diff --git a/.gitignore b/.gitignore index ea8c4bf..cd8dd88 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /target +/debian/fabaccess-bffh-0.* diff --git a/cross-build.sh b/cross-build.sh index 9e26d40..32a64ea 100755 --- a/cross-build.sh +++ b/cross-build.sh @@ -16,14 +16,21 @@ cargo install cross echo -e "\n+++++++++++++++++++++++++++++++++++++++++++" echo -e "gathering some general info ..." echo -e "+++++++++++++++++++++++++++++++++++++++++++\n" -dpkg-architecture | grep DEB_HOST_ARCH_CPU -dpkg-architecture | grep DEB_HOST_MULTIARCH +DEB_HOST_ARCH_CPU=$(dpkg-architecture | grep DEB_HOST_ARCH_CPU) +DEB_HOST_MULTIARCH=$(dpkg-architecture | grep DEB_HOST_MULTIARCH) + +if [[ ! $DEB_HOST_ARCH_CPU -eq "amd64" ]]; then + echo -e "Host architecture is not amd64. Aborting ..." + exit 1 +fi # this generates bffhd and fabfire_provision binary files in target// dir # we compile for amd64 (x86_64) using native "cargo build --release". Other architectures we use podman + cross_rs echo -e "\n+++++++++++++++++++++++++++++++++++++++++++" echo -e "cross-compiling ..." echo -e "+++++++++++++++++++++++++++++++++++++++++++\n" -time cargo build --release -time cross build --target aarch64-unknown-linux-gnu --release +CARGO_TARGET_DIR=target/x86_64-unknown-linux-gnu time cargo build --release +cd fabfire_provision; CARGO_TARGET_DIR=../target/x86_64-unknown-linux-gnu time cargo build --release; cd ../ + +time cross build --target=aarch64-unknown-linux-gnu --release time cross build --target=armv7-unknown-linux-gnueabihf --release diff --git a/debian/Dockerfile b/debian/Dockerfile new file mode 100644 index 0000000..6bc265d --- /dev/null +++ b/debian/Dockerfile @@ -0,0 +1,11 @@ +#see: +# - https://hub.docker.com/_/ubuntu +# - https://github.com/docker-library/official-images#architectures-other-than-amd64 +FROM docker.io/ubuntu:noble +#COPY requirements.txt requirements.txt +RUN apt-get update -y +RUN apt-get upgrade -y +RUN apt install -y devscripts build-essential debhelper alien htop vim libpcsclite-dev +#COPY . . +#VOLUME /app/config +#CMD [ "python3", "main.py"] diff --git a/debian/create-packages.sh b/debian/create-packages.sh new file mode 100755 index 0000000..21595e9 --- /dev/null +++ b/debian/create-packages.sh @@ -0,0 +1,90 @@ +#!/bin/bash + +#the dir containing our debian source data +SRCDIR=$(pwd) + +#target dir where to put build packages +DOWNLOAD=$HOME/bffh-debian/ +mkdir -p ${DOWNLOAD} + +# architecture mapping array linux <-> rust +declare -A ARCHES_LR=( + ["armv7"]=armv7-unknown-linux-gnueabihf + ["aarch64"]=aarch64-unknown-linux-gnu + ["amd64"]=x86_64-unknown-linux-gnu + ) + +#architecture mapping array linux <-> docker ubuntu:noble +# - https://hub.docker.com/_/ubuntu +# - https://github.com/docker-library/official-images#architectures-other-than-amd64 +declare -A ARCHES_LD=( + ["armv7"]=arm/v7 #it's NOT arm32/v7 + ["aarch64"]=arm64/v8 + ["amd64"]=NATIVE #just some pseudo + ) + +echo SRCDIR: $SRCDIR +BFFHV=$(grep "Standards-Version: " fabaccess-bffh-src/debian/control | awk -F ' ' '{print $2}') +echo BFFH target build version: ${BFFHV} + +# https://www.cyberciti.biz/faq/bash-for-loop-array/ +for ARCH_L in "${!ARCHES_LR[@]}"; do + + ARCH_R=${ARCHES_LR[$ARCH_L]} + ARCH_D=${ARCHES_LD[$ARCH_L]} + + echo -e "\n+++++++++++++++++++++++++++++++++++++++++++" + echo -e "ARCH_L (Linux) : $ARCH_L" + echo -e "ARCH_R (Rust) : $ARCH_R" + echo -e "ARCH_D (Docker) : $ARCH_D" + echo -e "+++++++++++++++++++++++++++++++++++++++++++\n" + + # remove existing target dir if exists (from possible previous builds) + if [ -f fabaccess-bffh-${BFFHV}/ ]; then + rm -rf fabaccess-bffh-${BFFHV}/ + fi + + # Create a working dir copy which has the correct name (required by dpkg-buildpackage command) + cp -R fabaccess-bffh-src/ fabaccess-bffh-${BFFHV}/ + + # Replace target architecture in control file + sed "s/Architecture: {{REPLACE_ME}}/Architecture: any/" -i fabaccess-bffh-${BFFHV}/debian/control + + # declare required compiled binaries and check for existence + BIN_BFFHD=${SRCDIR}/bffh/target/${ARCH_R}/release/bffhd + BIN_FABFIRE_PROVISION=${SRCDIR}/bffh/target/${ARCH_R}/release/fabfire_provision + + if [ -f ${BIN_BFFHD} ]; then + cp ${BIN_BFFHD} fabaccess-bffh-${BFFHV}/usr/bin/ + else + echo "Error: ${BIN_BFFHD} does not exist!" + exit 1 + fi + if [ -f ${BIN_FABFIRE_PROVISION} ]; then + cp ${BIN_FABFIRE_PROVISION} fabaccess-bffh-${BFFHV}/usr/bin/ + else + echo "Error: ${BIN_FABFIRE_PROVISION} does not exist!" + exit 1 + fi + + + if [[ "$ARCH_L" == "amd64" ]]; then + echo "native architecture. no podman required" + else + echo "using podman" + #podman ps -a + + # create fresh podman container with ... + # - a name using --name fabinfra_deb_arm64 + # - fitting target architecture using --platform + # - starting detached (-d) to run in background (for attaching later on) + # - start to operate on it with interactive shell --interactive --tty (or short: -it) + # - overwrite existing container if existent by using --replace + # - adding the src directory to pass it into container by -v : + # - some environment vars (ARCH_LINUX, ARCH_RUST, required by the debian packager) + echo podman run --replace -d --tty --interactive -v ${SRCDIR}:/work -e ARCH_LINUX=${ARCH_L} -e ARCH_RUST=${ARCH_R} --name fabinfra_deb_${ARCH_L} --platform linux/${ARCH_D} localhost/fabinfra/debianpackage_${ARCH_D} + + # now attach to that container and start building the packages + echo podman exec -u 0 --tty --interactive fabinfra_deb_${ARCH_L} bash + fi +done diff --git a/debian/fabaccess-bffh-src/debian/changelog b/debian/fabaccess-bffh-src/debian/changelog new file mode 100644 index 0000000..d0ef993 --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/changelog @@ -0,0 +1,74 @@ +fabaccess-bffh (0.4.4) unstable; urgency=low + + * Initial creation of fabaccess-bffh debian package. Beginning with version 0.4.4 + * the debian package is going to be available for amd64, aarch64, armv7 and arm + * this package also contains the binary "fabfire_provision" to operate with DESFire cards with a FabReader (allows writing cards for users) (#119) + * reduce the size of binary to ~ 160 megabytes by updating dependencies (#113) + * Upgrade most crates to recent versions and fix version mismatch in Cargo.toml (#114) + * Remove rust toolchain to use an up to date rust version (like 1.84) (#117) + * Merge features containg FabFireCard login and Prodable (locatable lockers) (#130) + * Update --print-default parameter to print a lot more useful bffh.dhall sample output (#101) and (#131) + * Add log rotation to configuration (#103) + + -- Mario Voigt Fri, 14 Feb 2025 00:05:00 +0100 + +fabaccess-bffh (0.4.3) unstable; urgency=low + + * Adds binary version of FabFire authenitcation protocol + * Adds commands to dump and restore the full database as a TOML text file (--dump-db and --load-db) + * allows compilation with current stable Rust (1.84) + * Attention: The database format still relies on Rust data layout, so when updating the compiler, the database must be transfered as TOML dump. + * Therefore, the rust-toolchain.toml file pinning rustc to version 1.66 is still in place. + * resolves a crash (use after free) when disconnecting a client. + * resolves some compiler warnings + + -- Mario Voigt Wed, 12 Feb 2025 23:00:00 +0100 + +fabaccess-bffh (0.4.2) unstable; urgency=low + + * minor upgrades + + -- Nadja von Reitzenstein Čerpnjak Fri, 13 May 2022 18:32:00 +0100 + +fabaccess-bffh (0.4.1) unstable; urgency=low + + * Initial implementation of the FabAccess 0.3 API, "Spigots of Berlin". + + -- Nadja von Reitzenstein Čerpnjak Tue, 03 May 2022 17:19:00 +0100 + +fabaccess-bffh (0.3.0) unstable; urgency=low + + * A version seen by enough people that the version number needs to be skipped but never a formally released version + + -- Nadja von Reitzenstein Čerpnjak Tue, 03 May 2022 00:19:00 +0100 + +fabaccess-bffh (0.2.3) unstable; urgency=low + + * minor upgrades + + -- Nadja von Reitzenstein Čerpnjak Mon, 07 Feb 2022 17:49:00 +0100 + +fabaccess-bffh (0.2.2) unstable; urgency=low + + * minor upgrades + + -- Nadja von Reitzenstein Čerpnjak Wed, 12 Jan 2022 16:18:00 +0100 + +fabaccess-bffh (0.2.1) unstable; urgency=low + + * minor upgrades + + -- Nadja von Reitzenstein Čerpnjak Sat, 11 Dec 2021 03:40:00 +0100 + +fabaccess-bffh (0.2.0) unstable; urgency=low + + * Dammit, missed by four days. + * First (released) version that actually does something. + * More extensive documentation to follow for 0.2.1ff + + -- Nadja von Reitzenstein Čerpnjak Tue, 23 Feb 2021 11:44:00 +0100 + +fabaccess-bffh (0.1.0) unstable; urgency=low + * First version. Released on an unsuspecting world. + + -- Nadja von Reitzenstein Čerpnjak Wed, 19 Feb 2020 14:57:00 +0100 diff --git a/debian/fabaccess-bffh-src/debian/compat b/debian/fabaccess-bffh-src/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/fabaccess-bffh-src/debian/control b/debian/fabaccess-bffh-src/debian/control new file mode 100644 index 0000000..b7ff6e7 --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/control @@ -0,0 +1,18 @@ +Source: fabaccess-bffh +Section: utils +Priority: optional +Origin: FabInfra +Maintainer: Mario Voigt +Homepage: https://docs.fab-access.org +Bugs: https://gitlab.com/fabinfra/fabaccess/bffh/-/issues +Standards-Version: 0.4.4 + +Package: fabaccess-bffh +Architecture: {{REPLACE_ME}} +Depends: openssl +Suggests: argon2, capnproto, dhall, grafana, loki, mosquitto, mosquitto-clients, promtail, python3, python3-pip, python3-venv +Description: FabAccess Diflouroborane Server (bffh) + - a powerful, central access and machine control system for open workshops, fablabs, makerspaces, hackerspaces, etc. + - supported by the community of FAB:UNIverse and Verbund Offener Werkstätten e.V. + - check out https://fab-access.org/join to get in contact +Tag: implemented-in::rust,interface::daemon,devel::lang:rust,field::electronics,hardware::power,network::server,privacy::no-known-issues,protocol::TODO,role::program,system::server,use::organizing diff --git a/debian/fabaccess-bffh-src/debian/copyright b/debian/fabaccess-bffh-src/debian/copyright new file mode 100644 index 0000000..8f73c8d --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/copyright @@ -0,0 +1,8 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Source: https://gitlab.com/fabinfra/fabaccess/bffh +Upstream-Name: bffh +Upstream-Contact: FabInfra + +Files: * +Copyright: 2019 - 2025, FabInfra +License: GPL-3 diff --git a/debian/fabaccess-bffh-src/debian/fabaccess-bffh.install b/debian/fabaccess-bffh-src/debian/fabaccess-bffh.install new file mode 100644 index 0000000..fc38995 --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/fabaccess-bffh.install @@ -0,0 +1,13 @@ +./etc/bffh/bffh.dhall /etc/bffh/ +./etc/bffh/config_examples/ /etc/bffh/config_examples/ + +./etc/logrotate.d/bffhd /etc/logrotate.d/ + +./etc/systemd/system/bffh.service /etc/systemd/system + +./etc/sudoers.d/bffh /etc/sudoers.d/ + +./usr/bin/bffhd /usr/bin/ +./usr/bin/fabfire_provision /usr/bin/ + +./manpages/bffhd.1.gz /usr/share/man/man1/ diff --git a/debian/fabaccess-bffh-src/debian/postinst b/debian/fabaccess-bffh-src/debian/postinst new file mode 100755 index 0000000..7adad4f --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/postinst @@ -0,0 +1,88 @@ +#!/bin/bash + +# OS check +# apt/deb based +if [ "$(grep -Ei 'debian|buntu|mint' /etc/*release)" ]; then +PACKMAN="apt" +fi +# dnf/rpm based +if [ "$(grep -Ei 'fedora|redhat' /etc/*release)" ]; then +PACKMAN="dnf" +fi + +BFFH_DIR_ETC=/etc/bffh +BFFH_DIR_CERTS=$BFFH_DIR_ETC/certs +BFFH_DIR_DB=/var/lib/bffh/ + +# add a bffh user (with bffh group) +useradd -m -s /bin/bash bffh > /dev/null 2>&1 + +# make dirs +mkdir -p $BFFH_DIR_ETC +mkdir -p $BFFH_DIR_CERTS +mkdir -p $BFFH_DIR_DB + +# create certfile and keyfile +# :: keep in sync with bffh/bffhd/config/dhall.rs +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj "/C=DE/ST=Saxony/L=Chemnitz/O=FabAccess/CN=fabaccess.sample.space" -keyout $BFFH_DIR_CERTS/bffh.key -out $BFFH_DIR_CERTS/bffh.crt > /dev/null 2>&1 +chmod 400 $BFFH_DIR_CERTS/bffh.crt +chmod 400 $BFFH_DIR_CERTS/bffh.key +echo "This certificate is a self-signed one! See https://fab-access.org/configure on how to use or create your own certificate." > /etc/bffh/certs/README.md + +# fix ownership +chown -R bffh:bffh $BFFH_DIR_ETC +chown bffh:bffh $BFFH_DIR_DB + +echo -e '\e[36m ______ _ \e[0m' +echo -e '\e[36m | ____| | | /\ \e[0m' +echo -e '\e[36m | |__ __ _| |__ / \ ___ ___ ___ ___ ___ \e[0m' +echo -e '\e[36m | __/ _` | _ \ / /\ \ / __/ __/ _ \/ __/ __| \e[0m' +echo -e '\e[36m | | | (_| | |_) / ____ \ (_| (_| __/\__ \__ \ \e[0m' +echo -e '\e[36m |_| \__,_|_.__/_/ \_\___\___\___||___/___/ \e[0m' +echo -e "\n" +echo -e " \e[33m🎆\e[0m FabAccess Diflouroborane Server (bffh) was installed/updated. Congratulations!\n" +echo -e " \e[33m⚠️ PLEASE CONSIDER:\e[0m" +echo -e " - if not already changed by you, this is the minimum working localhost listening" +echo -e " setup WITHOUT any users, roles, ressources, actors, actor_connections" +echo -e " - iif not done yet: please update the self-signed TLS certificate to a proper one to go for production" +echo -e " - remember to configure and run a well-defined Mosquitto MQTT server" +echo -e " - please check the CHANGELOG for latest modifications to the server at https://y.fab-access.org/changelog-bffh" +echo -e " - further information about configuration and usage can be found at https://fab-access.org/configure" +echo -e " - the client application to access your server (called 'Borepin') can be found at https://fab-access.org/download\n" + +# check for Mosquitto availability on local system +if command -v dnf 2>&1 >/dev/null; then + dnf list installed mosquitto > /dev/null 2>&1 +fi +if command -v dpkg 2>&1 >/dev/null; then + dpkg -l mosquitto > /dev/null 2>&1 +fi +MOSQUITTO_INSTALLED=$? +if [[ ! $MOSQUITTO_INSTALLED -eq 0 ]]; then + echo -e " Could not find a local Mosquitto MQTT server. Please install it with 'sudo "$PACKMAN" install mosquitto' or configure an external MQTT server in /etc/bffh/bffh.dhall file. Otherwise BFFH will refuse to start!\e[0m" +fi + +# handle service file. We restart bffh only if it waas running before (keep the state) +# https://www.freedesktop.org/software/systemd/man/latest/systemctl.html#Exit%20status +if command -v systemctl >/dev/null; then + systemctl daemon-reload + systemctl enable bffh.service #enable is fine. but do not autostart + systemctl status bffh.service > /dev/null 2>&1 + BFFH_STATUS=$? + if [[ $BFFH_STATUS -eq 0 ]]; then + # if return code 0 service is running. let's restart + echo -e " - systemctl: restarting bffh.service ...\n" + systemctl restart bffh.service + else + echo -e " - systemctl: bffh.service did not run before installation." + echo -e " Please start it manually by 'systemctl start bffh.service && journalctl -f -u bffh.service'\n" + fi +fi + +echo -e " - Last hint: don't forget to import a proper users.toml into the database" +echo -e " (should fit to your main configuration bffh.dhall as well)." +echo -e " You can import an example (let's use 'showcase') users database with" +echo -e " the command '/usr/bin/bffhd --load /etc/bffh/config_examples/showcase/users.toml'" +echo -e " Then you should overwrite /etc/bffh/bffh.dhall with the one from" +echo -e " /etc/bffh/config_examples/showcase/bffh.dhall and restart the bffh.service" +echo -e " If you messed up, you can restore your default settings from /etc/bffh/config_examples/minimum_working/\n" diff --git a/debian/fabaccess-bffh-src/debian/postrm b/debian/fabaccess-bffh-src/debian/postrm new file mode 100755 index 0000000..f359a13 --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/postrm @@ -0,0 +1,25 @@ +#!/bin/bash + +echo -e "Performing BFFH post removal tasks ..." + +uninstall () { + echo -e "Please note that the following data directories/files are kept as they might still contain important data:" + echo -e " - /etc/bffh/" + echo -e " - /var/lib/bffh/" + echo -e " - /var/log/bffh/audit.json\n" + echo -e "Deleting user \"bffh\"" + userdel bffh +} + +# we check for "purge" on debianoid systems, otherwise this is run twice +if [ "$(grep -Ei 'debian|buntu|mint' /etc/*release)" ]; then + if [[ $1 = 'purge' ]]; then + # call uninstall function + uninstall + fi +fi +# on redhat systems we can skip the check for purge +if [ "$(grep -Ei 'fedora|redhat' /etc/*release)" ]; then + # call uninstall function + uninstall +fi diff --git a/debian/fabaccess-bffh-src/debian/prerm b/debian/fabaccess-bffh-src/debian/prerm new file mode 100755 index 0000000..5ca99b8 --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/prerm @@ -0,0 +1,8 @@ +#!/bin/bash + +# handle service file +if command -v systemctl >/dev/null; then + systemctl stop bffh.service + systemctl disable bffh.service + systemctl daemon-reload +fi diff --git a/debian/fabaccess-bffh-src/debian/rules b/debian/fabaccess-bffh-src/debian/rules new file mode 100755 index 0000000..cbe925d --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/rules @@ -0,0 +1,3 @@ +#!/usr/bin/make -f +%: + dh $@ diff --git a/debian/fabaccess-bffh-src/debian/source/format b/debian/fabaccess-bffh-src/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/debian/fabaccess-bffh-src/debian/watch b/debian/fabaccess-bffh-src/debian/watch new file mode 100644 index 0000000..39e8850 --- /dev/null +++ b/debian/fabaccess-bffh-src/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts="searchmode=plain" \ + https://gitlab.com/fabinfra/@PACKAGE@/tags?sort=updated_desc -/archive/v?\d[\d.]+/@PACKAGE@-@ANY_VERSION@@ARCHIVE_EXT@ diff --git a/debian/fabaccess-bffh-src/etc/bffh/bffh.dhall b/debian/fabaccess-bffh-src/etc/bffh/bffh.dhall new file mode 100644 index 0000000..af15757 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/bffh.dhall @@ -0,0 +1,16 @@ +{ +spacename = "fabaccess.sample.space", +instanceurl = "https://fabaccess.sample.space", +listens = [{address = "127.0.0.1"}], +certfile = "/etc/bffh/certs/bffh.crt", +keyfile = "/etc/bffh/certs/bffh.key", +mqtt_url = "mqtt://127.0.0.1:1883", +db_path = "/var/lib/bffh/bffh.db", +auditlog_path = "/var/log/bffh/audit.json", +roles = {=}, +machines = {=}, +actors = {=}, +actor_connections = [] : List { machine : Text, initiator : Text }, +initiators = {=}, +init_connections = [] : List { machine : Text, initiator : Text } +} diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/bffh.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/bffh.dhall new file mode 100644 index 0000000..d19fa70 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/bffh.dhall @@ -0,0 +1,196 @@ +{ listens = [ { address = "::", port = 59661 } ] +, certfile = "/etc/letsencrypt/cert.pem" +, keyfile = "/etc/letsencrypt/key.pem" +, mqtt_url = "tcp://mqtt:1883" +, db_path = "/var/lib/bffh/db" +, auditlog_path = "/tmp/bffh.audit" +, spacename = "FabAccess Local Test" +, instanceurl = "localtest.fab-access.org" +, roles = + { Admin.permissions = + [ "TestEnv.Admin" + , "TestEnv.Manage.A" + , "TestEnv.Manage.B" + , "TestEnv.Manage.C" + , "TestEnv.Write.A" + , "TestEnv.Write.B" + , "TestEnv.Write.C" + , "TestEnv.Read.A" + , "TestEnv.Read.B" + , "TestEnv.Read.C" + , "TestEnv.Disclose.A" + , "TestEnv.Disclose.B" + , "TestEnv.Disclose.C" + ] + , ManageUsers.permissions = + [ "bffh.users.info", "bffh.users.manage", "bffh.users.admin" ] + , ManageA.permissions = [ "TestEnv.Manage.A" ] + , ManageB.permissions = [ "TestEnv.Manage.B" ] + , ManageC.permissions = [ "TestEnv.Manage.C" ] + , UseA.permissions = [ "TestEnv.Write.A" ] + , UseB.permissions = [ "TestEnv.Write.B" ] + , UseC.permissions = [ "TestEnv.Write.C" ] + , ReadA.permissions = [ "TestEnv.Read.A" ] + , ReadB.permissions = [ "TestEnv.Read.B" ] + , ReadC.permissions = [ "TestEnv.Read.C" ] + , DiscloseA.permissions = [ "TestEnv.Disclose.A" ] + , DiscloseB.permissions = [ "TestEnv.Disclose.B" ] + , DiscloseC.permissions = [ "TestEnv.Disclose.C" ] + } +, machines = + { MachineA1 = + { name = "MachineA1" + , description = "Description of MachineA1" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose.A" + , read = "TestEnv.Read.A" + , write = "TestEnv.Write.A" + , manage = "TestEnv.Manage.A" + } + , MachineA2 = + { name = "MachineA2" + , description = "Description of MachineA2" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose.A" + , read = "TestEnv.Read.A" + , write = "TestEnv.Write.A" + , manage = "TestEnv.Manage.A" + } + , MachineA3 = + { name = "MachineA3" + , description = "Description of MachineA3" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose.A" + , read = "TestEnv.Read.A" + , write = "TestEnv.Write.A" + , manage = "TestEnv.Manage.A" + } + , MachineA4 = + { name = "MachineA4" + , description = "Description of MachineA4" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose.A" + , read = "TestEnv.Read.A" + , write = "TestEnv.Write.A" + , manage = "TestEnv.Manage.A" + } + , MachineA5 = + { name = "MachineA5" + , description = "Description of MachineA5" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose.A" + , read = "TestEnv.Read.A" + , write = "TestEnv.Write.A" + , manage = "TestEnv.Manage.A" + } + , MachineB1 = + { name = "MachineB1" + , description = "Description of MachineB1" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryB" + , disclose = "TestEnv.Disclose.B" + , read = "TestEnv.Read.B" + , write = "TestEnv.Write.B" + , manage = "TestEnv.Manage.B" + } + , MachineB2 = + { name = "MachineB2" + , description = "Description of MachineB2" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryB" + , disclose = "TestEnv.Disclose.B" + , read = "TestEnv.Read.B" + , write = "TestEnv.Write.B" + , manage = "TestEnv.Manage.B" + } + , MachineB3 = + { name = "MachineB3" + , description = "Description of MachineB3" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryB" + , disclose = "TestEnv.Disclose.B" + , read = "TestEnv.Read.B" + , write = "TestEnv.Write.B" + , manage = "TestEnv.Manage.B" + } + , MachineB4 = + { name = "MachineB4" + , description = "Description of MachineB4" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryB" + , disclose = "TestEnv.Disclose.B" + , read = "TestEnv.Read.B" + , write = "TestEnv.Write.B" + , manage = "TestEnv.Manage.B" + } + , MachineB5 = + { name = "MachineB5" + , description = "Description of MachineB5" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryB" + , disclose = "TestEnv.Disclose.B" + , read = "TestEnv.Read.B" + , write = "TestEnv.Write.B" + , manage = "TestEnv.Manage.B" + } + , MachineC1 = + { name = "MachineC1" + , description = "Description of MachineC1" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryC" + , disclose = "TestEnv.Disclose.C" + , read = "TestEnv.Read.C" + , write = "TestEnv.Write.C" + , manage = "TestEnv.Manage.C" + } + , MachineC2 = + { name = "MachineC2" + , description = "Description of MachineC2" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryC" + , disclose = "TestEnv.Disclose.C" + , read = "TestEnv.Read.C" + , write = "TestEnv.Write.C" + , manage = "TestEnv.Manage.C" + } + , MachineC3 = + { name = "MachineC3" + , description = "Description of MachineC3" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryC" + , disclose = "TestEnv.Disclose.C" + , read = "TestEnv.Read.C" + , write = "TestEnv.Write.C" + , manage = "TestEnv.Manage.C" + } + , MachineC4 = + { name = "MachineC4" + , description = "Description of MachineC4" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryC" + , disclose = "TestEnv.Disclose.C" + , read = "TestEnv.Read.C" + , write = "TestEnv.Write.C" + , manage = "TestEnv.Manage.C" + } + , MachineC5 = + { name = "MachineC5" + , description = "Description of MachineC5" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryC" + , disclose = "TestEnv.Disclose.C" + , read = "TestEnv.Read.C" + , write = "TestEnv.Write.C" + , manage = "TestEnv.Manage.C" + } + } +, actors = {=} +, actor_connections = [] : List { machine : Text, actor : Text } +, initiators = {=} +, init_connections = [] : List { machine : Text, initiator : Text } +} diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/users.toml b/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/users.toml new file mode 100644 index 0000000..70984bc --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/generic-test-environment/users.toml @@ -0,0 +1,173 @@ +[Admin1] +roles = ["Admin", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[Admin2] +roles = ["Admin", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[ManagerA1] +roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[ManagerA2] +roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[ManagerB1] +roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[ManagerB2] +roles = ["ManageB", "UseB", "ReadB", "DiscloseB", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[ManagerC1] +roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[ManagerC2] +roles = ["ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[ManagerABC1] +roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[ManagerABC2] +roles = ["ManageA", "UseA", "ReadA", "DiscloseA", "ManageB", "UseB", "ReadB", "DiscloseB", "ManageC", "UseC", "ReadC", "DiscloseC", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerA1] +roles = ["UseA", "ReadA", "DiscloseA"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerA2] +roles = ["UseA", "ReadA", "DiscloseA"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerB1] +roles = ["UseB", "ReadB", "DiscloseB"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerB2] +roles = ["UseB", "ReadB", "DiscloseB"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerC1] +roles = ["UseC", "ReadC", "DiscloseC"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerC2] +roles = ["UseC", "ReadC", "DiscloseC"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerABC1] +roles = ["UseA", "ReadA", "DiscloseA", "UseB", "ReadB", "DiscloseB", "UseC", "ReadC", "DiscloseC"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerABC2] +roles = ["UseA", "ReadA", "DiscloseA", "UseB", "ReadB", "DiscloseB", "UseC", "ReadC", "DiscloseC"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[GuestA1] +roles = ["ReadA", "DiscloseA"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[GuestA2] +roles = ["ReadA", "DiscloseA"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[GuestB1] +roles = ["ReadB", "DiscloseB"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[GuestB2] +roles = ["ReadB", "DiscloseB"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[GuestC1] +roles = ["ReadC", "DiscloseC"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[GuestC2] +roles = ["ReadC", "DiscloseC"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[GuestABC1] +roles = ["ReadA", "DiscloseA", "ReadB", "DiscloseB", "ReadC", "DiscloseC"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[GuestABC2] +roles = ["ReadA", "DiscloseA", "ReadB", "DiscloseB", "ReadC", "DiscloseC"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerQRA] +roles = ["UseA", "ReadA"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerQRB] +roles = ["UseB", "ReadB"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[MakerQRC] +roles = ["UseC", "ReadC"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/bffh.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/bffh.dhall new file mode 100644 index 0000000..a968e3a --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/bffh.dhall @@ -0,0 +1,824 @@ + { listens = + [ { address = "127.0.0.1", port = 59661 } + , { address = "::1", port = 59661 } + ] + , certfile = "examples/cert.pem" + , keyfile = "examples/key.pem" + , mqtt_url = "tcp://makerspace-bocholt.redacted:1883" + , db_path = "/root/BFFH/bffh/target/release/bffh" + , auditlog_path = "/root/BFFH/bffh/target/release/bffh.audit" + , roles = + { doorrole.permissions = + [ "doorrole.read" + , "doorrole.write" + , "doorrole.disclose" + , "doorrole.manage" + ] + , basis.permissions = [ "basis.read", "basis.write", "basis.disclose" ] + , hobby = + { parents = [ "basis" ] + , permissions = [ "hobby.read", "hobby.write", "hobby.disclose" ] + } + , profi = + { parents = [ "hobby" ] + , permissions = [ "profi.read", "profi.write", "profi.disclose" ] + } + , laser.permissions = + [ "lab.laser.read" + , "lab.laser.write" + , "lab.laser.disclose" + , "lab.laser.manage" + ] + , Drucker3D.permissions = + [ "lab.3D.read", "lab.3D.write", "lab.3D.disclose", "lab.3D.manage" ] + , Plasma.permissions = + [ "lab.plasma.read" + , "lab.plasma.write" + , "lab.plasma.disclose" + , "lab.plasma.manage" + ] + , PlattenSaege.permissions = + [ "lab.plattensaege.read" + , "lab.plattensaege.write" + , "lab.plattensaege.disclose" + , "lab.plattensaege.manage" + ] + , FormatSaege.permissions = + [ "lab.formatsaege.read" + , "lab.formatsaege.write" + , "lab.formatsaege.disclose" + , "lab.formatsaege.manage" + ] + , DrehFraes.permissions = + [ "lab.drehfraes.read" + , "lab.drehfraes.write" + , "lab.drehfraes.disclose" + , "lab.drehfraes.manage" + ] + , StickMaschine.permissions = + [ "lab.stickmasch.read" + , "lab.stickmasch.write" + , "lab.stickmasch.disclose" + , "lab.stickmasch.manage" + ] + , Staenderbohrmaschine.permissions = + [ "lab.staenderbohrmasch.read" + , "lab.staenderbohrmasch.write" + , "lab.staenderbohrmasch.disclose" + , "lab.staenderbohrmasch.manage" + ] + , Kantenschleifer.permissions = + [ "lab.kantenschleifer.read" + , "lab.kantenschleifer.write" + , "lab.kantenschleifer.disclose" + , "lab.kantenschleifer.manage" + ] + , BandsaegeHolz.permissions = + [ "lab.bandsaege.read" + , "lab.bandsaege.write" + , "lab.bandsaege.disclose" + , "lab.bandsaege.manage" + ] + , Drechselbank.permissions = + [ "lab.drechseln.read" + , "lab.drechseln.write" + , "lab.drechseln.disclose" + , "lab.drechseln.manage" + ] + , Hobelmaschine.permissions = + [ "lab.hobelmasch.read" + , "lab.hobelmasch.write" + , "lab.hobelmasch.disclose" + , "lab.hobelmasch.manage" + ] + , CNCmittel.permissions = + [ "lab.cncmittel.read" + , "lab.cncmittel.write" + , "lab.cncmittel.disclose" + , "lab.cncmittel.manage" + ] + , CNCgross.permissions = + [ "lab.cncgross.read" + , "lab.cncgross.write" + , "lab.cncgross.disclose" + , "lab.cncgross.manage" + ] + , Brennofen.permissions = + [ "lab.brennofen.read" + , "lab.brennofen.write" + , "lab.brennofen.disclose" + , "lab.brenofen.manage" + ] + , crew = + { parents = [ "profi" ] + , permissions = + [ "crew.read", "crew.write", "crew.disclose", "crew.admin", "lab.*" ] + } + , admin = + { parents = [ "crew" ] + , permissions = + [ "admin.read" + , "admin.write" + , "admin.disclose" + , "admin.admin" + , "bffh.users.manage" + , "bffh.users.admin" + , "bffh.users.info" + ] + } + } + , machines = + { Shelly-Blau = + { description = "A test machine" + , disclose = "basis.disclose" + , category = "test" + , manage = "basis.read" + , name = "Shelly Blau" + , read = "basis.read" + , write = "basis.write" + } + , JorisHilft = + { description = "Projektsupport" + , disclose = "basis.disclose" + , category = "Support" + , manage = "basis.read" + , name = "Joris hilft" + , read = "basis.read" + , write = "basis.write" + } + , TanjaHilft = + { description = "Projektsupport" + , disclose = "basis.disclose" + , category = "Support" + , manage = "basis.read" + , name = "Tanja hilft" + , read = "basis.read" + , write = "basis.write" + } + , Shelly-Rot = + { description = "A test machine" + , disclose = "crew.disclose" + , category = "test" + , manage = "admin.admin" + , name = "Shelly Rot" + , read = "crew.read" + , write = "crew.write" + } + , Willkommen = + { category = "Management" + , disclose = "admin.disclose" + , manage = "doorrole.manage" + , name = "AUF schliessen" + , read = "doorrole.read" + , write = "doorrole.write" + } + , ResetTuer = + { description = "Setzt Tuersteuerung zurueck" + , category = "Management" + , disclose = "doorrole.disclose" + , manage = "doorrole.manage" + , name = "Reset Tuer" + , read = "doorrole.read" + , write = "doorrole.write" + } + , AufWiedersehen = + { category = "Management" + , disclose = "admin.disclose" + , manage = "doorrole.manage" + , name = "ZU schliessen" + , read = "doorrole.read" + , write = "doorrole.write" + } + , LogIn = + { category = "Management" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Einloggen?" + , read = "basis.read" + , write = "basis.write" + } + , LogOut = + { category = "Management" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Ausloggen?" + , read = "basis.read" + , write = "basis.write" + } + , LichtOben = + { category = "Management" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Licht Oben" + , read = "basis.read" + , write = "basis.write" + } + , LichtHinten = + { category = "Management" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Licht Hinten" + , read = "basis.read" + , write = "basis.write" + } + , LichtLager = + { category = "Management" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Licht Lager" + , read = "basis.read" + , write = "basis.write" + } + , LeinwandDunkel = + { category = "Management" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Leinwand Dunkel" + , read = "basis.read" + , write = "basis.write" + } + , Kompressor = + { category = "Management" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Kompressor" + , read = "basis.read" + , write = "basis.write" + } + , SkyLaser9060 = + { category = "Fablab" + , disclose = "admin.disclose" + , manage = "lab.laser.manage" + , name = "SkyLaser9060" + , read = "lab.laser.read" + , write = "lab.laser.write" + } + , ElektronikBereich = + { disclose = "admin.disclose" + , manage = "crew.write" + , name = "Elektronik Bereich" + , read = "basis.read" + , write = "basis.write" + } + , StickMaschine = + { description = "Nutzung der Stickmaschine" + , category = "Textilwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.stickmasch.manage" + , name = "Stickmaschine" + , read = "lab.stickmasch.read" + , write = "lab.stickmasch.write" + } + , TextilSchrank = + { description = "Schranktuer zur Stickmaschine" + , category = "Textilwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.stickmasch.manage" + , name = "Tuer Textilschrank" + , read = "lab.stickmasch.read" + , write = "lab.stickmasch.write" + } + , Drucker-3D-Kampshoff = + { category = "3D Druck" + , disclose = "admin.disclose" + , manage = "lab.3D.manage" + , name = "3D Kapshoff" + , read = "lab.3D.read" + , write = "lab.3D.write" + } + , Drucker-3D-Mk3S = + { category = "3D Druck" + , disclose = "admin.disclose" + , manage = "lab.3D.manage" + , name = "3D Prusa Mk3S" + , read = "lab.3D.read" + , write = "lab.3D.write" + } + , Drucker-3D-RexII = + { category = "3D Druck" + , disclose = "admin.disclose" + , manage = "lab.3D.manage" + , name = "Bresser REX II" + , read = "lab.3D.read" + , write = "lab.3D.write" + } + , Drucker-3D-Bambu-P1P = + { description = "abweichende Druckkosten!" + , category = "3D Druck" + , disclose = "admin.disclose" + , manage = "lab.3D.manage" + , name = "Bambu P1P" + , read = "lab.3D.read" + , write = "lab.3D.write" + } + , Drucker-3D-Bambu-A1 = + { description = "abweichende Druckkosten!" + , category = "3D Druck" + , disclose = "admin.disclose" + , manage = "lab.3D.manage" + , name = "Bambu A1" + , read = "lab.3D.read" + , write = "lab.3D.write" + } + , Drucker-3D-Bambu-A1-AMS = + { description = "abweichende Druckkosten!" + , category = "3D Druck" + , disclose = "admin.disclose" + , manage = "lab.3D.manage" + , name = "Bambu A1 AMS" + , read = "lab.3D.read" + , write = "lab.3D.write" + } + , Drucker-3D-Bambu-A1-mini = + { description = "abweichende Druckkosten!" + , category = "3D Druck" + , disclose = "admin.disclose" + , manage = "lab.3D.manage" + , name = "Bambu A1 mini" + , read = "lab.3D.read" + , write = "lab.3D.write" + } + , Drucker-3D-Bambu-A1-mini-AMS = + { description = "abweichende Druckkosten!" + , category = "3D Druck" + , disclose = "admin.disclose" + , manage = "lab.3D.manage" + , name = "Bambu A1 mini AMS" + , read = "lab.3D.read" + , write = "lab.3D.write" + } + , SandstrahlGross = + { category = "Metallwerkstatt" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Sandstrahlkabine Gross" + , read = "basis.read" + , write = "basis.write" + } + , Plasma = + { category = "Schweissen" + , disclose = "admin.disclose" + , manage = "lab.plasma.manage" + , name = "Plasma CNC" + , read = "lab.plasma.read" + , write = "lab.plasma.write" + } + , Schweissen3 = + { description = "Arbeitsplatz Stirnseite 380V" + , category = "Schweissen" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Schweissen Platz 3" + , read = "basis.read" + , write = "basis.write" + } + , Schweissen1 = + { description = "Arbeitsplatz zum Gas 230V" + , category = "Schweissen" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Schweissen Platz 1" + , read = "basis.read" + , write = "basis.write" + } + , Schweissen2 = + { description = "Arbeitsplatz hinten 230V/380V" + , category = "Schweissen" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Schweissen Platz 2" + , read = "basis.read" + , write = "basis.write" + } + , Schweissgas = + { description = "Gasmagnetverntil Schweissgas" + , category = "Schweissen" + , disclose = "admin.disclose" + , manage = "basis.write" + , name = "Schweissgas" + , read = "basis.read" + , write = "basis.write" + } + , DrehFraes = + { category = "Metallwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.drehfraes.manage" + , name = "Drehbank und Fraese" + , read = "lab.drehfraes.read" + , write = "lab.drehfraes.write" + } + , Staenderbohrmaschine = + { category = "Metallwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.staenderbohrmasch.manage" + , name = "Staenderbohrmaschine" + , read = "lab.staenderbohrmasch.read" + , write = "lab.staenderbohrmasch.write" + } + , CNCmittel = + { category = "Metallwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.cncmittel.manage" + , name = "Mittler CNC" + , read = "lab.cncmittel.read" + , write = "lab.cncmittel.write" + } + , PlattenSaege = + { category = "Holzwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.plattensaege.manage" + , name = "Plattensaege" + , read = "lab.plattensaege.read" + , write = "lab.plattensaege.write" + } + , FormatSaege = + { category = "Holzwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.formatsaege.manage" + , name = "Formatkreissaege" + , read = "lab.formatsaege.read" + , write = "lab.formatsaege.write" + } + , BandsaegeHolz = + { category = "Holzwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.bandsaege.manage" + , name = "Bandsaege Holz" + , read = "lab.bandsaege.read" + , write = "lab.bandsaege.write" + } + , Kantenschleifer = + { category = "Holzwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.kantenschleifer.manage" + , name = "Kantenschleifer" + , read = "lab.kantenschleifer.read" + , write = "lab.kantenschleifer.write" + } + , CNCgross = + { category = "Holzwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.cncgross.manage" + , name = "Grosse CNC Holz" + , read = "lab.cncgross.read" + , write = "lab.cncgross.write" + } + , Drechselbank = + { category = "Holzwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.drechseln.manage" + , name = "Grosse Drechselbank" + , read = "lab.drechseln.read" + , write = "lab.drechseln.write" + } + , Hobelmaschine = + { category = "Holzwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.hobelmasch.manage" + , name = "Abricht- und Dickenhobel" + , read = "lab.hobelmasch.read" + , write = "lab.hobelmasch.write" + } + , Brennofen = + { category = "Kreativwerkstatt" + , disclose = "admin.disclose" + , manage = "lab.brennofen.manage" + , name = "Brennofen" + , read = "lab.brennofen.read" + , write = "lab.brennofen.write" + } + } + , actors = + { shelly1-REDACTEDID01 = { module = "Shelly", params = {=} } + , shelly1pm-REDACTEDID16 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID02 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID03 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID04 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID05 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID06 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID07 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID08 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID09 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID10 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID11 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID12 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID13 = { module = "Shelly", params = {=} } + , shelly1-REDACTEDID14 = { module = "Shelly", params = {=} } + , shelly1minig3-REDACTEDID15 = + { module = "Process" + , params = { cmd = "./examples/ActorShellyMini.py", args = "-vvv" } + } + , shelly1minig3-REDACTEDID17 = + { module = "Process" + , params = { cmd = "./examples/ActorShellyMini.py", args = "-vvv" } + } + , shelly1minig3-REDACTEDID18 = + { module = "Process" + , params = { cmd = "./examples/ActorShellyMini.py", args = "-vvv" } + } + , shelly1minig3-REDACTEDID19 = + { module = "Process" + , params = { cmd = "./examples/ActorShellyMini.py", args = "-vvv" } + } + , OpenTheDoor = + { module = "Process" + , params = { cmd = "./examples/actor.py", args = "-vvv" } + } + , LastPersonOut = + { module = "Process" + , params = { cmd = "./examples/actor.py", args = "-vvv" } + } + , reset = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , SkyLaser9060 = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , d3dKampshoff = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , d3dBambuA1mini = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , d3dBambuA1miniAMS = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , d3dBambuA1AMS = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , d3dBambuA1 = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , d3dMk3S = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , d3dRexII = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , d3dBambuP1P = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , DrehFraes = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , Stickmaschine = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , TextilSchrank = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , SandstrahlGross = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , Schweissen1 = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , Schweissen2 = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , CNCmittel = + { module = "Process" + , params = { cmd = "./examples/ActorTasmota.py", args = "-vvv" } + } + , LogIn = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogOut = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogLastPersonOut = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogOpenTheDoor = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , Logreset = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogSkyLaser9060 = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , Logd3dKampshoff = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , Logd3dBambuA1mini = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , Logd3dBambuA1miniAMS = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , Logd3dBambuA1AMS = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , Logd3dBambuA1 = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , Logd3dMk3S = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , Logd3dRexII = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , Logd3dBambuP1P = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogStickmaschine = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogTextilSchrank = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogJorisHilft = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogTanjaHilft = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogElektronikBereich = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogSandstrahlGross = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogPlasma = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogSchweissen3 = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogSchweissen1 = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogSchweissen2 = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogDrehFraes = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogStaenderbohrmaschine = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogCNCmittel = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogFormatSaege = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogPlattenSaege = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogKantenschleifer = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogBandsaegeHolz = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogCNCgross = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogDrechselbank = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogHobelmaschine = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogKompressor = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + , LogBrennofen = + { module = "Process" + , params = { cmd = "./examples/CSVlog.py", args = "-vvv" } + } + } + , actor_connections = + [ { machine = "Shelly-Blau", actor = "shelly1-REDACTEDID01" } + , { machine = "Shelly-Rot", actor = "shelly1pm-REDACTEDID16" } + , { machine = "Willkommen", actor = "OpenTheDoor" } + , { machine = "Willkommen", actor = "LogOpenTheDoor" } + , { machine = "ResetTuer", actor = "reset" } + , { machine = "ResetTuer", actor = "Logreset" } + , { machine = "AufWiedersehen", actor = "LastPersonOut" } + , { machine = "AufWiedersehen", actor = "LogLastPersonOut" } + , { machine = "LogIn", actor = "LogIn" } + , { machine = "LogOut", actor = "LogOut" } + , { machine = "LichtLager", actor = "shelly1-REDACTEDID13" } + , { machine = "LeinwandDunkel", actor = "shelly1minig3-REDACTEDID17" } + , { machine = "LichtOben", actor = "shelly1minig3-REDACTEDID18" } + , { machine = "LichtHinten", actor = "shelly1minig3-REDACTEDID19" } + , { machine = "Kompressor", actor = "LogKompressor" } + , { machine = "SkyLaser9060", actor = "SkyLaser9060" } + , { machine = "SkyLaser9060", actor = "LogSkyLaser9060" } + , { machine = "Drucker-3D-Kampshoff", actor = "d3dKampshoff" } + , { machine = "Drucker-3D-Kampshoff", actor = "Logd3dKampshoff" } + , { machine = "Drucker-3D-Bambu-A1-mini", actor = "d3dBambuA1mini" } + , { machine = "Drucker-3D-Bambu-A1-mini", actor = "Logd3dBambuA1mini" } + , { machine = "Drucker-3D-Bambu-A1-mini-AMS", actor = "d3dBambuA1miniAMS" } + , { machine = "Drucker-3D-Bambu-A1-mini-AMS" + , actor = "Logd3dBambuA1miniAMS" + } + , { machine = "Drucker-3D-Bambu-A1-AMS", actor = "d3dBambuA1AMS" } + , { machine = "Drucker-3D-Bambu-A1-AMS", actor = "Logd3dBambuA1AMS" } + , { machine = "Drucker-3D-Bambu-A1", actor = "d3dBambuA1" } + , { machine = "Drucker-3D-Bambu-A1", actor = "Logd3dBambuA1" } + , { machine = "Drucker-3D-Mk3S", actor = "d3dMk3S" } + , { machine = "Drucker-3D-Mk3S", actor = "Logd3dMk3S" } + , { machine = "Drucker-3D-RexII", actor = "d3dRexII" } + , { machine = "Drucker-3D-RexII", actor = "Logd3dRexII" } + , { machine = "Drucker-3D-Bambu-P1P", actor = "d3dBambuP1P" } + , { machine = "Drucker-3D-Bambu-P1P", actor = "Logd3dBambuP1P" } + , { machine = "StickMaschine", actor = "Stickmaschine" } + , { machine = "StickMaschine", actor = "LogStickmaschine" } + , { machine = "TextilSchrank", actor = "TextilSchrank" } + , { machine = "TextilSchrank", actor = "LogTextilSchrank" } + , { machine = "JorisHilft", actor = "LogJorisHilft" } + , { machine = "TanjaHilft", actor = "LogTanjaHilft" } + , { machine = "SandstrahlGross", actor = "SandstrahlGross" } + , { machine = "SandstrahlGross", actor = "LogSandstrahlGross" } + , { machine = "Plasma", actor = "shelly1-REDACTEDID04" } + , { machine = "Plasma", actor = "LogPlasma" } + , { machine = "Schweissen3", actor = "shelly1-REDACTEDID03" } + , { machine = "Schweissen3", actor = "LogSchweissen3" } + , { machine = "Schweissen1", actor = "Schweissen1" } + , { machine = "Schweissen1", actor = "LogSchweissen1" } + , { machine = "Schweissen2", actor = "Schweissen2" } + , { machine = "Schweissen2", actor = "LogSchweissen2" } + , { machine = "Schweissgas", actor = "shelly1-REDACTEDID14" } + , { machine = "Staenderbohrmaschine", actor = "shelly1-REDACTEDID07" } + , { machine = "Staenderbohrmaschine", actor = "LogStaenderbohrmaschine" } + , { machine = "CNCmittel", actor = "CNCmittel" } + , { machine = "CNCmittel", actor = "LogCNCmittel" } + , { machine = "ElektronikBereich", actor = "shelly1-REDACTEDID02" } + , { machine = "ElektronikBereich", actor = "LogElektronikBereich" } + , { machine = "Kantenschleifer", actor = "shelly1-REDACTEDID08" } + , { machine = "Kantenschleifer", actor = "LogKantenschleifer" } + , { machine = "Drechselbank", actor = "shelly1-REDACTEDID11" } + , { machine = "Drechselbank", actor = "LogDrechselbank" } + , { machine = "Hobelmaschine", actor = "shelly1-REDACTEDID12" } + , { machine = "Hobelmaschine", actor = "LogHobelmaschine" } + , { machine = "CNCgross", actor = "shelly1-REDACTEDID09" } + , { machine = "CNCgross", actor = "LogCNCgross" } + , { machine = "BandsaegeHolz", actor = "shelly1-REDACTEDID10" } + , { machine = "BandsaegeHolz", actor = "LogBandsaegeHolz" } + , { machine = "DrehFraes", actor = "DrehFraes" } + , { machine = "DrehFraes", actor = "LogDrehFraes" } + , { machine = "PlattenSaege", actor = "shelly1-REDACTEDID06" } + , { machine = "PlattenSaege", actor = "LogPlattenSaege" } + , { machine = "FormatSaege", actor = "shelly1-REDACTEDID05" } + , { machine = "FormatSaege", actor = "LogFormatSaege" } + , { machine = "Brennofen", actor = "shelly1minig3-REDACTEDID15" } + , { machine = "Brennofen", actor = "LogBrennofen" } + ] + , initiators = {=} + , init_connections = [] : List { machine : Text, initiator : Text } + } diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/users.toml b/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/users.toml new file mode 100644 index 0000000..bb473f0 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/makerspace_bocholt/users.toml @@ -0,0 +1,219 @@ +["JoachimBraun"] +roles = ["basis"] +passwd = "password" + +["PeterStrunkman"] +roles = ["basis", "laser", "Plasma"] +passwd = "password" + +["JanicePoland"] +roles = ["basis", "laser", "Plasma", "Drucker3D", "doorrole"] +passwd = "password" + +["WielandMeyer"] +roles = ["doorrole", "laser", "profi"] +passwd = "password" + +["PetraBauer"] +roles = ["basis", "laser"] +passwd = "password" + +["KlaraKolan"] +roles = ["Drucker3D", "basis", "doorrole", "profi"] +passwd = "password" + +["JasonSeig"] +roles = ["doorrole", "basis", "profi", "FormatSaege", "Bandsaege", "Drechselbank", "BandsaegeHolz", "laser", "Kantenschleifer", "Drucker3D"] +passwd = "password" + +["AlexeyVasi"] +roles = ["basis", "laser", "Drucker3D"] +passwd = "password" + +["MeranVahreiny"] +roles = ["basis", "doorrole"] +passwd = "password" + +["WernerMann"] +roles = ["basis", "profi", "Kantenschleifer", "doorrole"] +passwd = "password" + +["MaxMustermann"] +roles = ["Drucker3D"] +passwd = "password" + +["BudSpencer"] +roles = ["basis", "doorrole", "profi", "Drucker3D", "FormatSaege", "Hobelmaschine", "Kantenschleifer", "PlattenSaege", "CNCgross"] +passwd = "password" + +["GeoffreyKing"] +roles = ["basis", "FormatSaege"] +passwd = "password" + +["JohnSchnee"] +roles = ["basis", "FormatSaege", "Hobelmaschine", "Kantenschleifer", "doorrole", "Drechselbank"] +passwd = "password" + +["EdwardSnow"] +roles = ["crew"] +passwd = "password" + +["RichtigGut"] +roles = ["basis", "doorrole", "profi", "FormatSaege", "Bandsaege", "Kantenschleifer", "Drechselbank", "BandsaegeHolz", "laser"] +passwd = "password" + +["JaGeil"] +roles = ["basis", "laser"] +passwd = "password" + +["LieberDoch"] +roles = ["laser", "PlattenSaege", "Plasma", "doorrole", "Drucker3D"] +passwd = "password" + +["NieWieder"] +roles = ["CNCmittel", "basis", "laser"] +passwd = "password" + +["KarinKrause"] +roles = ["basis", "Plasma", "doorrole"] +passwd = "password" + +["HalloPizza"] +roles = ["basis", "Drucker3D"] +passwd = "password" + +["GregorPaus"] +roles = ["basis", "Drucker3D", "doorrole", "profi", "PlattenSaege", "DrehFraes", "laser"] +passwd = "password" + +["ObiwanKenobi"] +roles = ["admin", "doorrole", "laser", "StickMaschine"] +passwd = "password" + +["StefanHeßling"] +roles = ["doorrole", "profi", "basis", "laser"] +passwd = "password" + +["DennisJost"] +roles = ["doorrole"] +passwd = "password" + +["DerWeihnachtsmann"] +roles = ["basis", "laser", "Plasma", "PlattenSaege", "Drucker3D", "DrehFraes", "doorrole"] +passwd = "password" + +["ElonMusk"] +roles = ["basis", "laser", "Plasma"] +passwd = "password" + +["SiegmundJähn"] +roles = ["basis", "Hobelmaschine", "Kantenschleifer", "Drechselbank", "laser"] +passwd = "password" + +["HomerSimpson"] +roles = ["doorrole", "basis", "profi"] +passwd = "password" + +["HansGlück"] +roles = ["basis", "PlattenSaege", "Kantenschleifer", "doorrole"] +passwd = "password" + +["PeterPan"] +roles = ["basis", "Drechselbank", "Plasma"] +passwd = "password" + +["ChuckNorris"] +roles = ["basis", "DrehFraes"] +passwd = "password" + +["PowerRanger"] +roles = ["basis"] +passwd = "password" + +["RobertRobertoson"] +roles = ["Drucker3D", "basis"] +passwd = "password" + +["AngelaMerkel"] +roles = ["basis", "laser", "Drucker3D", "Plasma"] +passwd = "password" + +["KatyPerry"] +roles = ["doorrole", "basis", "profi", "Kantenschleifer", "PlattenSaege", "BandsaegeHolz"] +passwd = "password" + +["IndianaJones"] +roles = ["basis", "Drucker3D", "laser"] +passwd = "password" + +["LukeSkywalker"] +roles = ["crew", "doorrole", "SandStrahl", "StickMaschine", "Drucker3D", "FormatSaege", "Kantenschleifer"] +passwd = "password" + +["BigShaq"] +roles = ["basis", "laser", "BandsaegeHolz"] +passwd = "password" + +["DarthVader"] +roles = ["profi", "doorrole", "DrehFraes", "FormatSaege", "Kantenschleifer"] +passwd = "password" + +["LeoTimoni"] +roles = ["doorrole", "PlattenSaege", "Drucker3D", "FormatSaege", "profi", "laser", "DrehFraes", "BandsaegeHolz", "CNCmittel", "Kantenschleifer"] +passwd = "password" + +["HannaLarssen"] +roles = ["basis", "profi", "doorrole"] +passwd = "password" + +["PietrZcyk"] +roles = ["basis", "doorrole", "profi", "PlattenSaege"] +passwd = "password" + +["JonathanLeonhardt"] +roles = ["basis", "profi", "doorrole", "BandsaegeHolz", "FormatSaege", "Kantenschleifer", "PlattenSaege"] +passwd = "password" + +["CaroWanns"] +roles = ["crew", "doorrole", "FormatSaege", "PlattenSaege"] +passwd = "password" + +["CarstenClossitz"] +roles = ["doorrole", "basis", "profi", "PlattenSaege", "Drucker3D"] +passwd = "password" + +["FrankMars"] +roles = ["profi", "doorrole"] +passwd = "password" + +["HanniSchmidt"] +roles = ["basis", "profi", "doorrole", "laser"] +passwd = "password" + +["MarkSebastion"] +roles = [] +passwd = "password" + +["MarkusHülsbecksen"] +roles = ["basis", "laser", "Plasma", "DrehFraes", "doorrole", "profi"] +passwd = "password" + +["SteffenSeiffer"] +roles =["bais", "Drucker3D", "Plasma", "laser"] +passwd = "password" + +["VasimZina"] +roles =["Drucker3D","doorrole","basis"] +passwd = "password" + +["YemisiBodon"] +roles =["doorrole","profi","basis"] +passwd = "password" + +["BernadetteSchwanitz"] +roles =["doorrole","profi","basis"] +passwd = "password" + +["Hans-Sebastian Biedermeyer"] +roles =["basis"] +passwd = "password" diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/minimum_working/bffh.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/minimum_working/bffh.dhall new file mode 100644 index 0000000..af15757 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/minimum_working/bffh.dhall @@ -0,0 +1,16 @@ +{ +spacename = "fabaccess.sample.space", +instanceurl = "https://fabaccess.sample.space", +listens = [{address = "127.0.0.1"}], +certfile = "/etc/bffh/certs/bffh.crt", +keyfile = "/etc/bffh/certs/bffh.key", +mqtt_url = "mqtt://127.0.0.1:1883", +db_path = "/var/lib/bffh/bffh.db", +auditlog_path = "/var/log/bffh/audit.json", +roles = {=}, +machines = {=}, +actors = {=}, +actor_connections = [] : List { machine : Text, initiator : Text }, +initiators = {=}, +init_connections = [] : List { machine : Text, initiator : Text } +} diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/bffh.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/bffh.dhall new file mode 100644 index 0000000..b83e596 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/bffh.dhall @@ -0,0 +1,110 @@ +{ listens = [ { address = "::", port = 59661 } ] +, certfile = "/etc/letsencrypt/cert.pem" +, keyfile = "/etc/letsencrypt/key.pem" +, mqtt_url = "tcp://mqtt:1883" +, db_path = "/var/lib/bffh/db" +, auditlog_path = "/tmp/bffh.audit" +, roles = + { Admin.permissions = + [ "TestEnv.Admin" + , "TestEnv.Manage" + , "TestEnv.Write" + , "TestEnv.Read" + , "TestEnv.Disclose" + ] + , ManageUsers.permissions = + [ "bffh.users.info", "bffh.users.manage", "bffh.users.admin" ] + , Manage.permissions = [ "TestEnv.Manage" ] + , Use.permissions = [ "TestEnv.Write" ] + , Read.permissions = [ "TestEnv.Read" ] + , Disclose.permissions = [ "TestEnv.Disclose" ] + } +, machines = + { MachineB1 = + { name = "Schließfach" + , description = "Schließfach ohne elektrische Steuerung" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryB" + , disclose = "TestEnv.Disclose" + , read = "TestEnv.Read" + , write = "TestEnv.Write" + , manage = "TestEnv.Manage" + } + , MachineB2 = + { name = "Fabulaser" + , description = "Fabulaser - compact, yet powerful" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryB" + , disclose = "TestEnv.Disclose" + , read = "TestEnv.Read" + , write = "TestEnv.Write" + , manage = "TestEnv.Manage" + } + , MachineA1 = + { name = "Machine Oben" + , description = "Maschine mit QR-Code zum scannen" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose" + , read = "TestEnv.Read" + , write = "TestEnv.Write" + , manage = "TestEnv.Manage" + } + , MachineA2 = + { name = "Machine Mitte" + , description = "Maschine mit NFC Reader für DESFire Karten" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose" + , read = "TestEnv.Read" + , write = "TestEnv.Write" + , manage = "TestEnv.Manage" + } + , MachineA3 = + { name = "Machine Unten" + , description = "Maschine für weitere Dinge" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose" + , read = "TestEnv.Read" + , write = "TestEnv.Write" + , manage = "TestEnv.Manage" + } + , MachineA4 = + { name = "Machine Drehstrom" + , description = "Maschine mit Drehstromanschluss" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose" + , read = "TestEnv.Read" + , write = "TestEnv.Write" + , manage = "TestEnv.Manage" + } + , MachineA5 = + { name = "Machine Drehstrom Anlaufschutz" + , description = "Maschine mit Drehstromanschluss und Wiederanlaufschutz" + , wiki = "https://fab-access.readthedocs.io" + , category = "CategoryA" + , disclose = "TestEnv.Disclose" + , read = "TestEnv.Read" + , write = "TestEnv.Write" + , manage = "TestEnv.Manage" + } + } +, actors = + { shellyplug-s-6E6ED9 = { module = "Shelly", params = {=} } + , shellyplug-s-C18903 = { module = "Shelly", params = {=} } + , shellyplug-s-B4C8B9 = { module = "Shelly", params = {=} } + , shelly1-DDDDDDDDDDDD = { module = "Shelly", params = {=} } + , shelly1-EEEEEEEEEEEE = { module = "Shelly", params = {=} } + } +, actor_connections = + [ { machine = "MachineA1", actor = "shellyplug-s-6E6ED9" } + , { machine = "MachineA2", actor = "shellyplug-s-C18903" } + , { machine = "MachineA3", actor = "shellyplug-s-B4C8B9" } + , { machine = "MachineA4", actor = "shelly1-DDDDDDDDDDDD" } + , { machine = "MachineA5", actor = "shelly1-DDDDDDDDDDDD" } + ] +, initiators = {=} +, init_connections = [] : List { machine : Text, initiator : Text } +} diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/users.toml b/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/users.toml new file mode 100644 index 0000000..5badf84 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/showcase/users.toml @@ -0,0 +1,23 @@ +[Admin] +roles = ["Admin", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[Manager] +roles = ["Manage", "Use", "Read", "Disclose", "ManageUsers"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +[Maker] +roles = ["Use", "Read", "Disclose"] +passwd = "secret" +noot = "noot!" +cardkey = "d126df5f1e315597b7f79983f8904323" + +[Guest] +roles = ["Read", "Disclose"] +passwd = "secret" +noot = "noot!" +cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/bffh.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/bffh.dhall new file mode 100644 index 0000000..0d398bb --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/bffh.dhall @@ -0,0 +1,387 @@ +{ listens = [ { address = "::", port = 59661 } ] +, certfile = "tfom23-demo/certs/self-signed-cert.pem" +, keyfile = "tfom23-demo/certs/self-signed-key.pem" +, mqtt_url = "mqtt://localhost:1883" +, db_path = "/var/lib/bffh/db" +, auditlog_path = "/tmp/bffh.audit" +, verbosity = 3 +, spacename = "TFOM23-Demo" +, instanceurl = "tfom23-demo.fab-access.org" +, roles = + { Default.permissions = [ "tfom23.disclose", "tfom23.read" ] + , Admin.permissions = + [ "tfom23.*", "bffh.users.info", "bffh.users.manage", "bffh.users.admin" ] + , Manage.permissions = [ "tfom23.manage" ] + , EuroBox.permissions = [ "tfom23.eurobox.write" ] + , LBoxx.permissions = [ "tfom23.lboxx.write" ] + , Locker.permissions = [ "tfom23.locker.write" ] + , Lasercutter.permissions = [ "tfom23.lasercutter.write" ] + , Printer.permissions = [ "tfom23.printer.write" ] + , Prusa.permissions = [ "tfom23.prusa.write" ] + , CNC.permissions = [ "tfom23.cnc.write" ] + } +, machines = + { LBoxx_0 = + { name = "Filament" + , description = "LBoxx with 1,75mm PLA" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.lboxx.write" + , manage = "tfom23.manage" + , category = "LBoxx" + , prodable = True + } + , LBoxx_1 = + { name = "FabLock Tools" + , description = "LBoxx with Tools of the FabLock Project" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.lboxx.write" + , manage = "tfom23.manage" + , category = "LBoxx" + , prodable = True + } + , LBoxx_2 = + { name = "FabReader Tools" + , description = "LBoxx with Tools of the FabReader Project" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.lboxx.write" + , manage = "tfom23.manage" + , category = "LBoxx" + , prodable = True + } + , LBoxx_3 = + { name = "Sticker" + , description = "LBoxx with FabAccess Sticker and NTAGs" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.lboxx.write" + , manage = "tfom23.manage" + , category = "LBoxx" + , prodable = True + } + , LBoxx_4 = + { name = "Demo Parts" + , description = "LBoxx with Parts for the TFOM23 Demo" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.lboxx.write" + , manage = "tfom23.manage" + , category = "LBoxx" + , prodable = True + } + , EuroBox_0 = + { name = "Haribo" + , description = "EuroBox with Haribo" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.eurobox.write" + , manage = "tfom23.manage" + , category = "EuroBox" + , prodable = True + } + , EuroBox_1 = + { name = "Goldschatz" + , description = "EuroBox with Rittersport Goldschatz" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.eurobox.write" + , manage = "tfom23.manage" + , category = "EuroBox" + , prodable = True + } + , Drawer_0 = + { name = "Drawer 0 ???" + , description = "Kallax Drawer" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.locker.write" + , manage = "tfom23.manage" + , category = "Locker" + , prodable = True + } + , Drawer_1 = + { name = "Drawer 1 ???" + , description = "Kallax Drawer" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.locker.write" + , manage = "tfom23.manage" + , category = "Locker" + , prodable = True + } + , Drawer_2 = + { name = "Drawer 2 ???" + , description = "Kallax Drawer" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.locker.write" + , manage = "tfom23.manage" + , category = "Locker" + , prodable = True + } + , Drawer_3 = + { name = "Drawer 3 ???" + , description = "Kallax Drawer" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.locker.write" + , manage = "tfom23.manage" + , category = "Locker" + , prodable = True + } + , Door_0 = + { name = "3D-Printer Accesories" + , description = "Kallax Door" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.locker.write" + , manage = "tfom23.manage" + , category = "Locker" + , prodable = True + } + , Printer_0 = + { name = "Prusa MK3" + , description = "FabAccess Prusa