client
|
websocket_client
|
||||||
|
@ -127,5 +120,6 @@ in buildPythonPackage rec {
|
||||||
prometheus_client
|
prometheus_client
|
||||||
spaceauth
|
spaceauth
|
||||||
qrcode
|
qrcode
|
||||||
|
pyserial
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# lego generates proper absolute fqdn with trailing dot. API expects one without it
|
||||||
|
FQDN="${2::-1}"
|
||||||
|
CHALLENGE="$3"
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
present)
|
||||||
|
curl "$API_URL/api/1/add?token=$API_TOKEN&record=$FQDN:TXT&value=\"$CHALLENGE\"" ;;
|
||||||
|
cleanup)
|
||||||
|
curl "$API_URL/api/1/delete?token=$API_TOKEN&record=$FQDN:TXT" ;;
|
||||||
|
timeout)
|
||||||
|
echo '{"timeout": 240, "interval": 5}' ;;
|
||||||
|
esac
|
|
@ -87,10 +87,21 @@ class SerialBackend(Backend):
|
||||||
import serial
|
import serial
|
||||||
self.ser = serial.Serial(device)
|
self.ser = serial.Serial(device)
|
||||||
|
|
||||||
|
# FIXME clear buffer
|
||||||
|
self.ser.timeout = 0.2
|
||||||
|
while self.ser.read(1):
|
||||||
|
pass
|
||||||
|
self.ser.timeout = None
|
||||||
|
|
||||||
def read(self):
|
def read(self):
|
||||||
buf = b''
|
buf = b''
|
||||||
while len(buf) < 2:
|
while len(buf) < 2:
|
||||||
buf += self.ser.read(1)
|
buf += self.ser.read(1)
|
||||||
|
|
||||||
|
# FIXME drop if 9th bit byte is invalid (desync)
|
||||||
|
if len(buf) >= 2 and buf[1] not in [0, 1]:
|
||||||
|
buf = buf[1:]
|
||||||
|
|
||||||
return buf
|
return buf
|
||||||
|
|
||||||
def write(self, data):
|
def write(self, data):
|
||||||
|
|
|
@ -10,7 +10,6 @@ except ImportError:
|
||||||
try:
|
try:
|
||||||
import cygpio
|
import cygpio
|
||||||
except ImportError:
|
except ImportError:
|
||||||
raise
|
|
||||||
cygpio = None
|
cygpio = None
|
||||||
|
|
||||||
from mdb.utils import compute_checksum, compute_chk, bcd_decode
|
from mdb.utils import compute_checksum, compute_chk, bcd_decode
|
||||||
|
@ -219,7 +218,7 @@ class CashlessMDBDevice(MDBDevice):
|
||||||
self.logger.info('VEND: request %r', req)
|
self.logger.info('VEND: request %r', req)
|
||||||
value, product_bcd = struct.unpack('>xhhx', req.data)
|
value, product_bcd = struct.unpack('>xhhx', req.data)
|
||||||
product = bcd_decode(product_bcd)
|
product = bcd_decode(product_bcd)
|
||||||
self.logger.info('VEND: requested %d for %d', product, value)
|
self.logger.info('VEND: requested %d (%04x) for %d', product, product_bcd, value)
|
||||||
if self.vend_request(product, value):
|
if self.vend_request(product, value):
|
||||||
# accept. two latter bytes are value subtracted from balance
|
# accept. two latter bytes are value subtracted from balance
|
||||||
# displayed after purchase FIXME
|
# displayed after purchase FIXME
|
||||||
|
|
|
@ -7,4 +7,8 @@ def compute_checksum(cmd, data):
|
||||||
return compute_chk(bytearray([cmd]) + data)
|
return compute_chk(bytearray([cmd]) + data)
|
||||||
|
|
||||||
def bcd_decode(b):
|
def bcd_decode(b):
|
||||||
return 10 * ((b & 0xf0) >> 4) + (b & 0x0f)
|
return \
|
||||||
|
1000 * ((b & 0xf000) >> 12) + \
|
||||||
|
100 * ((b & 0xf00) >> 8) + \
|
||||||
|
10 * ((b & 0xf0) >> 4) + \
|
||||||
|
(b & 0x0f)
|
||||||
|
|
30
module.nix
30
module.nix
|
@ -17,7 +17,12 @@ let
|
||||||
BLOCKCYPHER_TOKEN = '${cfg.blockcypherToken}'
|
BLOCKCYPHER_TOKEN = '${cfg.blockcypherToken}'
|
||||||
SECRET_KEY = '${cfg.secretKey}'
|
SECRET_KEY = '${cfg.secretKey}'
|
||||||
'';
|
'';
|
||||||
|
legoHook = pkgs.runCommand "lego-hook-wrapped" {
|
||||||
|
buildInputs = [ pkgs.makeWrapper ];
|
||||||
|
} ''
|
||||||
|
makeWrapper ${./lego-hook.sh} $out \
|
||||||
|
--prefix PATH : ${lib.makeBinPath [ pkgs.curl pkgs.bash ]}
|
||||||
|
'';
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options.services.bitvend = {
|
options.services.bitvend = {
|
||||||
|
@ -56,6 +61,11 @@ in {
|
||||||
default = "vending.waw.hackerspace.pl";
|
default = "vending.waw.hackerspace.pl";
|
||||||
description = "hostname";
|
description = "hostname";
|
||||||
};
|
};
|
||||||
|
acmeToken = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
description = "Let's Encrypt proxy API authentication token";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
ids.uids.bitvend = 2137;
|
ids.uids.bitvend = 2137;
|
||||||
|
@ -67,6 +77,7 @@ in {
|
||||||
uid = config.ids.uids.bitvend;
|
uid = config.ids.uids.bitvend;
|
||||||
description = "Bitvend daemon user";
|
description = "Bitvend daemon user";
|
||||||
home = cfg.stateDir;
|
home = cfg.stateDir;
|
||||||
|
extraGroups = [ "dialout" ];
|
||||||
};
|
};
|
||||||
users.groups.bitvend = {
|
users.groups.bitvend = {
|
||||||
name = bitvendGroup;
|
name = bitvendGroup;
|
||||||
|
@ -88,12 +99,29 @@ in {
|
||||||
"d '${cfg.stateDir}' 0750 '${bitvendUser}' '${bitvendGroup}' - -"
|
"d '${cfg.stateDir}' 0750 '${bitvendUser}' '${bitvendGroup}' - -"
|
||||||
];
|
];
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
security.acme.email = "informatic@hackerspace.pl";
|
||||||
|
security.acme.certs."${cfg.hostName}" = {
|
||||||
|
dnsProvider = "exec";
|
||||||
|
dnsPropagationCheck = false;
|
||||||
|
webroot = lib.mkForce null;
|
||||||
|
credentialsFile = pkgs.writeText "acme-creds" ''
|
||||||
|
EXEC_PATH=${legoHook}
|
||||||
|
API_URL=https://ns1-waw.hackerspace.pl
|
||||||
|
API_TOKEN=${cfg.acmeToken}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
appendHttpConfig = ''
|
appendHttpConfig = ''
|
||||||
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=qrcode_cache:10m max_size=50m inactive=60m;
|
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=qrcode_cache:10m max_size=50m inactive=60m;
|
||||||
'';
|
'';
|
||||||
virtualHosts."${cfg.hostName}" = {
|
virtualHosts."${cfg.hostName}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:5000";
|
proxyPass = "http://127.0.0.1:5000";
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue