Completing the door access project

lukecyca · November 17, 2020, 10:29pm

I’d like to help push this across the finish line. I quickly took some photos of the current state:

the card entry for the side door is all ready to go. I was about to start a beta rollout with some members just before COVID hit and I otherwise haven’t been back to the space to manage that yet. Software is ready, hardware is installed. The only thing that still sucks is RFID enrollment but it’s manageable.

I still think we need to do a beta/trial phase for the side door to iron out any kinks and closely monitor it. I’ve hesitated to attempt this during COVID because of our reduced attendance at the space but if there’s now members regularly at the space to ensure that the door doesn’t suddenly fail, etc then we can certainly move forward.

I’m personally trying to minimize my external contact but I’d be happy to coordinate with someone virtually to walk through turning it on and what to manage for a beta/trial with some members.

So let’s do this!

I guess it probably needs network and power. Is someone able to volunteer to do that?
We need a better way to mount the sensor to the window so it stays put and is obvious from the outside where to tap your card/phone. Perhaps someone could design and build something?
Once it’s on the network perhaps we can get laftho remote access
I’m happy to beta test

laftho · November 17, 2020, 10:41pm

right, I had simply bought some double sided foam tape that would work but that’s when COVID kicked in and haven’t been down to tape it to the glass.

It uses wifi but wired ethernet would be better. It currently does not have an SD card in there, just needs raspbian with docker installed and then to just run this docker image: https://hub.docker.com/repository/docker/vanhack/rpi-tapstack
with the correct environment settings, see: https://github.com/vhs/rpi-tapstack

lukecyca · November 26, 2020, 9:12pm

Update on my slow but continued progress…

I have made a raspberry pi image. I deviated a bit from the PROVISION.md instructions by using DietPi instead of raspbian, and an Ethernet connection instead of wifi. I’ve also created a docker-compose.yml. I’ll commit these changes to the repo along with an updates to PROVISION.md.

Kudos to @laftho for a very tidy repo and docker image and even a provision document! Such a joy to pick up a project where the last person did some solid documentation!

Just wondering if you know off hand how to set all the environment variables. I can take the various hats off the pi and figure out what pin everything is connected to, but I assume you probably already have this info @laftho. Or maybe I just didn’t see it.

On the wiring side, I had some trouble with the high-current wires coming out of the screw terminals on the relay hat as they don’t seem to be fitting very well. I think I’ll try some bootlace ferrules next time I’m in.

For the tap hardware, I’ll try foam tape like you intended.

laftho · November 27, 2020, 8:37am

Awesome work @lukecyca thanks for diving in on that! The README.md on the repo mentions the defaults for the environments so you can pretty much omit all of them except the API key.

Specifically, you can see the defaults here https://github.com/vhs/rpi-tapstack/blob/master/src/config.js#L17

laftho · November 27, 2020, 8:43am

ok actually, I completely forgot I had added a private repo with the docker stack and secrets! It’s on our VHS private gitlab account. @TyIsI are you able to grant @lukecyca access to the https://gitlab.com/vhs-membership/door-access repo?

laftho · November 27, 2020, 8:48am

@lukecyca in the meantime, this is the stack I used (its in the private gitlab repo with the secrets for the api key and theres a few provision scripts):

version: "3.7"
services:
  visualizer:
    image: dockersamples/visualizer
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    networks:
      proxy:
        aliases:
          - door_access_visualizer
      admin:
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
  door-west:
    image: vanhack/rpi-tapstack:latest
    secrets:
      - nomos_api_key
    environment:
      - NOMOS_API_KEY_FILE=/run/secrets/nomos_api_key
      - REQUIRED_PRIVILEGES=door,vetted
      - ON_ARRIVE_CH2=on:200
      - ON_ACCEPT_CH1=on:3000
      - ON_ACCEPT_CH2=on:200
      - ON_DENIED_CH2=on:200,off:10,on:200
    volumes:
      - "/sys:/sys"
    devices:
      - "/dev/i2c-1:/dev/i2c-1"
    networks:
      - iot
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.labels.vhs.venables.door == west]
secrets:
  nomos_api_key:
    file: ./secrets/nomos_api_key
    name: nomos_api_key_v1
    
networks:
  iot:
  proxy:
    external: true

because the container needs access to the /dev/i2c-1 device and /sys for it to be able to properly communicate with the NFC reader, you need to run the container in privileged mode. This prevents you from running it in a docker swarm as this stack file was setup for. You can just use docker-compose instead like you had started and just have like ssh on the PI or something for the rare management/updates it might need.

TyIsI · November 27, 2020, 7:02pm

Added @lukecyca to the gitlab repo