adjust cross-build.sh, add debian stuff

2025-03-12 08:01:42 +01:00 · 2025-03-11 01:41:48 +01:00 · 2025-03-11 01:41:48 +01:00 · c61237b811
commit c61237b811
parent 2d127d5ca0
38 changed files with 2822 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 /target
+/debian/fabaccess-bffh-0.*
--- a/cross-build.sh
+++ b/cross-build.sh
@ -16,14 +16,21 @@ cargo install cross
 echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"
 echo -e "gathering some general info ..."
 echo -e "+++++++++++++++++++++++++++++++++++++++++++\n"
-dpkg-architecture | grep DEB_HOST_ARCH_CPU
-dpkg-architecture | grep DEB_HOST_MULTIARCH
+DEB_HOST_ARCH_CPU=$(dpkg-architecture | grep DEB_HOST_ARCH_CPU)
+DEB_HOST_MULTIARCH=$(dpkg-architecture | grep DEB_HOST_MULTIARCH)
+
+if [[ ! $DEB_HOST_ARCH_CPU -eq "amd64" ]]; then
+	echo -e "Host architecture is not amd64. Aborting ..."
+	exit 1
+fi

 # this generates bffhd and fabfire_provision binary files in target/<architecture>/ dir
 # we compile for amd64 (x86_64) using native "cargo build --release". Other architectures we use podman + cross_rs
 echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"
 echo -e "cross-compiling ..."
 echo -e "+++++++++++++++++++++++++++++++++++++++++++\n"
-time cargo build --release
-time cross build --target aarch64-unknown-linux-gnu --release
+CARGO_TARGET_DIR=target/x86_64-unknown-linux-gnu time cargo build --release
+cd fabfire_provision; CARGO_TARGET_DIR=../target/x86_64-unknown-linux-gnu time cargo build --release; cd ../
+
+time cross build --target=aarch64-unknown-linux-gnu --release
 time cross build --target=armv7-unknown-linux-gnueabihf --release
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@ -0,0 +1,11 @@
+#see:
+# - https://hub.docker.com/_/ubuntu
+# - https://github.com/docker-library/official-images#architectures-other-than-amd64
+FROM docker.io/ubuntu:noble
+#COPY requirements.txt requirements.txt
+RUN apt-get update -y
+RUN apt-get upgrade -y
+RUN apt install -y devscripts build-essential debhelper alien htop vim libpcsclite-dev
+#COPY . .
+#VOLUME /app/config
+#CMD [ "python3", "main.py"]
--- a/debian/create-packages.sh
+++ b/debian/create-packages.sh
@ -0,0 +1,90 @@
+#!/bin/bash
+
+#the dir containing our debian source data
+SRCDIR=$(pwd)
+
+#target dir where to put build packages
+DOWNLOAD=$HOME/bffh-debian/
+mkdir -p ${DOWNLOAD}
+
+# architecture mapping array linux <-> rust
+declare -A ARCHES_LR=(
+	["armv7"]=armv7-unknown-linux-gnueabihf
+	["aarch64"]=aarch64-unknown-linux-gnu
+	["amd64"]=x86_64-unknown-linux-gnu
+	)
+
+#architecture mapping array linux <-> docker ubuntu:noble
+# - https://hub.docker.com/_/ubuntu
+# - https://github.com/docker-library/official-images#architectures-other-than-amd64
+declare -A ARCHES_LD=(
+	["armv7"]=arm/v7 #it's NOT arm32/v7
+	["aarch64"]=arm64/v8
+	["amd64"]=NATIVE #just some pseudo
+	)
+
+echo SRCDIR: $SRCDIR
+BFFHV=$(grep "Standards-Version: " fabaccess-bffh-src/debian/control | awk -F ' ' '{print $2}')
+echo BFFH target build version: ${BFFHV}
+
+# https://www.cyberciti.biz/faq/bash-for-loop-array/
+for ARCH_L in "${!ARCHES_LR[@]}"; do
+
+    ARCH_R=${ARCHES_LR[$ARCH_L]}
+    ARCH_D=${ARCHES_LD[$ARCH_L]}
+
+	echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"
+	echo -e "ARCH_L (Linux)  : $ARCH_L"
+	echo -e "ARCH_R (Rust)   : $ARCH_R"
+	echo -e "ARCH_D (Docker) : $ARCH_D"
+	echo -e "+++++++++++++++++++++++++++++++++++++++++++\n"
+
+	# remove existing target dir if exists (from possible previous builds)
+	if [ -f fabaccess-bffh-${BFFHV}/ ]; then
+		rm -rf fabaccess-bffh-${BFFHV}/
+	fi
+
+	# Create a working dir copy which has the correct name (required by dpkg-buildpackage command)
+	cp -R fabaccess-bffh-src/ fabaccess-bffh-${BFFHV}/
+
+	# Replace target architecture in control file
+	sed "s/Architecture: {{REPLACE_ME}}/Architecture: any/" -i fabaccess-bffh-${BFFHV}/debian/control
+
+	# declare required compiled binaries and check for existence
+	BIN_BFFHD=${SRCDIR}/bffh/target/${ARCH_R}/release/bffhd
+	BIN_FABFIRE_PROVISION=${SRCDIR}/bffh/target/${ARCH_R}/release/fabfire_provision
+
+	if [ -f ${BIN_BFFHD} ]; then
+		cp ${BIN_BFFHD} fabaccess-bffh-${BFFHV}/usr/bin/
+	else
+		echo "Error: ${BIN_BFFHD} does not exist!"
+		exit 1
+	fi
+	if [ -f ${BIN_FABFIRE_PROVISION} ]; then
+		cp ${BIN_FABFIRE_PROVISION} fabaccess-bffh-${BFFHV}/usr/bin/
+	else
+		echo "Error: ${BIN_FABFIRE_PROVISION} does not exist!"
+		exit 1
+	fi
+
+
+	if [[ "$ARCH_L" == "amd64" ]]; then
+		echo "native architecture. no podman required"
+	else
+		echo "using podman"
+		#podman ps -a
+
+		# create fresh podman container with ...
+		# - a name using --name fabinfra_deb_arm64
+		# - fitting target architecture using --platform
+		# - starting detached (-d) to run in background (for attaching later on)
+		# - start to operate on it with interactive shell --interactive --tty (or short: -it)
+		# - overwrite existing container if existent by using --replace
+		# - adding the src directory to pass it into container by -v <host_dir>:<container_dir>
+		# - some environment vars (ARCH_LINUX, ARCH_RUST, required by the debian packager)
+		echo podman run --replace -d --tty --interactive -v ${SRCDIR}:/work -e ARCH_LINUX=${ARCH_L} -e ARCH_RUST=${ARCH_R} --name fabinfra_deb_${ARCH_L} --platform linux/${ARCH_D} localhost/fabinfra/debianpackage_${ARCH_D}
+
+		# now attach to that container and start building the packages
+		echo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash
+	fi
+done
--- a/debian/fabaccess-bffh-src/debian/changelog
+++ b/debian/fabaccess-bffh-src/debian/changelog
@ -0,0 +1,74 @@
+fabaccess-bffh (0.4.4) unstable; urgency=low
+
+  * Initial creation of fabaccess-bffh debian package. Beginning with version 0.4.4
+  * the debian package is going to be available for amd64, aarch64, armv7 and arm
+  * this package also contains the binary "fabfire_provision" to operate with DESFire cards with a FabReader (allows writing cards for users) (#119)
+  * reduce the size of binary to ~ 160 megabytes by updating dependencies (#113)
+  * Upgrade most crates to recent versions and fix version mismatch in Cargo.toml (#114)
+  * Remove rust toolchain to use an up to date rust version (like 1.84) (#117)
+  * Merge features containg FabFireCard login and Prodable (locatable lockers) (#130)
+  * Update --print-default parameter to print a lot more useful bffh.dhall sample output (#101) and (#131)
+  * Add log rotation to configuration (#103)
+
+ -- Mario Voigt <mario.voigt@stadtfabrikanten.org>  Fri, 14 Feb 2025 00:05:00 +0100
+
+fabaccess-bffh (0.4.3) unstable; urgency=low
+
+  * Adds binary version of FabFire authenitcation protocol
+  * Adds commands to dump and restore the full database as a TOML text file (--dump-db and --load-db)
+  * allows compilation with current stable Rust (1.84)
+  * Attention: The database format still relies on Rust data layout, so when updating the compiler, the database must be transfered as TOML dump.
+  * Therefore, the rust-toolchain.toml file pinning rustc to version 1.66 is still in place.
+  * resolves a crash (use after free) when disconnecting a client.
+  * resolves some compiler warnings
+
+ -- Mario Voigt <mario.voigt@stadtfabrikanten.org>  Wed, 12 Feb 2025 23:00:00 +0100
+
+fabaccess-bffh (0.4.2) unstable; urgency=low
+
+  * minor upgrades
+
+ -- Nadja von Reitzenstein Čerpnjak <me@dequbed.space>  Fri, 13 May 2022 18:32:00 +0100
+
+fabaccess-bffh (0.4.1) unstable; urgency=low
+
+  * Initial implementation of the FabAccess 0.3 API, "Spigots of Berlin".
+
+ -- Nadja von Reitzenstein Čerpnjak <me@dequbed.space>  Tue, 03 May 2022 17:19:00 +0100
+
+fabaccess-bffh (0.3.0) unstable; urgency=low
+
+  * A version seen by enough people that the version number needs to be skipped but never a formally released version
+
+ -- Nadja von Reitzenstein Čerpnjak <me@dequbed.space>  Tue, 03 May 2022 00:19:00 +0100
+
+fabaccess-bffh (0.2.3) unstable; urgency=low
+
+  * minor upgrades
+
+ -- Nadja von Reitzenstein Čerpnjak <me@dequbed.space>  Mon, 07 Feb 2022 17:49:00 +0100
+
+fabaccess-bffh (0.2.2) unstable; urgency=low
+
+  * minor upgrades
+
+ -- Nadja von Reitzenstein Čerpnjak <me@dequbed.space>  Wed, 12 Jan 2022 16:18:00 +0100
+
+fabaccess-bffh (0.2.1) unstable; urgency=low
+
+  * minor upgrades
+
+ -- Nadja von Reitzenstein Čerpnjak <me@dequbed.space>  Sat, 11 Dec 2021 03:40:00 +0100
+
+fabaccess-bffh (0.2.0) unstable; urgency=low
+
+  * Dammit, missed by four days.
+  * First (released) version that actually does something.
+  * More extensive documentation to follow for 0.2.1ff
+
+ -- Nadja von Reitzenstein Čerpnjak <me@dequbed.space>  Tue, 23 Feb 2021 11:44:00 +0100
+
+fabaccess-bffh (0.1.0) unstable; urgency=low
+  * First version. Released on an unsuspecting world.
+
+ -- Nadja von Reitzenstein Čerpnjak <me@dequbed.space>  Wed, 19 Feb 2020 14:57:00 +0100
--- a/debian/fabaccess-bffh-src/debian/compat
+++ b/debian/fabaccess-bffh-src/debian/compat
@ -0,0 +1 @@
+10
--- a/debian/fabaccess-bffh-src/debian/control
+++ b/debian/fabaccess-bffh-src/debian/control
@ -0,0 +1,18 @@
+Source: fabaccess-bffh
+Section: utils
+Priority: optional
+Origin: FabInfra
+Maintainer: Mario Voigt <mario.voigt@stadtfabrikanten.org>
+Homepage: https://docs.fab-access.org
+Bugs: https://gitlab.com/fabinfra/fabaccess/bffh/-/issues
+Standards-Version: 0.4.4
+
+Package: fabaccess-bffh
+Architecture: {{REPLACE_ME}}
+Depends: openssl
+Suggests: argon2, capnproto, dhall, grafana, loki, mosquitto, mosquitto-clients, promtail, python3, python3-pip, python3-venv
+Description: FabAccess Diflouroborane Server (bffh)
+ - a powerful, central access and machine control system for open workshops, fablabs, makerspaces, hackerspaces, etc.
+ - supported by the community of FAB:UNIverse and Verbund Offener Werkstätten e.V.
+ - check out https://fab-access.org/join to get in contact
+Tag: implemented-in::rust,interface::daemon,devel::lang:rust,field::electronics,hardware::power,network::server,privacy::no-known-issues,protocol::TODO,role::program,system::server,use::organizing
--- a/debian/fabaccess-bffh-src/debian/copyright
+++ b/debian/fabaccess-bffh-src/debian/copyright
@ -0,0 +1,8 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: https://gitlab.com/fabinfra/fabaccess/bffh
+Upstream-Name: bffh
+Upstream-Contact: FabInfra <info@fab-access.org>
+
+Files: *
+Copyright: 2019 - 2025, FabInfra <info@fab-access.org>
+License: GPL-3
--- a/debian/fabaccess-bffh-src/debian/fabaccess-bffh.install
+++ b/debian/fabaccess-bffh-src/debian/fabaccess-bffh.install
@ -0,0 +1,13 @@
+./etc/bffh/bffh.dhall /etc/bffh/
+./etc/bffh/config_examples/ /etc/bffh/config_examples/
+
+./etc/logrotate.d/bffhd /etc/logrotate.d/
+
+./etc/systemd/system/bffh.service /etc/systemd/system
+
+./etc/sudoers.d/bffh /etc/sudoers.d/
+
+./usr/bin/bffhd /usr/bin/
+./usr/bin/fabfire_provision /usr/bin/
+
+./manpages/bffhd.1.gz /usr/share/man/man1/
--- a/debian/fabaccess-bffh-src/debian/postinst
+++ b/debian/fabaccess-bffh-src/debian/postinst
@ -0,0 +1,88 @@
+#!/bin/bash
+
+# OS check
+# apt/deb based
+if [ "$(grep -Ei 'debian|buntu|mint' /etc/*release)" ]; then
+PACKMAN="apt"
+fi
+# dnf/rpm based
+if [ "$(grep -Ei 'fedora|redhat' /etc/*release)" ]; then
+PACKMAN="dnf"
+fi
+
+BFFH_DIR_ETC=/etc/bffh
+BFFH_DIR_CERTS=$BFFH_DIR_ETC/certs
+BFFH_DIR_DB=/var/lib/bffh/
+
+# add a bffh user (with bffh group)
+useradd -m -s /bin/bash bffh > /dev/null 2>&1
+
+# make dirs
+mkdir -p $BFFH_DIR_ETC
+mkdir -p $BFFH_DIR_CERTS
+mkdir -p $BFFH_DIR_DB
+
+# create certfile and keyfile
+# :: keep in sync with bffh/bffhd/config/dhall.rs
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj "/C=DE/ST=Saxony/L=Chemnitz/O=FabAccess/CN=fabaccess.sample.space" -keyout $BFFH_DIR_CERTS/bffh.key -out $BFFH_DIR_CERTS/bffh.crt > /dev/null 2>&1
+chmod 400 $BFFH_DIR_CERTS/bffh.crt
+chmod 400 $BFFH_DIR_CERTS/bffh.key
+echo "This certificate is a self-signed one! See https://fab-access.org/configure on how to use or create your own certificate." > /etc/bffh/certs/README.md
+
+# fix ownership
+chown -R bffh:bffh $BFFH_DIR_ETC
+chown bffh:bffh $BFFH_DIR_DB
+
+echo -e '\e[36m  ______    _                                   \e[0m'
+echo -e '\e[36m |  ____|  | |      /\                          \e[0m'
+echo -e '\e[36m | |__ __ _| |__   /  \   ___ ___ ___  ___ ___  \e[0m'
+echo -e '\e[36m |  __/ _` |  _ \ / /\ \ / __/ __/ _ \/ __/ __| \e[0m'
+echo -e '\e[36m | | | (_| | |_) / ____ \ (_| (_|  __/\__ \__ \ \e[0m'
+echo -e '\e[36m |_|  \__,_|_.__/_/    \_\___\___\___||___/___/ \e[0m'
+echo -e "\n"
+echo -e " \e[33m🎆\e[0m FabAccess Diflouroborane Server (bffh) was installed/updated. Congratulations!\n"
+echo -e " \e[33m⚠️ PLEASE CONSIDER:\e[0m"
+echo -e " - if not already changed by you, this is the minimum working localhost listening"
+echo -e "   setup WITHOUT any users, roles, ressources, actors, actor_connections"
+echo -e " - iif not done yet: please update the self-signed TLS certificate to a proper one to go for production"
+echo -e " - remember to configure and run a well-defined Mosquitto MQTT server"
+echo -e " - please check the CHANGELOG for latest modifications to the server at https://y.fab-access.org/changelog-bffh"
+echo -e " - further information about configuration and usage can be found at https://fab-access.org/configure"
+echo -e " - the client application to access your server (called 'Borepin') can be found at https://fab-access.org/download\n"
+
+# check for Mosquitto availability on local system
+if command -v dnf 2>&1 >/dev/null; then
+	dnf list installed mosquitto > /dev/null 2>&1
+fi
+if command -v dpkg 2>&1 >/dev/null; then
+	dpkg -l mosquitto > /dev/null 2>&1
+fi
+MOSQUITTO_INSTALLED=$?
+if [[ ! $MOSQUITTO_INSTALLED -eq 0 ]]; then
+	echo -e " Could not find a local Mosquitto MQTT server. Please install it with 'sudo "$PACKMAN" install mosquitto' or configure an external MQTT server in /etc/bffh/bffh.dhall file. Otherwise BFFH will refuse to start!\e[0m"
+fi
+
+# handle service file. We restart bffh only if it waas running before (keep the state)
+# https://www.freedesktop.org/software/systemd/man/latest/systemctl.html#Exit%20status
+if command -v systemctl >/dev/null; then
+        systemctl daemon-reload
+        systemctl enable bffh.service #enable is fine. but do not autostart
+    systemctl status bffh.service > /dev/null 2>&1
+    BFFH_STATUS=$?
+        if [[ $BFFH_STATUS -eq 0 ]]; then
+                # if return code 0 service is running. let's restart
+                echo -e " - systemctl: restarting bffh.service ...\n"
+                systemctl restart bffh.service
+        else
+                echo -e " - systemctl: bffh.service did not run before installation."
+                echo -e "   Please start it manually by 'systemctl start bffh.service && journalctl -f -u bffh.service'\n"
+        fi
+fi
+
+echo -e " - Last hint: don't forget to import a proper users.toml into the database"
+echo -e "   (should fit to your main configuration bffh.dhall as well)."
+echo -e "   You can import an example (let's use 'showcase') users database with"
+echo -e "   the command '/usr/bin/bffhd --load /etc/bffh/config_examples/showcase/users.toml'"
+echo -e "   Then you should overwrite /etc/bffh/bffh.dhall with the one from"
+echo -e "   /etc/bffh/config_examples/showcase/bffh.dhall and restart the bffh.service"
+echo -e "   If you messed up, you can restore your default settings from /etc/bffh/config_examples/minimum_working/\n"
--- a/debian/fabaccess-bffh-src/debian/postrm
+++ b/debian/fabaccess-bffh-src/debian/postrm
@ -0,0 +1,25 @@
+#!/bin/bash
+
+echo -e "Performing BFFH post removal tasks ..."
+
+uninstall () {
+	echo -e "Please note that the following data directories/files are kept as they might still contain important data:"
+	echo -e " - /etc/bffh/"
+	echo -e " - /var/lib/bffh/"
+	echo -e " - /var/log/bffh/audit.json\n"
+	echo -e "Deleting user \"bffh\""
+	userdel bffh
+}
+
+# we check for "purge" on debianoid systems, otherwise this is run twice
+if [ "$(grep -Ei 'debian|buntu|mint' /etc/*release)" ]; then
+	if [[ $1 = 'purge' ]]; then
+		# call uninstall function
+		uninstall
+	fi
+fi
+# on redhat systems we can skip the check for purge 
+if [ "$(grep -Ei 'fedora|redhat' /etc/*release)" ]; then
+	# call uninstall function
+	uninstall
+fi
--- a/debian/fabaccess-bffh-src/debian/prerm
+++ b/debian/fabaccess-bffh-src/debian/prerm
@ -0,0 +1,8 @@
+#!/bin/bash
+
+# handle service file
+if command -v systemctl >/dev/null; then
+        systemctl stop bffh.service
+        systemctl disable bffh.service
+        systemctl daemon-reload
+fi
--- a/debian/fabaccess-bffh-src/debian/rules
+++ b/debian/fabaccess-bffh-src/debian/rules
@ -0,0 +1,3 @@
+#!/usr/bin/make -f
+%:
+	dh $@
--- a/debian/fabaccess-bffh-src/debian/source/format
+++ b/debian/fabaccess-bffh-src/debian/source/format
@ -0,0 +1 @@
+3.0 (native)
--- a/debian/fabaccess-bffh-src/debian/watch
+++ b/debian/fabaccess-bffh-src/debian/watch
@ -0,0 +1,3 @@
+version=4
+opts="searchmode=plain" \
+ https://gitlab.com/fabinfra/@PACKAGE@/tags?sort=updated_desc -/archive/v?\d[\d.]+/@PACKAGE@-@ANY_VERSION@@ARCHIVE_EXT@
--- a/debian/fabaccess-bffh-src/etc/bffh/bffh.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/bffh.dhall
@ -0,0 +1,16 @@
+{
+spacename = "fabaccess.sample.space",
+instanceurl = "https://fabaccess.sample.space",
+listens = [{address = "127.0.0.1"}],
+certfile = "/etc/bffh/certs/bffh.crt",
+keyfile = "/etc/bffh/certs/bffh.key",
+mqtt_url = "mqtt://127.0.0.1:1883",
+db_path = "/var/lib/bffh/bffh.db",
+auditlog_path = "/var/log/bffh/audit.json",
+roles = {=},
+machines = {=},
+actors = {=},
+actor_connections = [] : List { machine : Text, initiator : Text },
+initiators = {=},
+init_connections = [] : List { machine : Text, initiator : Text }
+}
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/bffh.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/bffh.dhall
@ -0,0 +1,196 @@
+{ listens = [ { address = "::", port = 59661 } ]
+, certfile = "/etc/letsencrypt/cert.pem"
+, keyfile = "/etc/letsencrypt/key.pem"
+, mqtt_url = "tcp://mqtt:1883"
+, db_path = "/var/lib/bffh/db"
+, auditlog_path = "/tmp/bffh.audit"
+, spacename = "FabAccess Local Test"
+, instanceurl = "localtest.fab-access.org"
+, roles =
+  { Admin.permissions =
+    [ "TestEnv.Admin"
+    , "TestEnv.Manage.A"
+    , "TestEnv.Manage.B"
+    , "TestEnv.Manage.C"
+    , "TestEnv.Write.A"
+    , "TestEnv.Write.B"
+    , "TestEnv.Write.C"
+    , "TestEnv.Read.A"
+    , "TestEnv.Read.B"
+    , "TestEnv.Read.C"
+    , "TestEnv.Disclose.A"
+    , "TestEnv.Disclose.B"
+    , "TestEnv.Disclose.C"
+    ]
+  , ManageUsers.permissions =
+    [ "bffh.users.info", "bffh.users.manage", "bffh.users.admin" ]
+  , ManageA.permissions = [ "TestEnv.Manage.A" ]
+  , ManageB.permissions = [ "TestEnv.Manage.B" ]
+  , ManageC.permissions = [ "TestEnv.Manage.C" ]
+  , UseA.permissions = [ "TestEnv.Write.A" ]
+  , UseB.permissions = [ "TestEnv.Write.B" ]
+  , UseC.permissions = [ "TestEnv.Write.C" ]
+  , ReadA.permissions = [ "TestEnv.Read.A" ]
+  , ReadB.permissions = [ "TestEnv.Read.B" ]
+  , ReadC.permissions = [ "TestEnv.Read.C" ]
+  , DiscloseA.permissions = [ "TestEnv.Disclose.A" ]
+  , DiscloseB.permissions = [ "TestEnv.Disclose.B" ]
+  , DiscloseC.permissions = [ "TestEnv.Disclose.C" ]
+  }
+, machines =
+  { MachineA1 =
+    { name = "MachineA1"
+    , description = "Description of MachineA1"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose.A"
+    , read = "TestEnv.Read.A"
+    , write = "TestEnv.Write.A"
+    , manage = "TestEnv.Manage.A"
+    }
+  , MachineA2 =
+    { name = "MachineA2"
+    , description = "Description of MachineA2"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose.A"
+    , read = "TestEnv.Read.A"
+    , write = "TestEnv.Write.A"
+    , manage = "TestEnv.Manage.A"
+    }
+  , MachineA3 =
+    { name = "MachineA3"
+    , description = "Description of MachineA3"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose.A"
+    , read = "TestEnv.Read.A"
+    , write = "TestEnv.Write.A"
+    , manage = "TestEnv.Manage.A"
+    }
+  , MachineA4 =
+    { name = "MachineA4"
+    , description = "Description of MachineA4"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose.A"
+    , read = "TestEnv.Read.A"
+    , write = "TestEnv.Write.A"
+    , manage = "TestEnv.Manage.A"
+    }
+  , MachineA5 =
+    { name = "MachineA5"
+    , description = "Description of MachineA5"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose.A"
+    , read = "TestEnv.Read.A"
+    , write = "TestEnv.Write.A"
+    , manage = "TestEnv.Manage.A"
+    }
+  , MachineB1 =
+    { name = "MachineB1"
+    , description = "Description of MachineB1"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryB"
+    , disclose = "TestEnv.Disclose.B"
+    , read = "TestEnv.Read.B"
+    , write = "TestEnv.Write.B"
+    , manage = "TestEnv.Manage.B"
+    }
+  , MachineB2 =
+    { name = "MachineB2"
+    , description = "Description of MachineB2"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryB"
+    , disclose = "TestEnv.Disclose.B"
+    , read = "TestEnv.Read.B"
+    , write = "TestEnv.Write.B"
+    , manage = "TestEnv.Manage.B"
+    }
+  , MachineB3 =
+    { name = "MachineB3"
+    , description = "Description of MachineB3"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryB"
+    , disclose = "TestEnv.Disclose.B"
+    , read = "TestEnv.Read.B"
+    , write = "TestEnv.Write.B"
+    , manage = "TestEnv.Manage.B"
+    }
+  , MachineB4 =
+    { name = "MachineB4"
+    , description = "Description of MachineB4"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryB"
+    , disclose = "TestEnv.Disclose.B"
+    , read = "TestEnv.Read.B"
+    , write = "TestEnv.Write.B"
+    , manage = "TestEnv.Manage.B"
+    }
+  , MachineB5 =
+    { name = "MachineB5"
+    , description = "Description of MachineB5"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryB"
+    , disclose = "TestEnv.Disclose.B"
+    , read = "TestEnv.Read.B"
+    , write = "TestEnv.Write.B"
+    , manage = "TestEnv.Manage.B"
+    }
+  , MachineC1 =
+    { name = "MachineC1"
+    , description = "Description of MachineC1"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryC"
+    , disclose = "TestEnv.Disclose.C"
+    , read = "TestEnv.Read.C"
+    , write = "TestEnv.Write.C"
+    , manage = "TestEnv.Manage.C"
+    }
+  , MachineC2 =
+    { name = "MachineC2"
+    , description = "Description of MachineC2"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryC"
+    , disclose = "TestEnv.Disclose.C"
+    , read = "TestEnv.Read.C"
+    , write = "TestEnv.Write.C"
+    , manage = "TestEnv.Manage.C"
+    }
+  , MachineC3 =
+    { name = "MachineC3"
+    , description = "Description of MachineC3"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryC"
+    , disclose = "TestEnv.Disclose.C"
+    , read = "TestEnv.Read.C"
+    , write = "TestEnv.Write.C"
+    , manage = "TestEnv.Manage.C"
+    }
+  , MachineC4 =
+    { name = "MachineC4"
+    , description = "Description of MachineC4"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryC"
+    , disclose = "TestEnv.Disclose.C"
+    , read = "TestEnv.Read.C"
+    , write = "TestEnv.Write.C"
+    , manage = "TestEnv.Manage.C"
+    }
+  , MachineC5 =
+    { name = "MachineC5"
+    , description = "Description of MachineC5"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryC"
+    , disclose = "TestEnv.Disclose.C"
+    , read = "TestEnv.Read.C"
+    , write = "TestEnv.Write.C"
+    , manage = "TestEnv.Manage.C"
+    }
+  }
+, actors = {=}
+, actor_connections = [] : List { machine : Text, actor : Text }
+, initiators = {=}
+, init_connections = [] : List { machine : Text, initiator : Text }
+}
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/users.toml
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/users.toml
@ -0,0 +1,173 @@
+[Admin1]
+roles = ["Admin", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[Admin2]
+roles = ["Admin", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerA1]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerA2]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerB1]
+roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerB2]
+roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerC1]
+roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerC2]
+roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerABC1]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerABC2]
+roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerA1]
+roles = ["UseA", "ReadA", "DiscloseA"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerA2]
+roles = ["UseA", "ReadA", "DiscloseA"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerB1]
+roles = ["UseB", "ReadB", "DiscloseB"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerB2]
+roles = ["UseB", "ReadB", "DiscloseB"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerC1]
+roles = ["UseC", "ReadC", "DiscloseC"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerC2]
+roles = ["UseC", "ReadC", "DiscloseC"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerABC1]
+roles = ["UseA", "ReadA", "DiscloseA", "UseB", "ReadB", "DiscloseB", "UseC", "ReadC", "DiscloseC"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerABC2]
+roles = ["UseA", "ReadA", "DiscloseA", "UseB", "ReadB", "DiscloseB", "UseC", "ReadC", "DiscloseC"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestA1]
+roles = ["ReadA", "DiscloseA"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestA2]
+roles = ["ReadA", "DiscloseA"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestB1]
+roles = ["ReadB", "DiscloseB"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestB2]
+roles = ["ReadB", "DiscloseB"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestC1]
+roles = ["ReadC", "DiscloseC"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestC2]
+roles = ["ReadC", "DiscloseC"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestABC1]
+roles = ["ReadA", "DiscloseA", "ReadB", "DiscloseB", "ReadC", "DiscloseC"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestABC2]
+roles = ["ReadA", "DiscloseA", "ReadB", "DiscloseB", "ReadC", "DiscloseC"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerQRA]
+roles = ["UseA", "ReadA"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerQRB]
+roles = ["UseB", "ReadB"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerQRC]
+roles = ["UseC", "ReadC"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/bffh.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/bffh.dhall
@ -0,0 +1,824 @@
+  { listens =
+    [ { address = "127.0.0.1", port = 59661 }
+    , { address = "::1", port = 59661 }
+    ]
+  , certfile = "examples/cert.pem"
+  , keyfile = "examples/key.pem"
+  , mqtt_url = "tcp://makerspace-bocholt.redacted:1883"
+  , db_path = "/root/BFFH/bffh/target/release/bffh"
+  , auditlog_path = "/root/BFFH/bffh/target/release/bffh.audit"
+  , roles =
+    { doorrole.permissions =
+      [ "doorrole.read"
+      , "doorrole.write"
+      , "doorrole.disclose"
+      , "doorrole.manage"
+      ]
+    , basis.permissions = [ "basis.read", "basis.write", "basis.disclose" ]
+    , hobby =
+      { parents = [ "basis" ]
+      , permissions = [ "hobby.read", "hobby.write", "hobby.disclose" ]
+      }
+    , profi =
+      { parents = [ "hobby" ]
+      , permissions = [ "profi.read", "profi.write", "profi.disclose" ]
+      }
+    , laser.permissions =
+      [ "lab.laser.read"
+      , "lab.laser.write"
+      , "lab.laser.disclose"
+      , "lab.laser.manage"
+      ]
+    , Drucker3D.permissions =
+      [ "lab.3D.read", "lab.3D.write", "lab.3D.disclose", "lab.3D.manage" ]
+    , Plasma.permissions =
+      [ "lab.plasma.read"
+      , "lab.plasma.write"
+      , "lab.plasma.disclose"
+      , "lab.plasma.manage"
+      ]
+    , PlattenSaege.permissions =
+      [ "lab.plattensaege.read"
+      , "lab.plattensaege.write"
+      , "lab.plattensaege.disclose"
+      , "lab.plattensaege.manage"
+      ]
+    , FormatSaege.permissions =
+      [ "lab.formatsaege.read"
+      , "lab.formatsaege.write"
+      , "lab.formatsaege.disclose"
+      , "lab.formatsaege.manage"
+      ]
+    , DrehFraes.permissions =
+      [ "lab.drehfraes.read"
+      , "lab.drehfraes.write"
+      , "lab.drehfraes.disclose"
+      , "lab.drehfraes.manage"
+      ]
+    , StickMaschine.permissions =
+      [ "lab.stickmasch.read"
+      , "lab.stickmasch.write"
+      , "lab.stickmasch.disclose"
+      , "lab.stickmasch.manage"
+      ]
+    , Staenderbohrmaschine.permissions =
+      [ "lab.staenderbohrmasch.read"
+      , "lab.staenderbohrmasch.write"
+      , "lab.staenderbohrmasch.disclose"
+      , "lab.staenderbohrmasch.manage"
+      ]
+    , Kantenschleifer.permissions =
+      [ "lab.kantenschleifer.read"
+      , "lab.kantenschleifer.write"
+      , "lab.kantenschleifer.disclose"
+      , "lab.kantenschleifer.manage"
+      ]
+    , BandsaegeHolz.permissions =
+      [ "lab.bandsaege.read"
+      , "lab.bandsaege.write"
+      , "lab.bandsaege.disclose"
+      , "lab.bandsaege.manage"
+      ]
+    , Drechselbank.permissions =
+      [ "lab.drechseln.read"
+      , "lab.drechseln.write"
+      , "lab.drechseln.disclose"
+      , "lab.drechseln.manage"
+      ]
+    , Hobelmaschine.permissions =
+      [ "lab.hobelmasch.read"
+      , "lab.hobelmasch.write"
+      , "lab.hobelmasch.disclose"
+      , "lab.hobelmasch.manage"
+      ]
+    , CNCmittel.permissions =
+      [ "lab.cncmittel.read"
+      , "lab.cncmittel.write"
+      , "lab.cncmittel.disclose"
+      , "lab.cncmittel.manage"
+      ]
+    , CNCgross.permissions =
+      [ "lab.cncgross.read"
+      , "lab.cncgross.write"
+      , "lab.cncgross.disclose"
+      , "lab.cncgross.manage"
+      ]
+    , Brennofen.permissions =
+      [ "lab.brennofen.read"
+      , "lab.brennofen.write"
+      , "lab.brennofen.disclose"
+      , "lab.brenofen.manage"
+      ]
+    , crew =
+      { parents = [ "profi" ]
+      , permissions =
+        [ "crew.read", "crew.write", "crew.disclose", "crew.admin", "lab.*" ]
+      }
+    , admin =
+      { parents = [ "crew" ]
+      , permissions =
+        [ "admin.read"
+        , "admin.write"
+        , "admin.disclose"
+        , "admin.admin"
+        , "bffh.users.manage"
+        , "bffh.users.admin"
+        , "bffh.users.info"
+        ]
+      }
+    }
+  , machines =
+    { Shelly-Blau =
+      { description = "A test machine"
+      , disclose = "basis.disclose"
+      , category = "test"
+      , manage = "basis.read"
+      , name = "Shelly Blau"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , JorisHilft =
+      { description = "Projektsupport"
+      , disclose = "basis.disclose"
+      , category = "Support"
+      , manage = "basis.read"
+      , name = "Joris hilft"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , TanjaHilft =
+      { description = "Projektsupport"
+      , disclose = "basis.disclose"
+      , category = "Support"
+      , manage = "basis.read"
+      , name = "Tanja hilft"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , Shelly-Rot =
+      { description = "A test machine"
+      , disclose = "crew.disclose"
+      , category = "test"
+      , manage = "admin.admin"
+      , name = "Shelly Rot"
+      , read = "crew.read"
+      , write = "crew.write"
+      }
+    , Willkommen =
+      { category = "Management"
+      , disclose = "admin.disclose"
+      , manage = "doorrole.manage"
+      , name = "AUF schliessen"
+      , read = "doorrole.read"
+      , write = "doorrole.write"
+      }
+    , ResetTuer =
+      { description = "Setzt Tuersteuerung zurueck"
+      , category = "Management"
+      , disclose = "doorrole.disclose"
