Completing the door access project

Space and infrastructure
#1

I’d like to help push this across the finish line. I quickly took some photos of the current state:

IMG_0691
IMG_06912016×1512 602 KB

IMG_0690
IMG_06901512×2016 549 KB

IMG_0689
IMG_06891512×2016 713 KB

In this thread @laftho says:

So let’s do this!

  • I guess it probably needs network and power. Is someone able to volunteer to do that?
  • We need a better way to mount the sensor to the window so it stays put and is obvious from the outside where to tap your card/phone. Perhaps someone could design and build something?
  • Once it’s on the network perhaps we can get laftho remote access
  • I’m happy to beta test
4 Likes
#2

right, I had simply bought some double sided foam tape that would work but that’s when COVID kicked in and haven’t been down to tape it to the glass.

It uses wifi but wired ethernet would be better. It currently does not have an SD card in there, just needs raspbian with docker installed and then to just run this docker image: https://hub.docker.com/repository/docker/vanhack/rpi-tapstack
with the correct environment settings, see: https://github.com/vhs/rpi-tapstack

3 Likes
#3

Update on my slow but continued progress…

I have made a raspberry pi image. I deviated a bit from the PROVISION.md instructions by using DietPi instead of raspbian, and an Ethernet connection instead of wifi. I’ve also created a docker-compose.yml. I’ll commit these changes to the repo along with an updates to PROVISION.md.

Kudos to @laftho for a very tidy repo and docker image and even a provision document! Such a joy to pick up a project where the last person did some solid documentation!

Just wondering if you know off hand how to set all the environment variables. I can take the various hats off the pi and figure out what pin everything is connected to, but I assume you probably already have this info @laftho. Or maybe I just didn’t see it.

On the wiring side, I had some trouble with the high-current wires coming out of the screw terminals on the relay hat as they don’t seem to be fitting very well. I think I’ll try some bootlace ferrules next time I’m in.

For the tap hardware, I’ll try foam tape like you intended.

4 Likes
#4

Awesome work @lukecyca thanks for diving in on that! The README.md on the repo mentions the defaults for the environments so you can pretty much omit all of them except the API key.

Specifically, you can see the defaults here https://github.com/vhs/rpi-tapstack/blob/master/src/config.js#L17

1 Like
#5

ok actually, I completely forgot I had added a private repo with the docker stack and secrets! It’s on our VHS private gitlab account. @TyIsI are you able to grant @lukecyca access to the https://gitlab.com/vhs-membership/door-access repo?

1 Like
#6

@lukecyca in the meantime, this is the stack I used (its in the private gitlab repo with the secrets for the api key and theres a few provision scripts):

version: "3.7"
services:
  visualizer:
    image: dockersamples/visualizer
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    networks:
      proxy:
        aliases:
          - door_access_visualizer
      admin:
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
  door-west:
    image: vanhack/rpi-tapstack:latest
    secrets:
      - nomos_api_key
    environment:
      - NOMOS_API_KEY_FILE=/run/secrets/nomos_api_key
      - REQUIRED_PRIVILEGES=door,vetted
      - ON_ARRIVE_CH2=on:200
      - ON_ACCEPT_CH1=on:3000
      - ON_ACCEPT_CH2=on:200
      - ON_DENIED_CH2=on:200,off:10,on:200
    volumes:
      - "/sys:/sys"
    devices:
      - "/dev/i2c-1:/dev/i2c-1"
    networks:
      - iot
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.labels.vhs.venables.door == west]
secrets:
  nomos_api_key:
    file: ./secrets/nomos_api_key
    name: nomos_api_key_v1
    
networks:
  iot:
  proxy:
    external: true

because the container needs access to the /dev/i2c-1 device and /sys for it to be able to properly communicate with the NFC reader, you need to run the container in privileged mode. This prevents you from running it in a docker swarm as this stack file was setup for. You can just use docker-compose instead like you had started and just have like ssh on the PI or something for the rare management/updates it might need.