MK3" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.prusa.write" + , manage = "tfom23.manage" + , category = "Printers" + } + , Printer_1 = + { name = "Other Printer ???" + , description = "TFOM23 Printer" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.printer.write" + , manage = "tfom23.manage" + , category = "Printers" + } + , Lasercutter_0 = + { name = "Other Lasercutter ???" + , description = "TFOM23 Lasercutter" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.lasercutter.write" + , manage = "tfom23.manage" + , category = "Lasercutter" + } + , CNC_0 = + { name = "Some Open Hardware CNC Router" + , description = "TFOM23 CNC" + , disclose = "tfom23.disclose" + , read = "tfom23.read" + , write = "tfom23.cnc.write" + , manage = "tfom23.manage" + , category = "CNC" + } + } +, actors = + { shellyplug-s-C8C9A3B942DB = { module = "Shelly", params = {=} } + , shellyplug-s-C8C9A3B943D7 = { module = "Shelly", params = {=} } + , shellyplug-s-C8C9A3B8DB67 = { module = "Shelly", params = {=} } + , shellyplug-s-3CE90ED72CEF = { module = "Shelly", params = {=} } + , shellyplug-s-3CE90ED72481 = { module = "Shelly", params = {=} } + , shellyplug-s-C8C9A3B8E88A = { module = "Shelly", params = {=} } + , shellyplug-2C94AA = { module = "Shelly", params = {=} } + , shellyplug-C198E8 = { module = "Shelly", params = {=} } + , fablock_locker_0 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00000" + } + } + , fablock_locker_1 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00001" + } + } + , fablock_locker_2 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00002" + } + } + , fablock_locker_3 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00003" + } + } + , fablock_locker_4 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00004" + } + } + , fablock_locker_5 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00005" + } + } + , fablock_locker_6 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00000 --lock 00006" + } + } + , fablock_lboxx_0 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00000" + } + } + , fablock_lboxx_1 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00001" + } + } + , fablock_lboxx_2 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00002" + } + } + , fablock_lboxx_3 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00003" + } + } + , fablock_lboxx_4 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fablock/main.py --host localhost --fablock 00001 --lock 00004" + } + } + , fabreader_0 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00000" + } + } + , fabreader_1 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00001" + } + } + , fabreader_2 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00002" + } + } + , fabreader_3 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00003" + } + } + , fabreader_4 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fabreader/main.py --host localhost --fabreader 00004" + } + } + , fabpel_0 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fabpel/main.py --host localhost --fabpel 00000" + } + } + , fabpel_1 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fabpel/main.py --host localhost --fabpel 00001" + } + } + , fabpel_2 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fabpel/main.py --host localhost --fabpel 00002" + } + } + , fabpel_3 = + { module = "Process" + , params = + { cmd = "python" + , args = + "tfom23-demo/actors/fabpel/main.py --host localhost --fabpel 00003" + } + } + } +, actor_connections = + [ { machine = "LBoxx_0", actor = "fablock_lboxx_0" } + , { machine = "LBoxx_1", actor = "fablock_lboxx_1" } + , { machine = "LBoxx_2", actor = "fablock_lboxx_2" } + , { machine = "LBoxx_3", actor = "fablock_lboxx_3" } + , { machine = "LBoxx_4", actor = "fablock_lboxx_4" } + , { machine = "EuroBox_0", actor = "fablock_locker_0" } + , { machine = "EuroBox_1", actor = "fablock_locker_1" } + , { machine = "Drawer_0", actor = "fablock_locker_2" } + , { machine = "Drawer_1", actor = "fablock_locker_3" } + , { machine = "Drawer_2", actor = "fablock_locker_4" } + , { machine = "Drawer_3", actor = "fablock_locker_5" } + , { machine = "Door_0", actor = "fablock_locker_6" } + , { machine = "Printer_0", actor = "shellyplug-s-C8C9A3B942DB" } + , { machine = "Printer_1", actor = "shellyplug-s-3CE90ED72481" } + , { machine = "Lasercutter_0", actor = "shellyplug-s-C8C9A3B943D7" } + , { machine = "CNC_0", actor = "shellyplug-s-C8C9A3B8E88A" } + , { machine = "Printer_0", actor = "fabreader_1" } + , { machine = "Printer_1", actor = "fabreader_2" } + , { machine = "Lasercutter_0", actor = "fabreader_3" } + , { machine = "CNC_0", actor = "fabreader_4" } + , { machine = "Printer_0", actor = "fabpel_0" } + , { machine = "Printer_1", actor = "fabpel_1" } + , { machine = "Lasercutter_0", actor = "fabpel_2" } + , { machine = "CNC_0", actor = "fabpel_3" } + ] +, initiators = {=} +, init_connections = [] : List { machine : Text, initiator : Text } +} diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/users.toml b/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/users.toml new file mode 100644 index 0000000..9ac0704 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/the-future-of-making-2023/users.toml @@ -0,0 +1,27 @@ +[Admin] +roles = ["Admin"] +passwd = "secret" + +[Manager] +roles = ["Default", "Manage"] +passwd = "secret" + +[Maker] +roles = ["Default", "EuroBox", "LBoxx", "Locker", "Prusa"] +passwd = "secret" + +[Maker-Lasercutter] +roles = ["Default", "Lasercutter"] +passwd = "secret" + +[Maker-CNC] +roles = ["Default", "CNC"] +passwd = "secret" + +[Maker-Printer] +roles = ["Default", "Printer"] +passwd = "secret" + +[Bot] +roles = ["Default"] +passwd = "secret" diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actorconnections.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actorconnections.dhall new file mode 100644 index 0000000..eccf5ec --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actorconnections.dhall @@ -0,0 +1,12 @@ +[ + { machine = "zam-raum1-ecke1-lamp", actor = "tasmota_1" }, + { machine = "zam-raum1-ecke2-arrow", actor = "tasmota_2" }, + { machine = "zam-raum1-ecke3-fan", actor = "tasmota_3" }, + { machine = "zam-raum1-ecke4-mesh", actor = "tasmota_4" }, + { machine = "zam-raum1-ecke5-random1", actor = "tasmota_5" }, + { machine = "zam-raum1-ecke6-random2", actor = "tasmota_6" }, + { machine = "zam-raum1-ecke7-random3", actor = "tasmota_7" }, + { machine = "zam-raum1-ecke8-macgyver", actor = "mp3play_8" }, + { machine = "zam-raum1-ecke9-shutdown", actor = "shutdown_9" }, + { machine = "zam-raum1-ecke10-restartbffh", actor = "restart-bffh_10" } +] diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actors.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actors.dhall new file mode 100644 index 0000000..dcbcbfc --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/actors.dhall @@ -0,0 +1,102 @@ +{ + tasmota_1 = + { + module = "Process", + params = + { + cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3", + args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 1" + } + }, + + tasmota_2 = + { + module = "Process", + params = + { + cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3", + args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 2" + } + }, + + tasmota_3 = + { + module = "Process", + params = + { + cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3", + args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 3" + } + }, + + tasmota_4 = + { + module = "Process", + params = + { + cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3", + args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 4" + } + }, + + tasmota_5 = + { + module = "Process", + params = + { + cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3", + args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 5" + } + }, + + tasmota_6 = + { + module = "Process", + params = + { + cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3", + args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 6" + } + }, + + tasmota_7 = + { + module = "Process", + params = + { + cmd = "/opt/fabinfra/adapters/tasmota/env/bin/python3", + args = "/opt/fabinfra/adapters/tasmota/main.py --host 127.0.0.1 --user fabinfra101 --password fablocal --tasmota 7" + } + }, + + mp3play_8 = + { + module = "Process", + params = + { + cmd = "/opt/fabinfra/adapters/mp3play/env/bin/python3", + args = "/opt/fabinfra/adapters/mp3play/main.py" + } + }, + + shutdown_9 = + { + module = "Process", + params = + { + cmd = "/usr/bin/python3", + args = "/opt/fabinfra/adapters/shutdown/main.py" + } + }, + + restart-bffh_10 = + { + module = "Process", + params = + { + cmd = "/usr/bin/python3", + args = "/opt/fabinfra/adapters/restart-bffh/main.py" + } + } + +} diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/bffh.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/bffh.dhall new file mode 100644 index 0000000..0255278 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/bffh.dhall @@ -0,0 +1,33 @@ +let VARS = { + BFFH_CFG_PATH = "/etc/bffh/", + BFFH_DB_PATH = "/var/lib/bffh/", + MQTT_USER = "fabinfra101", + MQTT_PASSWD = "fablocal" + } +in +{ + listens = [ + { address = "0.0.0.0", port = 59661 } + ], + certfile = VARS.BFFH_CFG_PATH ++ "certs/bffh.crt", + keyfile = VARS.BFFH_CFG_PATH ++ "certs/bffh.key", + mqtt_url = "mqtt://" ++ VARS.MQTT_USER ++ ":" ++ VARS.MQTT_PASSWD ++ "@0.0.0.0:1883", + --ciphers = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + --tls_min_version = "tls13", + db_path = VARS.BFFH_DB_PATH ++ "bffh.db", + auditlog_path = "/var/log/bffh/audit.json", + + --- ||| GENERATOR START + --- ||| GENERATOR END + + roles = ./roles.dhall, + machines = ./machines.dhall, + actors = ./actors.dhall, + actor_connections = ./actorconnections.dhall, + + initiators = {=}, + init_connections = [] : List { machine : Text, initiator : Text }, + + instanceurl = "https://docs.fab-access.org", + spacename = "FabAccess Demo Setup" +} diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/machines.