+      , manage = "doorrole.manage"
+      , name = "Reset Tuer"
+      , read = "doorrole.read"
+      , write = "doorrole.write"
+      }
+    , AufWiedersehen =
+      { category = "Management"
+      , disclose = "admin.disclose"
+      , manage = "doorrole.manage"
+      , name = "ZU schliessen"
+      , read = "doorrole.read"
+      , write = "doorrole.write"
+      }
+    , LogIn =
+      { category = "Management"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Einloggen?"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , LogOut =
+      { category = "Management"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Ausloggen?"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , LichtOben =
+      { category = "Management"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Licht Oben"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , LichtHinten =
+      { category = "Management"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Licht Hinten"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , LichtLager =
+      { category = "Management"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Licht Lager"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , LeinwandDunkel =
+      { category = "Management"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Leinwand Dunkel"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , Kompressor =
+      { category = "Management"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Kompressor"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , SkyLaser9060 =
+      { category = "Fablab"
+      , disclose = "admin.disclose"
+      , manage = "lab.laser.manage"
+      , name = "SkyLaser9060"
+      , read = "lab.laser.read"
+      , write = "lab.laser.write"
+      }
+    , ElektronikBereich =
+      { disclose = "admin.disclose"
+      , manage = "crew.write"
+      , name = "Elektronik Bereich"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , StickMaschine =
+      { description = "Nutzung der Stickmaschine"
+      , category = "Textilwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.stickmasch.manage"
+      , name = "Stickmaschine"
+      , read = "lab.stickmasch.read"
+      , write = "lab.stickmasch.write"
+      }
+    , TextilSchrank =
+      { description = "Schranktuer zur Stickmaschine"
+      , category = "Textilwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.stickmasch.manage"
+      , name = "Tuer Textilschrank"
+      , read = "lab.stickmasch.read"
+      , write = "lab.stickmasch.write"
+      }
+    , Drucker-3D-Kampshoff =
+      { category = "3D Druck"
+      , disclose = "admin.disclose"
+      , manage = "lab.3D.manage"
+      , name = "3D Kapshoff"
+      , read = "lab.3D.read"
+      , write = "lab.3D.write"
+      }
+    , Drucker-3D-Mk3S =
+      { category = "3D Druck"
+      , disclose = "admin.disclose"
+      , manage = "lab.3D.manage"
+      , name = "3D Prusa Mk3S"
+      , read = "lab.3D.read"
+      , write = "lab.3D.write"
+      }
+    , Drucker-3D-RexII =
+      { category = "3D Druck"
+      , disclose = "admin.disclose"
+      , manage = "lab.3D.manage"
+      , name = "Bresser REX II"
+      , read = "lab.3D.read"
+      , write = "lab.3D.write"
+      }
+    , Drucker-3D-Bambu-P1P =
+      { description = "abweichende Druckkosten!"
+      , category = "3D Druck"
+      , disclose = "admin.disclose"
+      , manage = "lab.3D.manage"
+      , name = "Bambu P1P"
+      , read = "lab.3D.read"
+      , write = "lab.3D.write"
+      }
+    , Drucker-3D-Bambu-A1 =
+      { description = "abweichende Druckkosten!"
+      , category = "3D Druck"
+      , disclose = "admin.disclose"
+      , manage = "lab.3D.manage"
+      , name = "Bambu A1"
+      , read = "lab.3D.read"
+      , write = "lab.3D.write"
+      }
+    , Drucker-3D-Bambu-A1-AMS =
+      { description = "abweichende Druckkosten!"
+      , category = "3D Druck"
+      , disclose = "admin.disclose"
+      , manage = "lab.3D.manage"
+      , name = "Bambu A1 AMS"
+      , read = "lab.3D.read"
+      , write = "lab.3D.write"
+      }
+    , Drucker-3D-Bambu-A1-mini =
+      { description = "abweichende Druckkosten!"
+      , category = "3D Druck"
+      , disclose = "admin.disclose"
+      , manage = "lab.3D.manage"
+      , name = "Bambu A1 mini"
+      , read = "lab.3D.read"
+      , write = "lab.3D.write"
+      }
+    , Drucker-3D-Bambu-A1-mini-AMS =
+      { description = "abweichende Druckkosten!"
+      , category = "3D Druck"
+      , disclose = "admin.disclose"
+      , manage = "lab.3D.manage"
+      , name = "Bambu A1 mini AMS"
+      , read = "lab.3D.read"
+      , write = "lab.3D.write"
+      }
+    , SandstrahlGross =
+      { category = "Metallwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Sandstrahlkabine Gross"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , Plasma =
+      { category = "Schweissen"
+      , disclose = "admin.disclose"
+      , manage = "lab.plasma.manage"
+      , name = "Plasma CNC"
+      , read = "lab.plasma.read"
+      , write = "lab.plasma.write"
+      }
+    , Schweissen3 =
+      { description = "Arbeitsplatz Stirnseite 380V"
+      , category = "Schweissen"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Schweissen Platz 3"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , Schweissen1 =
+      { description = "Arbeitsplatz zum Gas 230V"
+      , category = "Schweissen"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Schweissen Platz 1"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , Schweissen2 =
+      { description = "Arbeitsplatz hinten 230V/380V"
+      , category = "Schweissen"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Schweissen Platz 2"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , Schweissgas =
+      { description = "Gasmagnetverntil Schweissgas"
+      , category = "Schweissen"
+      , disclose = "admin.disclose"
+      , manage = "basis.write"
+      , name = "Schweissgas"
+      , read = "basis.read"
+      , write = "basis.write"
+      }
+    , DrehFraes =
+      { category = "Metallwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.drehfraes.manage"
+      , name = "Drehbank und Fraese"
+      , read = "lab.drehfraes.read"
+      , write = "lab.drehfraes.write"
+      }
+    , Staenderbohrmaschine =
+      { category = "Metallwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.staenderbohrmasch.manage"
+      , name = "Staenderbohrmaschine"
+      , read = "lab.staenderbohrmasch.read"
+      , write = "lab.staenderbohrmasch.write"
+      }
+    , CNCmittel =
+      { category = "Metallwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.cncmittel.manage"
+      , name = "Mittler CNC"
+      , read = "lab.cncmittel.read"
+      , write = "lab.cncmittel.write"
+      }
+    , PlattenSaege =
+      { category = "Holzwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.plattensaege.manage"
+      , name = "Plattensaege"
+      , read = "lab.plattensaege.read"
+      , write = "lab.plattensaege.write"
+      }
+    , FormatSaege =
+      { category = "Holzwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.formatsaege.manage"
+      , name = "Formatkreissaege"
+      , read = "lab.formatsaege.read"
+      , write = "lab.formatsaege.write"
+      }
+    , BandsaegeHolz =
+      { category = "Holzwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.bandsaege.manage"
+      , name = "Bandsaege Holz"
+      , read = "lab.bandsaege.read"
+      , write = "lab.bandsaege.write"
+      }
+    , Kantenschleifer =
+      { category = "Holzwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.kantenschleifer.manage"
+      , name = "Kantenschleifer"
+      , read = "lab.kantenschleifer.read"
+      , write = "lab.kantenschleifer.write"
+      }
+    , CNCgross =
+      { category = "Holzwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.cncgross.manage"
+      , name = "Grosse CNC Holz"
+      , read = "lab.cncgross.read"
+      , write = "lab.cncgross.write"
+      }
+    , Drechselbank =
+      { category = "Holzwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.drechseln.manage"
+      , name = "Grosse Drechselbank"
+      , read = "lab.drechseln.read"
+      , write = "lab.drechseln.write"
+      }
+    , Hobelmaschine =
+      { category = "Holzwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.hobelmasch.manage"
+      , name = "Abricht- und Dickenhobel"
+      , read = "lab.hobelmasch.read"
+      , write = "lab.hobelmasch.write"
+      }
+    , Brennofen =
+      { category = "Kreativwerkstatt"
+      , disclose = "admin.disclose"
+      , manage = "lab.brennofen.manage"
+      , name = "Brennofen"
+      , read = "lab.brennofen.read"
+      , write = "lab.brennofen.write"
+      }
+    }
+  , actors =
+    { shelly1-REDACTEDID01 = { module = "Shelly", params = {=} }
+    , shelly1pm-REDACTEDID16 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID02 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID03 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID04 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID05 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID06 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID07 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID08 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID09 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID10 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID11 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID12 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID13 = { module = "Shelly", params = {=} }
+    , shelly1-REDACTEDID14 = { module = "Shelly", params = {=} }
+    , shelly1minig3-REDACTEDID15 =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorShellyMini.py", args = "-vvv" }
+      }
+    , shelly1minig3-REDACTEDID17 =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorShellyMini.py", args = "-vvv" }
+      }
+    , shelly1minig3-REDACTEDID18 =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorShellyMini.py", args = "-vvv" }
+      }
+    , shelly1minig3-REDACTEDID19 =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorShellyMini.py", args = "-vvv" }
+      }
+    , OpenTheDoor =
+      { module = "Process"
+      , params = { cmd = "./examples/actor.py", args = "-vvv" }
+      }
+    , LastPersonOut =
+      { module = "Process"
+      , params = { cmd = "./examples/actor.py", args = "-vvv" }
+      }
+    , reset =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , SkyLaser9060 =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , d3dKampshoff =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , d3dBambuA1mini =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , d3dBambuA1miniAMS =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , d3dBambuA1AMS =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , d3dBambuA1 =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , d3dMk3S =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , d3dRexII =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , d3dBambuP1P =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , DrehFraes =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , Stickmaschine =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , TextilSchrank =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , SandstrahlGross =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , Schweissen1 =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , Schweissen2 =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , CNCmittel =