1 Like
#7

Added @lukecyca to the gitlab repo

2 Likes
#8
  • Dietpi installed on new SD card
  • Docker configured, new docker-compose file created and committed
  • Power run to the enclosure
  • Conduit and ethernet run to the enclosure (thanks @JohnC)
  • Wiring fixed and improved (thanks @JohnC)
  • Networking (switch port, static dhcp assignment, etc.) configured (thanks @TyIsI)
  • Container is now running…
root@vhs-doorpi-west1:~# docker-compose logs -f --tail=100 tapstack
Attaching to root_tapstack_1
tapstack_1  | > rpi-tapstack@1.0.0 start /run/rpi-tapstack
tapstack_1  | > export LD_LIBRARY_PATH=/usr/local/lib && node src/index.js
tapstack_1  | {"time":"2020-12-02T00:10:05.523Z","message":"PIN RELAY_CH1_PIN:26 0"}
tapstack_1  | {"time":"2020-12-02T00:10:05.587Z","message":"PIN RELAY_CH2_PIN:20 0"}
tapstack_1  | {"time":"2020-12-02T00:10:05.591Z","message":"PIN RELAY_CH3_PIN:21 0"}
tapstack_1  | {"time":"2020-12-02T00:10:05.687Z","message":"initializing nci context..."}
tapstack_1  | {"time":"2020-12-02T00:10:05.690Z","message":"nci listening..."}

Ty is going to the space later and will wave some cards in front of the reader and see if we get any log output.

What’s the process for enrolling cards (or smartphones?) in Nomos?

We’re getting close!

6 Likes
#9

Membership cards can get enrolled through NOMOS. We’ll need to set something up for other devices though.

#10

Cool, are the clear NFC membership cards still in use?

#11

We’re planning on getting them to finally seeing some use!

1 Like
#12

We have the system installed and working with the Nomos membership software.

However this project has stalled because the door and door hardware are wholly unsuitable right now. The electronic strike lines up with the rickedy old door handle, which is loose and missing screws and generally untrustworthy. We have been mainly relying on the deadbolt, which is in good repair. However in order to use this system we will need to leave the deadbolt unlocked, so that the electronic strike can release the door.

Can somebody step up to assess this door and make any necessary repairs and improvements?

7 Likes
#13

This project is on hold again I guess, pending a new champion to figure out how to secure the door so that using this electronic access system is feasible.

I set out to get the electronics installed and working, and to that end I think we succeeded! But I need to pass off the next part of this project to someone else — my VHS sweat equity is already being spent on maintaining the laser, CNC, and VHS finances.

4 Likes
#14

Wondering if it is worth moving this electronic access to the front door which might be more solid or at least easier to reinforce?

#15

Yeah I can have a look next week, from the sounds of this we just need to replace the existing handle that interacts with the strike and reinforce the door/frame somewhat if I am understanding the situation correctly.

6 Likes
#16

And my axe! err… grinder.

4 Likes
#17

Okay so the door is rigged. You can no longer open the side door from outside. Turns out the existing door had a pair of push buttons to lock and unlock it.

Rather than trusting y’all not unlock it and leave it unlocked I took the liberty of disabling the unlock button by hammering the brass plate flat and installing a captive screwhead. Its hackspace good enough.

20201224_150815
20201224_1508151440×2560 478 KB

If you want to undisable it you’ll need a flat head screw driver to take off the side plate and remove the disabling screw.

Longer term moving forward @JohnC found a box of door hardware including a new handleset which is much nicer. Unfortunately its not locked and there is no key present. @rsim any idea where that key ended up?

I have put this box of door stuff under the side door stairs in front of the mame cabinet.

Still on the list is reinforcing the frame with steel flatbar but that cam happen at any time and is not required for the rfid system to proceed.

So the other thing is we need to make sure we have an override key for the front door in case the batteries die or we are not getting into the hackspace easily.

*edit - bill pointed out that we will also have to leave the deadbolt open for the rfid to work, probably cant make it a double lock because fire exit but we could remove it entirely

7 Likes
#18

Or we could put a piece of tape over it with the word “no” written on it.

3 Likes
#19

Hi guys: I wish Happy New Year to everyone to begin with. I was away for a while and now much encouraged to re-enroll with my membership, if I can. I am still long ways away; and far behind VHS life; though, maybe it would be easier to install a strong mechanical lock (key and handle) and have computer monitor because, it sounds like digital key and there are errors everywhere in the world these days. So that a key-holder can really hold and enter. Wish you all best…

2 Likes
#20

20210116_161217
20210116_1612171440×2560 569 KB

Door is reinforced. Seems solid, I even slapped the reenforcement strip and said “that’s not going anywhere.”
The u channel is 3/16ths and there are 7 screws going at least 3.5" into the frame so its good.
Thanks @Metal_Janet for plasmaing the notch.

Edit- also we are going to take that new door handle from under the stairs into a locksmith and get it rekeyeed so its useable. Why the key isnt in the box with it is beyond me but here we are…

8 Likes