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/machines.dhall new file mode 100644 index 0000000..aa802cd --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/machines.dhall @@ -0,0 +1,122 @@ +{ + zam-raum1-ecke1-lamp = + { + name = "1 Lampe", + description = "Eine einfache Funzel. Kann weiter nix 💡", + wiki = "", + category = "Central Stairs", + disclose = "zam.raum1.ecke1.disclose.lamp", + read = "zam.raum1.ecke1.read.lamp", + write = "zam.raum1.ecke1.write.lamp", + manage = "zam.raum1.ecke1.manage.lamp" + }, + + zam-raum1-ecke2-arrow = + { + name = "2 LED Pfeil", + description = "Noch ein Leuchteteil. In Arrow-Shape", + wiki = "", + category = "Central Stairs", + disclose = "zam.raum1.ecke2.disclose.arrow", + read = "zam.raum1.ecke2.read.arrow", + write = "zam.raum1.ecke2.write.arrow", + manage = "zam.raum1.ecke2.manage.arrow" + }, + + zam-raum1-ecke3-fan = + { + name = "3 Der laute Lüfter", + description = "Ein sinnfreier Aktor, der sich bemerkbar macht", + wiki = "", + category = "Central Stairs", + disclose = "zam.raum1.ecke3.disclose.fan", + read = "zam.raum1.ecke3.read.fan", + write = "zam.raum1.ecke3.write.fan", + manage = "zam.raum1.ecke3.manage.fan" + }, + + zam-raum1-ecke4-mesh = + { + name = "4 LED Lauflicht", + description = "Blinky Shit yeah!", + wiki = "", + category = "Central Stairs", + disclose = "zam.raum1.ecke4.disclose.mesh", + read = "zam.raum1.ecke4.read.mesh", + write = "zam.raum1.ecke4.write.mesh", + manage = "zam.raum1.ecke4.manage.mesh" + }, + + zam-raum1-ecke5-random1 = + { + name = "5 Random Dingens #1", + description = "Utilize it as you like", + wiki = "", + category = "Central Stairs", + disclose = "zam.raum1.ecke5.disclose.random1", + read = "zam.raum1.ecke5.read.random1", + write = "zam.raum1.ecke5.write.random1", + manage = "zam.raum1.ecke5.manage.random1" + }, + + zam-raum1-ecke6-random2 = + { + name = "6 Random Dingens #2", + description = "Utilize it as you like", + wiki = "", + category = "Central Stairs", + disclose = "zam.raum1.ecke6.disclose.random2", + read = "zam.raum1.ecke6.read.random2", + write = "zam.raum1.ecke6.write.random2", + manage = "zam.raum1.ecke6.manage.random2" + }, + + zam-raum1-ecke7-random3 = + { + name = "7 Random Dingens #3", + description = "Utilize it as you like", + wiki = "", + category = "Central Stairs", + disclose = "zam.raum1.ecke7.disclose.random3", + read = "zam.raum1.ecke7.read.random3", + write = "zam.raum1.ecke7.write.random3", + manage = "zam.raum1.ecke7.manage.random3" + }, + + zam-raum1-ecke8-macgyver = + { + name = "8 Mac Gyver", + description = "Vorsitzender des Repair Cafe Dachverbands", + wiki = "https://de.wikipedia.org/wiki/MacGyver", + category = "Central Stairs", + disclose = "zam.raum1.ecke8.disclose.macgyver", + read = "zam.raum1.ecke8.read.macgyver", + write = "zam.raum1.ecke8.write.macgyver", + manage = "zam.raum1.ecke8.manage.macgyver" + }, + + zam-raum1-ecke9-shutdown = + { + name = "9 Shutdown", + description = "Poweroff Raspberry Pi", + wiki = "", + category = "Central Stairs", + disclose = "zam.raum1.ecke9.disclose.shutdown", + read = "zam.raum1.ecke9.read.shutdown", + write = "zam.raum1.ecke9.write.shutdown", + manage = "zam.raum1.ecke9.manage.shutdown" + }, + + zam-raum1-ecke10-restartbffh = + { + name = "10 Restart BFFH", + description = "Restarts bffh.service", + wiki = "", + category = "Central Stairs", + disclose = "zam.raum1.ecke10.disclose.restartbffh", + read = "zam.raum1.ecke10.read.restartbffh", + write = "zam.raum1.ecke10.write.restartbffh", + manage = "zam.raum1.ecke10.manage.restartbffh" + } + +} diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/roles.dhall b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/roles.dhall new file mode 100644 index 0000000..098fa9c --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/roles.dhall @@ -0,0 +1,109 @@ +{ + Admin = + { + permissions = [ + "bffh.users.manage", + "bffh.users.info", + "bffh.users.admin", + "zam.*" + ] + }, + + zam_raum1_manager = + { + permissions = [ + "zam.raum1.*" + ] + }, + + zam_raum1_ecke1_user = + { + permissions = [ + "zam.raum1.ecke1.disclose.*", + "zam.raum1.ecke1.read.*", + "zam.raum1.ecke1.write.*" + ] + }, + + zam_raum1_ecke2_user = + { + permissions = [ + "zam.raum1.ecke2.disclose.*", + "zam.raum1.ecke2.read.*", + "zam.raum1.ecke2.write.*" + ] + }, + + zam_raum1_ecke3_user = + { + permissions = [ + "zam.raum1.ecke3.disclose.*", + "zam.raum1.ecke3.read.*", + "zam.raum1.ecke3.write.*" + ] + }, + + zam_raum1_ecke4_user = + { + permissions = [ + "zam.raum1.ecke4.disclose.*", + "zam.raum1.ecke4.read.*", + "zam.raum1.ecke4.write.*" + ] + }, + + zam_raum1_ecke5_user = + { + permissions = [ + "zam.raum1.ecke5.disclose.*", + "zam.raum1.ecke5.read.*", + "zam.raum1.ecke5.write.*" + ] + }, + + zam_raum1_ecke6_user = + { + permissions = [ + "zam.raum1.ecke6.disclose.*", + "zam.raum1.ecke6.read.*", + "zam.raum1.ecke6.write.*" + ] + }, + + zam_raum1_ecke7_user = + { + permissions = [ + "zam.raum1.ecke7.disclose.*", + "zam.raum1.ecke7.read.*", + "zam.raum1.ecke7.write.*" + ] + }, + + zam_raum1_ecke8_user = + { + permissions = [ + "zam.raum1.ecke8.disclose.*", + "zam.raum1.ecke8.read.*", + "zam.raum1.ecke8.write.*" + ] + }, + + zam_raum1_ecke9_user = + { + permissions = [ + "zam.raum1.ecke9.disclose.*", + "zam.raum1.ecke9.read.*", + "zam.raum1.ecke9.write.*" + ] + }, + + zam_raum1_ecke10_user = + { + permissions = [ + "zam.raum1.ecke10.disclose.*", + "zam.raum1.ecke10.read.*", + "zam.raum1.ecke10.write.*" + ] + } + +} diff --git a/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/users.toml b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/users.toml new file mode 100644 index 0000000..6a422e2 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/bffh/config_examples/vow-jhv-zam-erlangen-2024/users.toml @@ -0,0 +1,11 @@ +["Raum 1 Manager"] +roles = ["zam_raum1_manager"] +passwd = "$argon2i$v=19$m=4096,t=3,p=1$aE7DYpmOPy+ZAB305S26iQ$G+cx4wEQzaVsB4Vq05+mvvxBgqXlYnejbzpLcK24SPg" + +[Admin] +roles = ["zam_raum1_ecke1_user", "zam_raum1_ecke2_user", "zam_raum1_ecke3_user", "zam_raum1_ecke4_user", "zam_raum1_ecke5_user", "zam_raum1_ecke6_user", "zam_raum1_ecke7_user", "zam_raum1_ecke8_user", "zam_raum1_ecke9_user", "_manager_schichtleitung", "Admin", "zam_raum1_manager"] +passwd = "$argon2i$v=19$m=4096,t=3,p=1$Ykyx7xGXwWKPMP7Q5FysBA$lbMnVRwZZheYt5u2kEZYuwkWW8DwaHF/JNgqH791WdQ" + +[Werkstattleiter] +roles = ["_manager_schichtleitung"] #test +passwd = "$argon2i$v=19$m=4096,t=3,p=1$nqY/EsDGzlwLzRgtZQUBzA$a55mDPB20CxYixvafyYGRIZH/EsPBguzhTBm7O3D3QA" diff --git a/debian/fabaccess-bffh-src/etc/logrotate.d/bffhd b/debian/fabaccess-bffh-src/etc/logrotate.d/bffhd new file mode 100644 index 0000000..cbc1eeb --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/logrotate.d/bffhd @@ -0,0 +1,9 @@ +/var/log/bffh/audit.json +{ + rotate 10 + size 1M + copytruncate + missingok + notifempty + compress +} diff --git a/debian/fabaccess-bffh-src/etc/sudoers.d/bffh b/debian/fabaccess-bffh-src/etc/sudoers.d/bffh new file mode 100644 index 0000000..2e10278 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/sudoers.d/bffh @@ -0,0 +1,3 @@ +bffh ALL=NOPASSWD: /usr/bin/systemctl start bffh.service +bffh ALL=NOPASSWD: /usr/bin/systemctl stop bffh.service +bffh ALL=NOPASSWD: /usr/bin/systemctl restart bffh.service diff --git a/debian/fabaccess-bffh-src/etc/systemd/system/bffh.service b/debian/fabaccess-bffh-src/etc/systemd/system/bffh.service new file mode 100644 index 0000000..4a77d54 --- /dev/null +++ b/debian/fabaccess-bffh-src/etc/systemd/system/bffh.service @@ -0,0 +1,18 @@ +[Unit] +Description=FabAccess BFFH Service +After=network.target + +[Service] +Type=simple +User=bffh +Group=bffh +ExecStartPre=/usr/bin/bffhd --check --config /etc/bffh/bffh.dhall +Environment="BFFH_LOG=warn" +ExecStart=/usr/bin/bffhd --verbose --config /etc/bffh/bffh.dhall --log-format Pretty +Restart=on-failure +RestartSec=30 +LogsDirectoryMode=750 +LogsDirectory=bffh + +[Install] +WantedBy=multi-user.target diff --git a/debian/fabaccess-bffh-src/manpages/bffhd.1 b/debian/fabaccess-bffh-src/manpages/bffhd.1 new file mode 100644 index 0000000..3ba9c57 --- /dev/null +++ b/debian/fabaccess-bffh-src/manpages/bffhd.1 @@ -0,0 +1,13 @@ +.\" Manpage for bffhd. +.\" Contact info@fab-access.org to correct errors or typos. +.TH man 1 "18 Feb 2025" "1.0" "bffhd man page" +.SH NAME +bffhd +.SH SYNOPSIS +Runs the FabAccess Diflouroborane (BFFH) server application +.SH DESCRIPTION +This is not a usual man page. It's just for linking to our online documentation, available at \:\%\fIhttps://fab-access.org/configure\fR +.SH BUGS +We might have some! Please report them to \:\%\fIhttps://gitlab.com/fabinfra/fabaccess/bffh/-/issues\fR +.SH AUTHOR +Mario Voigt (mario.voigt@stadtfabrikanten.org) diff --git a/debian/fabaccess-bffh-src/manpages/bffhd.1.gz b/debian/fabaccess-bffh-src/manpages/bffhd.1.gz new file mode 100644 index 0000000..63d3d0b Binary files /dev/null and b/debian/fabaccess-bffh-src/manpages/bffhd.1.gz differ diff --git a/debian/install-requirements.sh b/debian/install-requirements.sh new file mode 100755 index 0000000..caf3134 --- /dev/null +++ b/debian/install-requirements.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# This script installs podman and qemu-user-static, which is required for the following Dockerfile to work. +# It omits the error "exec container process `/bin/sh`: Exec format error" +# The Dockerfile inside THIS directory is used to create two different arches for cross-building of the *.deb and *.rpm files +# Please note: we need to install these images as root user! + +sudo apt install podman qemu-user-static +sudo systemctl daemon-reload + +pack="fabinfra/debianpackage" + +arch="arm64/v8" +echo -e "\n+++++++++++++++++++++++++++++++++++++++++++" +echo -e "creating local podman container registry $pack. This may take a while ..." +echo -e "+++++++++++++++++++++++++++++++++++++++++++\n" +sudo time podman build --platform=linux/${arch} -f Dockerfile -t ${pack}_${arch} #this should get ubuntu:noble + +arch="arm/v7" +echo -e "\n+++++++++++++++++++++++++++++++++++++++++++" +echo -e "creating local podman container registry $pack. This may take a while ..." +echo -e "+++++++++++++++++++++++++++++++++++++++++++\n" +sudo time podman build --platform=linux/${arch} -f Dockerfile -t ${pack}_${arch} #this should get alpine:latest + +echo -e "\n+++++++++++++++++++++++++++++++++++++++++++" +echo "listing installed images ..." +echo -e "+++++++++++++++++++++++++++++++++++++++++++\n" +sudo podman images | grep localhost/fabinfra/ + +# note: unrequired images can be removed again by: +# sudo su && podman image rm localhost/fabinfra/ diff --git a/debian/public.pgp b/debian/public.pgp new file mode 100644 index 0000000..6586008 --- /dev/null +++ b/debian/public.pgp @@ -0,0 +1,13 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZ8121hYJKwYBBAHaRw8BAQdAXF2hdKcMQB9ntjvZNZz/cQrF+1lsPCVW0bZK +SpQRUoS0HkZhYkluZnJhIDxpbmZvQGZhYi1hY2Nlc3Mub3JnPoiTBBMWCgA7FiEE +15O16KdUKF+fd20ixFBbIGJTLW4FAmfNdtYCGwMFCwkIBwICIgIGFQoJCAsCBBYC +AwECHgcCF4AACgkQxFBbIGJTLW4zZgEAqBLa6NXIQip5YHwOiJpj7zUu+3nMrO3Q +z4xy0rVN0zIA/3qjm4LWmw9dECD9XBpNswdEjVIIPKDLenvNVlSzbSQGuDgEZ812 +1hIKKwYBBAGXVQEFAQEHQFAS++Ab1AC9NyP6GmfT0LGAN41kD8qRP3kOwVuFmoA8 +AwEIB4h4BBgWCgAgFiEE15O16KdUKF+fd20ixFBbIGJTLW4FAmfNdtYCGwwACgkQ +xFBbIGJTLW59iAEArC83oEC5/HJfJHl1jGJscGspaKzelsBrr+2eWii+SmMA/jXc +gsN9QY62ZtRHFlvudtR9d7x4jnHgVTFJh29t8zYL +=S2Zq +-----END PGP PUBLIC KEY BLOCK-----