+      { module = "Process"
+      , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" }
+      }
+    , LogIn =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogOut =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogLastPersonOut =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogOpenTheDoor =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , Logreset =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogSkyLaser9060 =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , Logd3dKampshoff =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , Logd3dBambuA1mini =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , Logd3dBambuA1miniAMS =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , Logd3dBambuA1AMS =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , Logd3dBambuA1 =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , Logd3dMk3S =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , Logd3dRexII =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , Logd3dBambuP1P =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogStickmaschine =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogTextilSchrank =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogJorisHilft =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogTanjaHilft =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogElektronikBereich =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogSandstrahlGross =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogPlasma =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogSchweissen3 =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogSchweissen1 =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogSchweissen2 =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogDrehFraes =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogStaenderbohrmaschine =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogCNCmittel =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogFormatSaege =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogPlattenSaege =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogKantenschleifer =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogBandsaegeHolz =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogCNCgross =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogDrechselbank =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogHobelmaschine =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogKompressor =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    , LogBrennofen =
+      { module = "Process"
+      , params = { cmd = "./examples/CSVlog.py", args = "-vvv" }
+      }
+    }
+  , actor_connections =
+    [ { machine = "Shelly-Blau", actor = "shelly1-REDACTEDID01" }
+    , { machine = "Shelly-Rot", actor = "shelly1pm-REDACTEDID16" }
+    , { machine = "Willkommen", actor = "OpenTheDoor" }
+    , { machine = "Willkommen", actor = "LogOpenTheDoor" }
+    , { machine = "ResetTuer", actor = "reset" }
+    , { machine = "ResetTuer", actor = "Logreset" }
+    , { machine = "AufWiedersehen", actor = "LastPersonOut" }
+    , { machine = "AufWiedersehen", actor = "LogLastPersonOut" }
+    , { machine = "LogIn", actor = "LogIn" }
+    , { machine = "LogOut", actor = "LogOut" }
+    , { machine = "LichtLager", actor = "shelly1-REDACTEDID13" }
+    , { machine = "LeinwandDunkel", actor = "shelly1minig3-REDACTEDID17" }
+    , { machine = "LichtOben", actor = "shelly1minig3-REDACTEDID18" }
+    , { machine = "LichtHinten", actor = "shelly1minig3-REDACTEDID19" }
+    , { machine = "Kompressor", actor = "LogKompressor" }
+    , { machine = "SkyLaser9060", actor = "SkyLaser9060" }
+    , { machine = "SkyLaser9060", actor = "LogSkyLaser9060" }
+    , { machine = "Drucker-3D-Kampshoff", actor = "d3dKampshoff" }
+    , { machine = "Drucker-3D-Kampshoff", actor = "Logd3dKampshoff" }
+    , { machine = "Drucker-3D-Bambu-A1-mini", actor = "d3dBambuA1mini" }
+    , { machine = "Drucker-3D-Bambu-A1-mini", actor = "Logd3dBambuA1mini" }
+    , { machine = "Drucker-3D-Bambu-A1-mini-AMS", actor = "d3dBambuA1miniAMS" }
+    , { machine = "Drucker-3D-Bambu-A1-mini-AMS"
+      , actor = "Logd3dBambuA1miniAMS"
+      }
+    , { machine = "Drucker-3D-Bambu-A1-AMS", actor = "d3dBambuA1AMS" }
+    , { machine = "Drucker-3D-Bambu-A1-AMS", actor = "Logd3dBambuA1AMS" }
+    , { machine = "Drucker-3D-Bambu-A1", actor = "d3dBambuA1" }
+    , { machine = "Drucker-3D-Bambu-A1", actor = "Logd3dBambuA1" }
+    , { machine = "Drucker-3D-Mk3S", actor = "d3dMk3S" }
+    , { machine = "Drucker-3D-Mk3S", actor = "Logd3dMk3S" }
+    , { machine = "Drucker-3D-RexII", actor = "d3dRexII" }
+    , { machine = "Drucker-3D-RexII", actor = "Logd3dRexII" }
+    , { machine = "Drucker-3D-Bambu-P1P", actor = "d3dBambuP1P" }
+    , { machine = "Drucker-3D-Bambu-P1P", actor = "Logd3dBambuP1P" }
+    , { machine = "StickMaschine", actor = "Stickmaschine" }
+    , { machine = "StickMaschine", actor = "LogStickmaschine" }
+    , { machine = "TextilSchrank", actor = "TextilSchrank" }
+    , { machine = "TextilSchrank", actor = "LogTextilSchrank" }
+    , { machine = "JorisHilft", actor = "LogJorisHilft" }
+    , { machine = "TanjaHilft", actor = "LogTanjaHilft" }
+    , { machine = "SandstrahlGross", actor = "SandstrahlGross" }
+    , { machine = "SandstrahlGross", actor = "LogSandstrahlGross" }
+    , { machine = "Plasma", actor = "shelly1-REDACTEDID04" }
+    , { machine = "Plasma", actor = "LogPlasma" }
+    , { machine = "Schweissen3", actor = "shelly1-REDACTEDID03" }
+    , { machine = "Schweissen3", actor = "LogSchweissen3" }
+    , { machine = "Schweissen1", actor = "Schweissen1" }
+    , { machine = "Schweissen1", actor = "LogSchweissen1" }
+    , { machine = "Schweissen2", actor = "Schweissen2" }
+    , { machine = "Schweissen2", actor = "LogSchweissen2" }
+    , { machine = "Schweissgas", actor = "shelly1-REDACTEDID14" }
+    , { machine = "Staenderbohrmaschine", actor = "shelly1-REDACTEDID07" }
+    , { machine = "Staenderbohrmaschine", actor = "LogStaenderbohrmaschine" }
+    , { machine = "CNCmittel", actor = "CNCmittel" }
+    , { machine = "CNCmittel", actor = "LogCNCmittel" }
+    , { machine = "ElektronikBereich", actor = "shelly1-REDACTEDID02" }
+    , { machine = "ElektronikBereich", actor = "LogElektronikBereich" }
+    , { machine = "Kantenschleifer", actor = "shelly1-REDACTEDID08" }
+    , { machine = "Kantenschleifer", actor = "LogKantenschleifer" }
+    , { machine = "Drechselbank", actor = "shelly1-REDACTEDID11" }
+    , { machine = "Drechselbank", actor = "LogDrechselbank" }
+    , { machine = "Hobelmaschine", actor = "shelly1-REDACTEDID12" }
+    , { machine = "Hobelmaschine", actor = "LogHobelmaschine" }
+    , { machine = "CNCgross", actor = "shelly1-REDACTEDID09" }
+    , { machine = "CNCgross", actor = "LogCNCgross" }
+    , { machine = "BandsaegeHolz", actor = "shelly1-REDACTEDID10" }
+    , { machine = "BandsaegeHolz", actor = "LogBandsaegeHolz" }
+    , { machine = "DrehFraes", actor = "DrehFraes" }
+    , { machine = "DrehFraes", actor = "LogDrehFraes" }
+    , { machine = "PlattenSaege", actor = "shelly1-REDACTEDID06" }
+    , { machine = "PlattenSaege", actor = "LogPlattenSaege" }
+    , { machine = "FormatSaege", actor = "shelly1-REDACTEDID05" }
+    , { machine = "FormatSaege", actor = "LogFormatSaege" }
+    , { machine = "Brennofen", actor = "shelly1minig3-REDACTEDID15" }
+    , { machine = "Brennofen", actor = "LogBrennofen" }
+    ]
+  , initiators = {=}
+  , init_connections = [] : List { machine : Text, initiator : Text }
+  }
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/users.toml
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/users.toml
@ -0,0 +1,219 @@
+["JoachimBraun"]
+roles = ["basis"]
+passwd = "password"
+
+["PeterStrunkman"]
+roles = ["basis", "laser", "Plasma"]
+passwd = "password"
+
+["JanicePoland"]
+roles = ["basis", "laser", "Plasma", "Drucker3D", "doorrole"]
+passwd = "password"
+
+["WielandMeyer"]
+roles = ["doorrole", "laser", "profi"]
+passwd = "password"
+
+["PetraBauer"]
+roles = ["basis", "laser"]
+passwd = "password"
+
+["KlaraKolan"]
+roles = ["Drucker3D", "basis", "doorrole", "profi"]
+passwd = "password"
+
+["JasonSeig"]
+roles = ["doorrole", "basis", "profi", "FormatSaege", "Bandsaege", "Drechselbank", "BandsaegeHolz", "laser", "Kantenschleifer", "Drucker3D"]
+passwd = "password"
+
+["AlexeyVasi"]
+roles = ["basis", "laser", "Drucker3D"]
+passwd = "password"
+
+["MeranVahreiny"]
+roles = ["basis", "doorrole"]
+passwd = "password"
+
+["WernerMann"]
+roles = ["basis", "profi", "Kantenschleifer", "doorrole"]
+passwd = "password"
+
+["MaxMustermann"]
+roles = ["Drucker3D"]
+passwd = "password"
+
+["BudSpencer"]
+roles = ["basis", "doorrole", "profi", "Drucker3D", "FormatSaege", "Hobelmaschine", "Kantenschleifer", "PlattenSaege", "CNCgross"]
+passwd = "password"
+
+["GeoffreyKing"]
+roles = ["basis", "FormatSaege"]
+passwd = "password"
+
+["JohnSchnee"]
+roles = ["basis", "FormatSaege", "Hobelmaschine", "Kantenschleifer", "doorrole", "Drechselbank"]
+passwd = "password"
+
+["EdwardSnow"]
+roles = ["crew"]
+passwd = "password"
+
+["RichtigGut"]
+roles = ["basis", "doorrole", "profi", "FormatSaege", "Bandsaege", "Kantenschleifer", "Drechselbank", "BandsaegeHolz", "laser"]
+passwd = "password"
+
+["JaGeil"]
+roles = ["basis", "laser"]
+passwd = "password"
+
+["LieberDoch"]
+roles = ["laser", "PlattenSaege", "Plasma", "doorrole", "Drucker3D"]
+passwd = "password"
+
+["NieWieder"]
+roles = ["CNCmittel", "basis", "laser"]
+passwd = "password"
+
+["KarinKrause"]
+roles = ["basis", "Plasma", "doorrole"]
+passwd = "password"
+
+["HalloPizza"]
+roles = ["basis", "Drucker3D"]
+passwd = "password"
+
+["GregorPaus"]
+roles = ["basis", "Drucker3D", "doorrole", "profi", "PlattenSaege", "DrehFraes", "laser"]
+passwd = "password"
+
+["ObiwanKenobi"]
+roles = ["admin", "doorrole", "laser", "StickMaschine"]
+passwd = "password"
+
+["StefanHeßling"]
+roles = ["doorrole", "profi", "basis", "laser"]
+passwd = "password"
+
+["DennisJost"]
+roles = ["doorrole"]
+passwd = "password"
+
+["DerWeihnachtsmann"]
+roles = ["basis", "laser", "Plasma", "PlattenSaege", "Drucker3D", "DrehFraes", "doorrole"]
+passwd = "password"
+
+["ElonMusk"]
+roles = ["basis", "laser", "Plasma"]
+passwd = "password"
+
+["SiegmundJähn"]
+roles = ["basis", "Hobelmaschine", "Kantenschleifer", "Drechselbank", "laser"]
+passwd = "password"
+
+["HomerSimpson"]
+roles = ["doorrole", "basis", "profi"]
