History

Jet 574a3a103e fix: update the readmes to be more clear		2026-03-16 23:42:37 -07:00
..
pi-service	feat: add remote, with rss, cache, discord, and zulip	2026-03-10 15:45:42 -07:00
secrets	feat: add remote, with rss, cache, discord, and zulip	2026-03-10 15:45:42 -07:00
bootstrap.nix	feat: add remote, with rss, cache, discord, and zulip	2026-03-10 15:45:42 -07:00
configuration.nix	feat: add remote, with rss, cache, discord, and zulip	2026-03-10 15:45:42 -07:00
flake.lock	feat: expose configurations, add retry, make stable	2026-03-09 17:11:22 -07:00
flake.nix	feat: add remote, with rss, cache, discord, and zulip	2026-03-10 15:45:42 -07:00
hardware-configuration.nix	feat: expose configurations, add retry, make stable	2026-03-09 17:11:22 -07:00
README.md	fix: update the readmes to be more clear	2026-03-16 23:42:37 -07:00

README.md

Pi

Rust service and NixOS config for the Raspberry Pi at Noisebridge. Reads a magnetic door sensor via GPIO, serves the current state over HTTP, and pushes changes to the cache service.

Runs NixOS with Tailscale for remote access and agenix for secrets.

How it works

The service watches a GPIO pin for rising/falling edges with a configurable debounce. When the door state changes, it:

Updates in-memory state (atomics)
POSTs {"status": "open", "timestamp": ...} to the cache service with a Bearer token
Retries with exponential backoff on failure

On startup it also syncs the initial state.

Setup

1. Flash the SD card

nix build .#nixosConfigurations.bootstrap.config.system.build.sdImage
dd if=result/sd-image/*.img of=/dev/sdX bs=4M status=progress

Boot the Pi. It connects to the Noisebridge WiFi automatically.

2. Find the Pi

nmap -sn 192.168.1.0/24
# or
arp -a

3. SSH host key

Grab the key and add it to secrets/secrets.nix:

ssh-keyscan <pi-ip> | grep ed25519

# secrets/secrets.nix
let
  pi = "ssh-ed25519 AAAA...";
in
{
  "api-key.age".publicKeys = [ pi ];
  "inbound-api-key.age".publicKeys = [ pi ];
  "tailscale-auth-key.age".publicKeys = [ pi ];
}

4. Create secrets

cd secrets
agenix -e api-key.age            # key for POSTing to the cache
agenix -e inbound-api-key.age    # key the cache uses to poll us
agenix -e tailscale-auth-key.age # tailscale auth key

5. SSH access

Add your public key to configuration.nix:

users.users.root.openssh.authorizedKeys.keys = [
  "ssh-ed25519 AAAA..."
];

6. Deploy

nixos-rebuild switch --flake .#pi --target-host root@noisebell

Configuration

Options under services.noisebell in flake.nix:

Option	Default	Description
`endpointUrl`	required	Webhook URL to POST state changes to
`apiKeyFile`	required	Outbound API key file (agenix secret)
`inboundApiKeyFile`	required	Inbound API key file for GET auth
`gpioPin`	`17`	GPIO pin number
`debounceSecs`	`5`	Debounce delay in seconds
`port`	`8080`	HTTP server port
`retryAttempts`	`3`	Webhook retry count
`retryBaseDelaySecs`	`1`	Exponential backoff base delay
`httpTimeoutSecs`	`10`	Outbound request timeout
`bindAddress`	`0.0.0.0`	HTTP bind address
`activeLow`	`true`	Low GPIO = door open (depends on wiring)
`restartDelaySecs`	`5`	systemd restart delay on failure
`watchdogSecs`	`30`	systemd watchdog timeout

API

All endpoints require Authorization: Bearer <token>.

GET / — door state

{"status": "open", "timestamp": 1710000000}

GET /info — system health + GPIO config

{
  "uptime_secs": 3600,
  "started_at": 1710000000,
  "cpu_temp_celsius": 42.3,
  "memory_available_kb": 350000,
  "memory_total_kb": 512000,
  "disk_total_bytes": 16000000000,
  "disk_available_bytes": 12000000000,
  "load_average": [0.01, 0.05, 0.10],
  "nixos_version": "24.11.20240308.9dcb002",
  "commit": "c6e726c",
  "gpio": {
    "pin": 17,
    "active_low": true,
    "pull": "up",
    "open_level": "low",
    "current_raw_level": "low"
  }
}