GPIO door lock control
- Tested on a Pi Zero W running Raspbian GNU/Linux 9
- The Pi should be powered with an adapter rated between 5.1V - 5.2V, 2.5A
- The card readers tested are of the type PN532
- The door lock is triggered by raising a single GPIO pin
- Pins are numbered using the [wiringPi scheme][1]
- The cardreader is assumed connected with I²C on interface #1 (the lowest I²C pin numbers)
- Authorized card numbers are downloaded from hackerhula
Schematics of the circuit can be found in /schematics which have been
created with gschem.
Install dependencies (as root):
apt install libnfc-dev libnfc-bin build-essential
Grab source code & prepare user (as root):
git clone https://github.com/hackeriet/door.git
mkdir -p /srv
mv door /srv/door
adduser --home /srv/door door
usermod -a -G gpio door
usermod -a -G i2c door
chown -R door:door /srv/door
Install pylibnfc (as door):
sudo -u door -i
pip install --user --break-system-packages git+https://github.com/hackeriet/pylibnfc.git
Enable I²C interface (as root):
vim /boot/firmware/config.txt
# Uncomment the following lines, which should already be present:
# dtparam=i2c_arm=on
# dtoverlay=pi3-disable-bt-overlay
Specify where the NFC device can be found by libnfc (as root):
echo 'device.connstring = "pn532_i2c:/dev/i2c-1"' > /etc/nfc/libnfc.conf
Copy systemd service file to system folder (as root):
cp doord.service /etc/systemd/system
Set password to upstream card list in environment variable (as root):
vim /etc/systemd/system/doord.service
Reload, enable and start the service (as root):
systemctl daemon-reload && systemctl enable doord.service && systemctl start doord.service
Configure SSO, if desired: https://wiki.hackeriet.no/infra/services/hacker-id
Configure the SSH-based entry service (as root):
# Add the user and fix rights
# Use password from hackerpass
adduser --shell /srv/door/open-door entry
usermod -a -G gpio entry
If Kanidm SSO is used, also configure SSO for the entry service (as root):
# Create a local authkey file, for consumption by the keys command
mkdir -p /home/entry/.ssh
touch /home/entry/.ssh/authorized_keys
chown -R entry:entry /home/entry/.ssh
# Install the SSH key command, which checks local files + SSO
cp /srv/door/ssh_entry_keys.py /usr/local/bin/
cp /srv/door/ssh-entry.conf /etc/ssh/sshd_config.d/50-door-entry.conf
chown root:root /usr/local/bin/ssh_entry_keys.py /etc/ssh/sshd_config.d/50-door-entry.conf
# Add an API token for the SSO account `svc-ssh-grouplists`
# Hint: Generate a new one for this host from your own machine:
# $ kanidm service-account api-token generate svc-ssh-grouplists "hostname-here-please.hackeriet.no"
echo '<token>' > /etc/door-sso-token
chown entry:entry /etc/door-sso-token
Reboot!
Trigger door lock
$ sudo /srv/door/open-door
Connect with SSH from the local network and use the password stored from hackerpass infrastructure/hackeriet-door-trigger.
The shell of the entry user is the open-door script. Connect with caution.
$ ssh entry@bac-door1.ackeriet.no
NOTE Up to date information about this functionality can be found in https://github.com/hackeriet/door-remote
https://door-remote.hackeriet.no
See /test/run-test.sh to see how to use mocks in doord.py.
The test script currently has to be run from the project root to get correct paths.
- Make sure wiring is correct. Easy to mix up CLOCK and DATA wires when connecting the I²C device.
- Measure output voltage on the 5V rail. If it's below 5 volts, the card readers may malfunction.
- Make sure the power rating of the power supply is as high as expected (see first section of this document)
- To debug the I²C interface,
i2c-toolscontains some nice utils. Specificallyi2cdetectwhich dumps all addresses found on the I²C bus (i2cdetect -y 1for bus number 1) libnfc-binandlibnfc-examplescontains some libnfc utilities. Specificallynfc-pollandnfc-scan-devicesare helpful in detecting a correctly connected nfc device
# journalctl -u doord.service -f
- jonnor, Mathsterk @trygvis from #bitraf @ chat.freenode.org for wiring advice