+passwd = "password"
+
+["HansGlück"]
+roles = ["basis", "PlattenSaege", "Kantenschleifer", "doorrole"]
+passwd = "password"
+
+["PeterPan"]
+roles = ["basis", "Drechselbank", "Plasma"]
+passwd = "password"
+
+["ChuckNorris"]
+roles = ["basis", "DrehFraes"]
+passwd = "password"
+
+["PowerRanger"]
+roles = ["basis"]
+passwd = "password"
+
+["RobertRobertoson"]
+roles = ["Drucker3D", "basis"]
+passwd = "password"
+
+["AngelaMerkel"]
+roles = ["basis", "laser", "Drucker3D", "Plasma"]
+passwd = "password"
+
+["KatyPerry"]
+roles = ["doorrole", "basis", "profi", "Kantenschleifer", "PlattenSaege", "BandsaegeHolz"]
+passwd = "password"
+
+["IndianaJones"]
+roles = ["basis", "Drucker3D", "laser"]
+passwd = "password"
+
+["LukeSkywalker"]
+roles = ["crew", "doorrole", "SandStrahl", "StickMaschine", "Drucker3D", "FormatSaege", "Kantenschleifer"]
+passwd = "password"
+
+["BigShaq"]
+roles = ["basis", "laser", "BandsaegeHolz"]
+passwd = "password"
+
+["DarthVader"]
+roles = ["profi", "doorrole", "DrehFraes", "FormatSaege", "Kantenschleifer"]
+passwd = "password"
+
+["LeoTimoni"]
+roles = ["doorrole", "PlattenSaege", "Drucker3D", "FormatSaege", "profi", "laser", "DrehFraes", "BandsaegeHolz", "CNCmittel", "Kantenschleifer"]
+passwd = "password"
+
+["HannaLarssen"]
+roles = ["basis", "profi", "doorrole"]
+passwd = "password"
+
+["PietrZcyk"]
+roles = ["basis", "doorrole", "profi", "PlattenSaege"]
+passwd = "password"
+
+["JonathanLeonhardt"]
+roles = ["basis", "profi", "doorrole", "BandsaegeHolz", "FormatSaege", "Kantenschleifer", "PlattenSaege"]
+passwd = "password"
+
+["CaroWanns"]
+roles = ["crew", "doorrole", "FormatSaege", "PlattenSaege"]
+passwd = "password"
+
+["CarstenClossitz"]
+roles = ["doorrole", "basis", "profi", "PlattenSaege", "Drucker3D"]
+passwd = "password"
+
+["FrankMars"]
+roles = ["profi", "doorrole"]
+passwd = "password"
+
+["HanniSchmidt"]
+roles = ["basis", "profi", "doorrole", "laser"]
+passwd = "password"
+
+["MarkSebastion"]
+roles = []
+passwd = "password"
+
+["MarkusHülsbecksen"]
+roles = ["basis", "laser", "Plasma", "DrehFraes", "doorrole", "profi"]
+passwd = "password"
+
+["SteffenSeiffer"]
+roles =["bais", "Drucker3D", "Plasma", "laser"]
+passwd = "password"
+
+["VasimZina"]
+roles =["Drucker3D","doorrole","basis"]
+passwd = "password"
+
+["YemisiBodon"]
+roles =["doorrole","profi","basis"]
+passwd = "password"
+
+["BernadetteSchwanitz"]
+roles =["doorrole","profi","basis"]
+passwd = "password"
+
+["Hans-Sebastian Biedermeyer"]
+roles =["basis"]
+passwd = "password"
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/minimum_working/bffh.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/minimum_working/bffh.dhall
@ -0,0 +1,16 @@
+{
+spacename = "fabaccess.sample.space",
+instanceurl = "https://fabaccess.sample.space",
+listens = [{address = "127.0.0.1"}],
+certfile = "/etc/bffh/certs/bffh.crt",
+keyfile = "/etc/bffh/certs/bffh.key",
+mqtt_url = "mqtt://127.0.0.1:1883",
+db_path = "/var/lib/bffh/bffh.db",
+auditlog_path = "/var/log/bffh/audit.json",
+roles = {=},
+machines = {=},
+actors = {=},
+actor_connections = [] : List { machine : Text, initiator : Text },
+initiators = {=},
+init_connections = [] : List { machine : Text, initiator : Text }
+}
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/bffh.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/bffh.dhall
@ -0,0 +1,110 @@
+{ listens = [ { address = "::", port = 59661 } ]
+, certfile = "/etc/letsencrypt/cert.pem"
+, keyfile = "/etc/letsencrypt/key.pem"
+, mqtt_url = "tcp://mqtt:1883"
+, db_path = "/var/lib/bffh/db"
+, auditlog_path = "/tmp/bffh.audit"
+, roles =
+  { Admin.permissions =
+    [ "TestEnv.Admin"
+    , "TestEnv.Manage"
+    , "TestEnv.Write"
+    , "TestEnv.Read"
+    , "TestEnv.Disclose"
+    ]
+  , ManageUsers.permissions =
+    [ "bffh.users.info", "bffh.users.manage", "bffh.users.admin" ]
+  , Manage.permissions = [ "TestEnv.Manage" ]
+  , Use.permissions = [ "TestEnv.Write" ]
+  , Read.permissions = [ "TestEnv.Read" ]
+  , Disclose.permissions = [ "TestEnv.Disclose" ]
+  }
+, machines =
+  { MachineB1 =
+    { name = "Schließfach"
+    , description = "Schließfach ohne elektrische Steuerung"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryB"
+    , disclose = "TestEnv.Disclose"
+    , read = "TestEnv.Read"
+    , write = "TestEnv.Write"
+    , manage = "TestEnv.Manage"
+    }
+  , MachineB2 =
+    { name = "Fabulaser"
+    , description = "Fabulaser - compact, yet powerful"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryB"
+    , disclose = "TestEnv.Disclose"
+    , read = "TestEnv.Read"
+    , write = "TestEnv.Write"
+    , manage = "TestEnv.Manage"
+    }
+  , MachineA1 =
+    { name = "Machine Oben"
+    , description = "Maschine mit QR-Code zum scannen"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose"
+    , read = "TestEnv.Read"
+    , write = "TestEnv.Write"
+    , manage = "TestEnv.Manage"
+    }
+  , MachineA2 =
+    { name = "Machine Mitte"
+    , description = "Maschine mit NFC Reader für DESFire Karten"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose"
+    , read = "TestEnv.Read"
+    , write = "TestEnv.Write"
+    , manage = "TestEnv.Manage"
+    }
+  , MachineA3 =
+    { name = "Machine Unten"
+    , description = "Maschine für weitere Dinge"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose"
+    , read = "TestEnv.Read"
+    , write = "TestEnv.Write"
+    , manage = "TestEnv.Manage"
+    }
+  , MachineA4 =
+    { name = "Machine Drehstrom"
+    , description = "Maschine mit Drehstromanschluss"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose"
+    , read = "TestEnv.Read"
+    , write = "TestEnv.Write"
+    , manage = "TestEnv.Manage"
+    }
+  , MachineA5 =
+    { name = "Machine Drehstrom Anlaufschutz"
+    , description = "Maschine mit Drehstromanschluss und Wiederanlaufschutz"
+    , wiki = "https://fab-access.readthedocs.io"
+    , category = "CategoryA"
+    , disclose = "TestEnv.Disclose"
+    , read = "TestEnv.Read"
+    , write = "TestEnv.Write"
+    , manage = "TestEnv.Manage"
+    }
+  }
+, actors =
+  { shellyplug-s-6E6ED9 = { module = "Shelly", params = {=} }
+  , shellyplug-s-C18903 = { module = "Shelly", params = {=} }
+  , shellyplug-s-B4C8B9 = { module = "Shelly", params = {=} }
+  , shelly1-DDDDDDDDDDDD = { module = "Shelly", params = {=} }
+  , shelly1-EEEEEEEEEEEE = { module = "Shelly", params = {=} }
+  }
+, actor_connections =
+  [ { machine = "MachineA1", actor = "shellyplug-s-6E6ED9" }
+  , { machine = "MachineA2", actor = "shellyplug-s-C18903" }
+  , { machine = "MachineA3", actor = "shellyplug-s-B4C8B9" }
+  , { machine = "MachineA4", actor = "shelly1-DDDDDDDDDDDD" }
+  , { machine = "MachineA5", actor = "shelly1-DDDDDDDDDDDD" }
+  ]
+, initiators = {=}
+, init_connections = [] : List { machine : Text, initiator : Text }
+}
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/users.toml
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/users.toml
@ -0,0 +1,23 @@
+[Admin]
+roles = ["Admin", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[Manager]
+roles = ["Manage", "Use", "Read", "Disclose", "ManageUsers"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[Maker]
+roles = ["Use", "Read", "Disclose"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "d126df5f1e315597b7f79983f8904323"
+
+[Guest]
+roles = ["Read", "Disclose"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/bffh.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/bffh.dhall
@ -0,0 +1,387 @@
+{ listens = [ { address = "::", port = 59661 } ]
+, certfile = "tfom23-demo/certs/self-signed-cert.pem"
+, keyfile = "tfom23-demo/certs/self-signed-key.pem"
+, mqtt_url = "mqtt://localhost:1883"
+, db_path = "/var/lib/bffh/db"
+, auditlog_path = "/tmp/bffh.audit"
+, verbosity = 3
+, spacename = "TFOM23-Demo"
+, instanceurl = "tfom23-demo.fab-access.org"
+, roles =
+  { Default.permissions = [ "tfom23.disclose", "tfom23.read" ]
+  , Admin.permissions =
+    [ "tfom23.*", "bffh.users.info", "bffh.users.manage", "bffh.users.admin" ]
+  , Manage.permissions = [ "tfom23.manage" ]
+  , EuroBox.permissions = [ "tfom23.eurobox.write" ]
+  , LBoxx.permissions = [ "tfom23.lboxx.write" ]
+  , Locker.permissions = [ "tfom23.locker.write" ]
+  , Lasercutter.permissions = [ "tfom23.lasercutter.write" ]
+  , Printer.permissions = [ "tfom23.printer.write" ]
+  , Prusa.permissions = [ "tfom23.prusa.write" ]
+  , CNC.permissions = [ "tfom23.cnc.write" ]
+  }
+, machines =
+  { LBoxx_0 =
+    { name = "Filament"
+    , description = "LBoxx with 1,75mm PLA"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.lboxx.write"
+    , manage = "tfom23.manage"
+    , category = "LBoxx"
+    , prodable = True
+    }
+  , LBoxx_1 =
+    { name = "FabLock Tools"
+    , description = "LBoxx with Tools of the FabLock Project"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.lboxx.write"
+    , manage = "tfom23.manage"
+    , category = "LBoxx"
+    , prodable = True
+    }
+  , LBoxx_2 =
+    { name = "FabReader Tools"
+    , description = "LBoxx with Tools of the FabReader Project"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.lboxx.write"
+    , manage = "tfom23.manage"
+    , category = "LBoxx"
+    , prodable = True
+    }
+  , LBoxx_3 =
+    { name = "Sticker"
+    , description = "LBoxx with FabAccess Sticker and NTAGs"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.lboxx.write"
+    , manage = "tfom23.manage"
+    , category = "LBoxx"
+    , prodable = True
+    }
+  , LBoxx_4 =
+    { name = "Demo Parts"
+    , description = "LBoxx with Parts for the TFOM23 Demo"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.lboxx.write"
+    , manage = "tfom23.manage"
+    , category = "LBoxx"
+    , prodable = True
+    }
+  , EuroBox_0 =
+    { name = "Haribo"
+    , description = "EuroBox with Haribo"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.eurobox.write"
+    , manage = "tfom23.manage"
+    , category = "EuroBox"
+    , prodable = True
+    }
+  , EuroBox_1 =
+    { name = "Goldschatz"
+    , description = "EuroBox with Rittersport Goldschatz"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.eurobox.write"
+    , manage = "tfom23.manage"
+    , category = "EuroBox"
+    , prodable = True
+    }
+  , Drawer_0 =
+    { name = "Drawer 0 ???"
+    , description = "Kallax Drawer"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.locker.write"
+    , manage = "tfom23.manage"
+    , category = "Locker"
+    , prodable = True
+    }
+  , Drawer_1 =
+    { name = "Drawer 1 ???"
+    , description = "Kallax Drawer"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.locker.write"
+    , manage = "tfom23.manage"
+    , category = "Locker"
+    , prodable = True
+    }
+  , Drawer_2 =
+    { name = "Drawer 2 ???"
+    , description = "Kallax Drawer"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.locker.write"
+    , manage = "tfom23.manage"
+    , category = "Locker"
+    , prodable = True
+    }
+  , Drawer_3 =
+    { name = "Drawer 3 ???"
