summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Dobrowolski <admin@tastycode.pl>2020-06-22 17:25:45 +0200
committerPiotr Dobrowolski <admin@tastycode.pl>2020-06-22 17:25:45 +0200
commit56df3a536f4291cf9380534bd994096870fe0d90 (patch)
treebdf5ba68ed05f6d48a865f7a06825726953fee91
parent2b8d5529f762d74fbd4d8093a4f1b184c07d7d25 (diff)
downloadbitvend-56df3a536f4291cf9380534bd994096870fe0d90.tar.gz
bitvend-56df3a536f4291cf9380534bd994096870fe0d90.tar.bz2
bitvend-56df3a536f4291cf9380534bd994096870fe0d90.tar.xz
bitvend-56df3a536f4291cf9380534bd994096870fe0d90.zip
*: deployment fixes
-rw-r--r--default.nix10
-rwxr-xr-xlego-hook.sh14
-rw-r--r--mdb/backend.py11
-rw-r--r--mdb/device.py3
-rw-r--r--mdb/utils.py6
-rw-r--r--module.nix30
6 files changed, 62 insertions, 12 deletions
diff --git a/default.nix b/default.nix
index b83484f..139848c 100644
--- a/default.nix
+++ b/default.nix
@@ -17,6 +17,7 @@ let
inherit prometheus_client;
inherit pyjwt;
inherit pytest;
+ inherit pyserial;
inherit qrcode;
inherit raspberrypi-tools;
inherit requests;
@@ -106,19 +107,11 @@ in with upstream; let
propagatedBuildInputs = [ raspberrypi-tools ];
};
- cygpio = buildPythonPackage {
- pname = "cygpio";
- version = "1.0.0";
- src = ./cygpio;
- propagatedBuildInputs = [ pigpio cython ];
- };
-
in buildPythonPackage rec {
name = "bitvend";
src = ./.;
doCheck = false;
propagatedBuildInputs = [
- cygpio
flask
flask_sqlalchemy
websocket_client
@@ -127,5 +120,6 @@ in buildPythonPackage rec {
prometheus_client
spaceauth
qrcode
+ pyserial
];
}
diff --git a/lego-hook.sh b/lego-hook.sh
new file mode 100755
index 0000000..6bcacab
--- /dev/null
+++ b/lego-hook.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# lego generates proper absolute fqdn with trailing dot. API expects one without it
+FQDN="${2::-1}"
+CHALLENGE="$3"
+
+case $1 in
+ present)
+ curl "$API_URL/api/1/add?token=$API_TOKEN&record=$FQDN:TXT&value=\"$CHALLENGE\"" ;;
+ cleanup)
+ curl "$API_URL/api/1/delete?token=$API_TOKEN&record=$FQDN:TXT" ;;
+ timeout)
+ echo '{"timeout": 240, "interval": 5}' ;;
+esac
diff --git a/mdb/backend.py b/mdb/backend.py
index 1fc686e..06b402a 100644
--- a/mdb/backend.py
+++ b/mdb/backend.py
@@ -87,10 +87,21 @@ class SerialBackend(Backend):
import serial
self.ser = serial.Serial(device)
+ # FIXME clear buffer
+ self.ser.timeout = 0.2
+ while self.ser.read(1):
+ pass
+ self.ser.timeout = None
+
def read(self):
buf = b''
while len(buf) < 2:
buf += self.ser.read(1)
+
+ # FIXME drop if 9th bit byte is invalid (desync)
+ if len(buf) >= 2 and buf[1] not in [0, 1]:
+ buf = buf[1:]
+
return buf
def write(self, data):
diff --git a/mdb/device.py b/mdb/device.py
index f05144a..0fa97a0 100644
--- a/mdb/device.py
+++ b/mdb/device.py
@@ -10,7 +10,6 @@ except ImportError:
try:
import cygpio
except ImportError:
- raise
cygpio = None
from mdb.utils import compute_checksum, compute_chk, bcd_decode
@@ -219,7 +218,7 @@ class CashlessMDBDevice(MDBDevice):
self.logger.info('VEND: request %r', req)
value, product_bcd = struct.unpack('>xhhx', req.data)
product = bcd_decode(product_bcd)
- self.logger.info('VEND: requested %d for %d', product, value)
+ self.logger.info('VEND: requested %d (%04x) for %d', product, product_bcd, value)
if self.vend_request(product, value):
# accept. two latter bytes are value subtracted from balance
# displayed after purchase FIXME
diff --git a/mdb/utils.py b/mdb/utils.py
index 37459fa..902bd2c 100644
--- a/mdb/utils.py
+++ b/mdb/utils.py
@@ -7,4 +7,8 @@ def compute_checksum(cmd, data):
return compute_chk(bytearray([cmd]) + data)
def bcd_decode(b):
- return 10 * ((b & 0xf0) >> 4) + (b & 0x0f)
+ return \
+ 1000 * ((b & 0xf000) >> 12) + \
+ 100 * ((b & 0xf00) >> 8) + \
+ 10 * ((b & 0xf0) >> 4) + \
+ (b & 0x0f)
diff --git a/module.nix b/module.nix
index b8149f5..a698a69 100644
--- a/module.nix
+++ b/module.nix
@@ -17,7 +17,12 @@ let
BLOCKCYPHER_TOKEN = '${cfg.blockcypherToken}'
SECRET_KEY = '${cfg.secretKey}'
'';
-
+ legoHook = pkgs.runCommand "lego-hook-wrapped" {
+ buildInputs = [ pkgs.makeWrapper ];
+ } ''
+ makeWrapper ${./lego-hook.sh} $out \
+ --prefix PATH : ${lib.makeBinPath [ pkgs.curl pkgs.bash ]}
+ '';
in {
options.services.bitvend = {
@@ -56,6 +61,11 @@ in {
default = "vending.waw.hackerspace.pl";
description = "hostname";
};
+ acmeToken = mkOption {
+ type = types.str;
+ default = "";
+ description = "Let's Encrypt proxy API authentication token";
+ };
};
config = mkIf cfg.enable {
ids.uids.bitvend = 2137;
@@ -67,6 +77,7 @@ in {
uid = config.ids.uids.bitvend;
description = "Bitvend daemon user";
home = cfg.stateDir;
+ extraGroups = [ "dialout" ];
};
users.groups.bitvend = {
name = bitvendGroup;
@@ -88,12 +99,29 @@ in {
"d '${cfg.stateDir}' 0750 '${bitvendUser}' '${bitvendGroup}' - -"
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ security.acme.acceptTerms = true;
+ security.acme.email = "informatic@hackerspace.pl";
+ security.acme.certs."${cfg.hostName}" = {
+ dnsProvider = "exec";
+ dnsPropagationCheck = false;
+ webroot = lib.mkForce null;
+ credentialsFile = pkgs.writeText "acme-creds" ''
+EXEC_PATH=${legoHook}
+API_URL=https://ns1-waw.hackerspace.pl
+API_TOKEN=${cfg.acmeToken}
+ '';
+ };
+
services.nginx = {
enable = true;
+ recommendedProxySettings = true;
appendHttpConfig = ''
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=qrcode_cache:10m max_size=50m inactive=60m;
'';
virtualHosts."${cfg.hostName}" = {
+ forceSSL = true;
+ enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5000";
};