+    , description = "Kallax Drawer"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.locker.write"
+    , manage = "tfom23.manage"
+    , category = "Locker"
+    , prodable = True
+    }
+  , Door_0 =
+    { name = "3D-Printer Accesories"
+    , description = "Kallax Door"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.locker.write"
+    , manage = "tfom23.manage"
+    , category = "Locker"
+    , prodable = True
+    }
+  , Printer_0 =
+    { name = "Prusa MK3"
+    , description = "FabAccess Prusa MK3"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.prusa.write"
+    , manage = "tfom23.manage"
+    , category = "Printers"
+    }
+  , Printer_1 =
+    { name = "Other Printer ???"
+    , description = "TFOM23 Printer"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.printer.write"
+    , manage = "tfom23.manage"
+    , category = "Printers"
+    }
+  , Lasercutter_0 =
+    { name = "Other Lasercutter ???"
+    , description = "TFOM23 Lasercutter"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.lasercutter.write"
+    , manage = "tfom23.manage"
+    , category = "Lasercutter"
+    }
+  , CNC_0 =
+    { name = "Some Open Hardware CNC Router"
+    , description = "TFOM23 CNC"
+    , disclose = "tfom23.disclose"
+    , read = "tfom23.read"
+    , write = "tfom23.cnc.write"
+    , manage = "tfom23.manage"
+    , category = "CNC"
+    }
+  }
+, actors =
+  { shellyplug-s-C8C9A3B942DB = { module = "Shelly", params = {=} }
+  , shellyplug-s-C8C9A3B943D7 = { module = "Shelly", params = {=} }
+  , shellyplug-s-C8C9A3B8DB67 = { module = "Shelly", params = {=} }
+  , shellyplug-s-3CE90ED72CEF = { module = "Shelly", params = {=} }
+  , shellyplug-s-3CE90ED72481 = { module = "Shelly", params = {=} }
+  , shellyplug-s-C8C9A3B8E88A = { module = "Shelly", params = {=} }
+  , shellyplug-2C94AA = { module = "Shelly", params = {=} }
+  , shellyplug-C198E8 = { module = "Shelly", params = {=} }
+  , fablock_locker_0 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00000"
+      }
+    }
+  , fablock_locker_1 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00001"
+      }
+    }
+  , fablock_locker_2 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00002"
+      }
+    }
+  , fablock_locker_3 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00003"
+      }
+    }
+  , fablock_locker_4 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00004"
+      }
+    }
+  , fablock_locker_5 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00005"
+      }
+    }
+  , fablock_locker_6 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00006"
+      }
+    }
+  , fablock_lboxx_0 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00000"
+      }
+    }
+  , fablock_lboxx_1 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00001"
+      }
+    }
+  , fablock_lboxx_2 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00002"
+      }
+    }
+  , fablock_lboxx_3 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00003"
+      }
+    }
+  , fablock_lboxx_4 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00004"
+      }
+    }
+  , fabreader_0 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00000"
+      }
+    }
+  , fabreader_1 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00001"
+      }
+    }
+  , fabreader_2 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00002"
+      }
+    }
+  , fabreader_3 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00003"
+      }
+    }
+  , fabreader_4 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00004"
+      }
+    }
+  , fabpel_0 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fabpel/main.py --host localhost --fabpel 00000"
+      }
+    }
+  , fabpel_1 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fabpel/main.py --host localhost --fabpel 00001"
+      }
+    }
+  , fabpel_2 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fabpel/main.py --host localhost --fabpel 00002"
+      }
+    }
+  , fabpel_3 =
+    { module = "Process"
+    , params =
+      { cmd = "python"
+      , args =
+          "tfom23-demo/actors/fabpel/main.py --host localhost --fabpel 00003"
+      }
+    }
+  }
+, actor_connections =
+  [ { machine = "LBoxx_0", actor = "fablock_lboxx_0" }
+  , { machine = "LBoxx_1", actor = "fablock_lboxx_1" }
+  , { machine = "LBoxx_2", actor = "fablock_lboxx_2" }
+  , { machine = "LBoxx_3", actor = "fablock_lboxx_3" }
+  , { machine = "LBoxx_4", actor = "fablock_lboxx_4" }
+  , { machine = "EuroBox_0", actor = "fablock_locker_0" }
+  , { machine = "EuroBox_1", actor = "fablock_locker_1" }
+  , { machine = "Drawer_0", actor = "fablock_locker_2" }
+  , { machine = "Drawer_1", actor = "fablock_locker_3" }
+  , { machine = "Drawer_2", actor = "fablock_locker_4" }
+  , { machine = "Drawer_3", actor = "fablock_locker_5" }
+  , { machine = "Door_0", actor = "fablock_locker_6" }
+  , { machine = "Printer_0", actor = "shellyplug-s-C8C9A3B942DB" }
+  , { machine = "Printer_1", actor = "shellyplug-s-3CE90ED72481" }
+  , { machine = "Lasercutter_0", actor = "shellyplug-s-C8C9A3B943D7" }
+  , { machine = "CNC_0", actor = "shellyplug-s-C8C9A3B8E88A" }
+  , { machine = "Printer_0", actor = "fabreader_1" }
+  , { machine = "Printer_1", actor = "fabreader_2" }
+  , { machine = "Lasercutter_0", actor = "fabreader_3" }
+  , { machine = "CNC_0", actor = "fabreader_4" }
+  , { machine = "Printer_0", actor = "fabpel_0" }
+  , { machine = "Printer_1", actor = "fabpel_1" }
+  , { machine = "Lasercutter_0", actor = "fabpel_2" }
+  , { machine = "CNC_0", actor = "fabpel_3" }
+  ]
+, initiators = {=}
+, init_connections = [] : List { machine : Text, initiator : Text }
+}
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/users.toml
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/users.toml
@ -0,0 +1,27 @@
+[Admin]
+roles = ["Admin"]
+passwd = "secret"
+
+[Manager]
+roles = ["Default", "Manage"]
+passwd = "secret"
+
+[Maker]
+roles = ["Default", "EuroBox", "LBoxx", "Locker", "Prusa"]
+passwd = "secret"
+
+[Maker-Lasercutter]
+roles = ["Default", "Lasercutter"]
+passwd = "secret"
+
+[Maker-CNC]
+roles = ["Default", "CNC"]
+passwd = "secret"
+
+[Maker-Printer]
+roles = ["Default", "Printer"]
+passwd = "secret"
+
+[Bot]
+roles = ["Default"]
+passwd = "secret"
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actorconnections.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actorconnections.dhall
@ -0,0 +1,12 @@
+[
+	{ machine = "zam-raum1-ecke1-lamp", actor = "tasmota_1" },
+	{ machine = "zam-raum1-ecke2-arrow", actor = "tasmota_2" },
+	{ machine = "zam-raum1-ecke3-fan", actor = "tasmota_3" },
+	{ machine = "zam-raum1-ecke4-mesh", actor = "tasmota_4" },
+	{ machine = "zam-raum1-ecke5-random1", actor = "tasmota_5" },
+	{ machine = "zam-raum1-ecke6-random2", actor = "tasmota_6" },
+	{ machine = "zam-raum1-ecke7-random3", actor = "tasmota_7" },
+	{ machine = "zam-raum1-ecke8-macgyver", actor = "mp3play_8" },
+	{ machine = "zam-raum1-ecke9-shutdown", actor = "shutdown_9" },
+	{ machine = "zam-raum1-ecke10-restartbffh", actor = "restart-bffh_10" }
+]
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actors.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actors.dhall
@ -0,0 +1,102 @@
+{
+	tasmota_1 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3",
+			args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 1"
+		}
+	},
+ 
+	tasmota_2 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3",
+			args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 2"
+		}
+	},
+ 
+	tasmota_3 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3",
+			args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 3"
+		}
+	},
+ 
+	tasmota_4 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3",
+			args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 4"
+		}
+	},
+ 
+	tasmota_5 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3",
+			args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 5"
+		}
+	},
+ 
+	tasmota_6 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3",
+			args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 6"
+		}
+	},
+ 
+	tasmota_7 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3",
+			args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 7"
+		}
+	},
+ 
+	mp3play_8 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/opt/fabinfra/adapters/mp3play/env/bin/python3",
+			args = "/opt/fabinfra/adapters/mp3play/main.py"
+		}
+	},
+ 
+	shutdown_9 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/usr/bin/python3",
+			args = "/opt/fabinfra/adapters/shutdown/main.py"
+		}
+	},
+ 
+	restart-bffh_10 =
+	{
+		module = "Process",
+		params =
+		{
+			cmd = "/usr/bin/python3",
+			args = "/opt/fabinfra/adapters/restart-bffh/main.py"
+		}
+	}
+ 
+}
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/bffh.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/bffh.dhall
@ -0,0 +1,33 @@
+let VARS = {
+	BFFH_CFG_PATH = "/etc/bffh/",
+	BFFH_DB_PATH = "/var/lib/bffh/",
+	MQTT_USER = "fabinfra101",
+	MQTT_PASSWD = "fablocal"
+	}
+in 
+{
+    listens = [
+        { address = "0.0.0.0", port = 59661 }
+    ],
+    certfile = VARS.BFFH_CFG_PATH ++ "certs/bffh.crt",
+    keyfile = VARS.BFFH_CFG_PATH ++ "certs/bffh.key",
+    mqtt_url = "mqtt://" ++ VARS.MQTT_USER ++ ":" ++ VARS.MQTT_PASSWD ++ "@0.0.0.0:1883",
+	--ciphers = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+	--tls_min_version = "tls13",
+    db_path = VARS.BFFH_DB_PATH ++ "bffh.db",
+    auditlog_path = "/var/log/bffh/audit.json",
+
+	--- ||| GENERATOR START
+	--- ||| GENERATOR END
+
+	roles = ./roles.dhall,
+	machines = ./machines.dhall,
+	actors = ./actors.dhall,
+	actor_connections = ./actorconnections.dhall,
+
+    initiators = {=},
+    init_connections = [] : List { machine : Text, initiator : Text },
+    
+	instanceurl = "https://docs.fab-access.org",
+    spacename = "FabAccess Demo Setup"
+}
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/machines.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/machines.dhall
@ -0,0 +1,122 @@
+{
+	zam-raum1-ecke1-lamp =
+	{
+		name = "1 Lampe",
+		description = "Eine einfache Funzel. Kann weiter nix 💡",
+		wiki = "",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke1.disclose.lamp",
+		read = "zam.raum1.ecke1.read.lamp",
+		write = "zam.raum1.ecke1.write.lamp",
+		manage = "zam.raum1.ecke1.manage.lamp"
+	},
+ 
+	zam-raum1-ecke2-arrow =
+	{
+		name = "2 LED Pfeil",
+		description = "Noch ein Leuchteteil. In Arrow-Shape",
+		wiki = "",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke2.disclose.arrow",
+		read = "zam.raum1.ecke2.read.arrow",
+		write = "zam.raum1.ecke2.write.arrow",
+		manage = "zam.raum1.ecke2.manage.arrow"
+	},
+ 
+	zam-raum1-ecke3-fan =
+	{
+		name = "3 Der laute Lüfter",
+		description = "Ein sinnfreier Aktor, der sich bemerkbar macht",
+		wiki = "",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke3.disclose.fan",
+		read = "zam.raum1.ecke3.read.fan",
+		write = "zam.raum1.ecke3.write.fan",
+		manage = "zam.raum1.ecke3.manage.fan"
+	},
+ 
+	zam-raum1-ecke4-mesh =
+	{
+		name = "4 LED Lauflicht",
+		description = "Blinky Shit yeah!",
+		wiki = "",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke4.disclose.mesh",
+		read = "zam.raum1.ecke4.read.mesh",
+		write = "zam.raum1.ecke4.write.mesh",
+		manage = "zam.raum1.ecke4.manage.mesh"
+	},
+ 
+	zam-raum1-ecke5-random1 =
+	{
+		name = "5 Random Dingens #1",
+		description = "Utilize it as you like",
+		wiki = "",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke5.disclose.random1",
+		read = "zam.raum1.ecke5.read.random1",
+		write = "zam.raum1.ecke5.write.random1",
+		manage = "zam.raum1.ecke5.manage.random1"
+	},
+ 
+	zam-raum1-ecke6-random2 =
+	{
+		name = "6 Random Dingens #2",
+		description = "Utilize it as you like",
+		wiki = "",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke6.disclose.random2",
+		read = "zam.raum1.ecke6.read.random2",
+		write = "zam.raum1.ecke6.write.random2",
+		manage = "zam.raum1.ecke6.manage.random2"
+	},
+ 
+	zam-raum1-ecke7-random3 =
+	{
+		name = "7 Random Dingens #3",
+		description = "Utilize it as you like",
+		wiki = "",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke7.disclose.random3",
+		read = "zam.raum1.ecke7.read.random3",
+		write = "zam.raum1.ecke7.write.random3",
+		manage = "zam.raum1.ecke7.manage.random3"
+	},
+ 
+	zam-raum1-ecke8-macgyver =
+	{
+		name = "8 Mac Gyver",
+		description = "Vorsitzender des Repair Cafe Dachverbands",
+		wiki = "https://de.wikipedia.org/wiki/MacGyver",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke8.disclose.macgyver",
+		read = "zam.raum1.ecke8.read.macgyver",
+		write = "zam.raum1.ecke8.write.macgyver",
+		manage = "zam.raum1.ecke8.manage.macgyver"
+	},
+ 
+	zam-raum1-ecke9-shutdown =
+	{
+		name = "9 Shutdown",
+		description = "Poweroff Raspberry Pi",
+		wiki = "",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke9.disclose.shutdown",
+		read = "zam.raum1.ecke9.read.shutdown",
+		write = "zam.raum1.ecke9.write.shutdown",
+		manage = "zam.raum1.ecke9.manage.shutdown"
+	},
+ 
+	zam-raum1-ecke10-restartbffh =
+	{
+		name = "10 Restart BFFH",
+		description = "Restarts bffh.service",
+		wiki = "",
+		category = "Central Stairs",
+		disclose = "zam.raum1.ecke10.disclose.restartbffh",
+		read = "zam.raum1.ecke10.read.restartbffh",
+		write = "zam.raum1.ecke10.write.restartbffh",
+		manage = "zam.raum1.ecke10.manage.restartbffh"
+	}
+ 
+}
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/roles.dhall
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/roles.dhall
@ -0,0 +1,109 @@
+{
+	Admin =
+	{
+		permissions =  [
+				"bffh.users.manage",
+				"bffh.users.info",
+				"bffh.users.admin",
+				"zam.*"
+		]
+	},
+ 
+	zam_raum1_manager =
+	{
+		permissions =  [
+				"zam.raum1.*"
+		]
+	},
+ 
+	zam_raum1_ecke1_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke1.disclose.*",
+				"zam.raum1.ecke1.read.*",
+				"zam.raum1.ecke1.write.*"
+		]
+	},
+ 
+	zam_raum1_ecke2_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke2.disclose.*",
+				"zam.raum1.ecke2.read.*",
+				"zam.raum1.ecke2.write.*"
+		]
+	},
+ 
+	zam_raum1_ecke3_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke3.disclose.*",
+				"zam.raum1.ecke3.read.*",
+				"zam.raum1.ecke3.write.*"
+		]
+	},
+ 
+	zam_raum1_ecke4_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke4.disclose.*",
+				"zam.raum1.ecke4.read.*",
+				"zam.raum1.ecke4.write.*"
+		]
+	},
+ 
+	zam_raum1_ecke5_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke5.disclose.*",
+				"zam.raum1.ecke5.read.*",
+				"zam.raum1.ecke5.write.*"
+		]
+	},
+ 
+	zam_raum1_ecke6_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke6.disclose.*",
+				"zam.raum1.ecke6.read.*",
+				"zam.raum1.ecke6.write.*"
+		]
+	},
+ 
+	zam_raum1_ecke7_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke7.disclose.*",
+				"zam.raum1.ecke7.read.*",
+				"zam.raum1.ecke7.write.*"
+		]
+	},
+ 
+	zam_raum1_ecke8_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke8.disclose.*",
+				"zam.raum1.ecke8.read.*",
+				"zam.raum1.ecke8.write.*"
+		]
+	},
+ 
+	zam_raum1_ecke9_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke9.disclose.*",
+				"zam.raum1.ecke9.read.*",
+				"zam.raum1.ecke9.write.*"
+		]
+	},
+ 
+	zam_raum1_ecke10_user =
+	{
+		permissions =  [
+				"zam.raum1.ecke10.disclose.*",
+				"zam.raum1.ecke10.read.*",
+				"zam.raum1.ecke10.write.*"
+		]
+	}
+ 
+}
--- a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/users.toml
+++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/users.toml
@ -0,0 +1,11 @@
+["Raum 1 Manager"]
+roles = ["zam_raum1_manager"]
+passwd = "$argon2i$v=19$m=4096,t=3,p=1$aE7DYpmOPy+ZAB305S26iQ$G+cx4wEQzaVsB4Vq05+mvvxBgqXlYnejbzpLcK24SPg"
+
+[Admin]
+roles = ["zam_raum1_ecke1_user", "zam_raum1_ecke2_user", "zam_raum1_ecke3_user", "zam_raum1_ecke4_user", "zam_raum1_ecke5_user", "zam_raum1_ecke6_user", "zam_raum1_ecke7_user", "zam_raum1_ecke8_user", "zam_raum1_ecke9_user", "_manager_schichtleitung", "Admin", "zam_raum1_manager"]
+passwd = "$argon2i$v=19$m=4096,t=3,p=1$Ykyx7xGXwWKPMP7Q5FysBA$lbMnVRwZZheYt5u2kEZYuwkWW8DwaHF/JNgqH791WdQ"
+
+[Werkstattleiter]
+roles = ["_manager_schichtleitung"] #test
+passwd = "$argon2i$v=19$m=4096,t=3,p=1$nqY/EsDGzlwLzRgtZQUBzA$a55mDPB20CxYixvafyYGRIZH/EsPBguzhTBm7O3D3QA"
--- a/debian/fabaccess-bffh-src/etc/logrotate.d/bffhd
+++ b/debian/fabaccess-bffh-src/etc/logrotate.d/bffhd
@ -0,0 +1,9 @@
+/var/log/bffh/audit.json 
+{
+	rotate 10
+	size 1M
+	copytruncate
+	missingok
+	notifempty
+	compress
+}
--- a/debian/fabaccess-bffh-src/etc/sudoers.d/bffh
+++ b/debian/fabaccess-bffh-src/etc/sudoers.d/bffh
@ -0,0 +1,3 @@
+bffh ALL=NOPASSWD: /usr/bin/systemctl start bffh.service
+bffh ALL=NOPASSWD: /usr/bin/systemctl stop bffh.service
+bffh ALL=NOPASSWD: /usr/bin/systemctl restart bffh.service
--- a/debian/fabaccess-bffh-src/etc/systemd/system/bffh.service
+++ b/debian/fabaccess-bffh-src/etc/systemd/system/bffh.service
@ -0,0 +1,18 @@
+[Unit]
+Description=FabAccess BFFH Service
+After=network.target
+  
+[Service]
+Type=simple
+User=bffh
+Group=bffh
+ExecStartPre=/usr/bin/bffhd --check --config /etc/bffh/bffh.dhall
+Environment="BFFH_LOG=warn"
+ExecStart=/usr/bin/bffhd --verbose --config /etc/bffh/bffh.dhall --log-format Pretty
+Restart=on-failure
+RestartSec=30
+LogsDirectoryMode=750
+LogsDirectory=bffh
+
+[Install]
+WantedBy=multi-user.target
--- a/debian/fabaccess-bffh-src/manpages/bffhd.1
+++ b/debian/fabaccess-bffh-src/manpages/bffhd.1
@ -0,0 +1,13 @@
+.\" Manpage for bffhd.
+.\" Contact info@fab-access.org to correct errors or typos.
+.TH man 1 "18 Feb 2025" "1.0" "bffhd man page"
+.SH NAME
+bffhd
+.SH SYNOPSIS
+Runs the FabAccess Diflouroborane (BFFH) server application 
+.SH DESCRIPTION
+This is not a usual man page. It's just for linking to our online documentation, available at \:\%\fIhttps://fab-access.org/configure\fR
+.SH BUGS
+We might have some! Please report them to \:\%\fIhttps://gitlab.com/fabinfra/fabaccess/bffh/-/issues\fR
+.SH AUTHOR
+Mario Voigt (mario.voigt@stadtfabrikanten.org)
--- a/debian/fabaccess-bffh-src/manpages/bffhd.1.gz
+++ b/debian/fabaccess-bffh-src/manpages/bffhd.1.gz
--- a/debian/install-requirements.sh
+++ b/debian/install-requirements.sh
@ -0,0 +1,31 @@
+#!/bin/bash
+
+# This script installs podman and qemu-user-static, which is required for the following Dockerfile to work.
+# It omits the error "exec container process `/bin/sh`: Exec format error"
+# The Dockerfile inside THIS directory is used to create two different arches for cross-building of the *.deb and *.rpm files
+# Please note: we need to install these images as root user!
+
+sudo apt install podman qemu-user-static
+sudo systemctl daemon-reload
+
+pack="fabinfra/debianpackage"
+
+arch="arm64/v8"
+echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"
+echo -e "creating local podman container registry $pack. This may take a while ..."
+echo -e "+++++++++++++++++++++++++++++++++++++++++++\n"
+sudo time podman build --platform=linux/${arch} -f Dockerfile -t ${pack}_${arch} #this should get ubuntu:noble
+
+arch="arm/v7"
+echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"
+echo -e "creating local podman container registry $pack. This may take a while ..."
+echo -e "+++++++++++++++++++++++++++++++++++++++++++\n"
+sudo time podman build --platform=linux/${arch} -f Dockerfile -t ${pack}_${arch} #this should get alpine:latest
+
+echo -e "\n+++++++++++++++++++++++++++++++++++++++++++"
+echo "listing installed images ..."
+echo -e "+++++++++++++++++++++++++++++++++++++++++++\n"
+sudo podman images | grep localhost/fabinfra/
+
+# note: unrequired images can be removed again by:
+# sudo su && podman image rm localhost/fabinfra/<name>
--- a/debian/public.pgp
+++ b/debian/public.pgp
@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZ8121hYJKwYBBAHaRw8BAQdAXF2hdKcMQB9ntjvZNZz/cQrF+1lsPCVW0bZK
+SpQRUoS0HkZhYkluZnJhIDxpbmZvQGZhYi1hY2Nlc3Mub3JnPoiTBBMWCgA7FiEE
+15O16KdUKF+fd20ixFBbIGJTLW4FAmfNdtYCGwMFCwkIBwICIgIGFQoJCAsCBBYC
+AwECHgcCF4AACgkQxFBbIGJTLW4zZgEAqBLa6NXIQip5YHwOiJpj7zUu+3nMrO3Q
+z4xy0rVN0zIA/3qjm4LWmw9dECD9XBpNswdEjVIIPKDLenvNVlSzbSQGuDgEZ812
+1hIKKwYBBAGXVQEFAQEHQFAS++Ab1AC9NyP6GmfT0LGAN41kD8qRP3kOwVuFmoA8
+AwEIB4h4BBgWCgAgFiEE15O16KdUKF+fd20ixFBbIGJTLW4FAmfNdtYCGwwACgkQ
+xFBbIGJTLW59iAEArC83oEC5/HJfJHl1jGJscGspaKzelsBrr+2eWii+SmMA/jXc
+gsN9QY62ZtRHFlvudtR9d7x4jnHgVTFJh29t8zYL
+=S2Zq
+-----END PGP PUBLIC KEY BLOCK-----