feat: remote commands, systemd units, process observability, broker auth split
- Command intake (reboot/shutdown) on infoscreen/{uuid}/commands with ack lifecycle
- MQTT_USER/MQTT_PASSWORD_BROKER split from identity vars; configure_mqtt_security() updated
- infoscreen-simclient.service: Type=notify, WatchdogSec=60, Restart=on-failure
- infoscreen-notify-failure@.service + script: retained MQTT alert when systemd gives up (Gap 3)
- _sd_notify() watchdog keepalive in simclient main loop (Gap 1)
- broker_connection block in health payload: reconnect_count, last_disconnect_at (Gap 2)
- COMMAND_MOCK_REBOOT_IMMEDIATE_COMPLETE canary flag with safety guard
- SERVER_TEAM_ACTIONS.md: server-side integration action items
- Docs: README, CHANGELOG, src/README, copilot-instructions updated
- 43 tests passing
This commit is contained in:
RobbStarkAustria
@@ -16,6 +16,17 @@ LOG_LEVEL=INFO # DEBUG | INFO | WARNING | ERROR
|
||||
# MQTT Broker Configuration
|
||||
MQTT_BROKER=<your-mqtt-broker-host-or-ip> # Change to your MQTT server IP
|
||||
MQTT_PORT=1883
|
||||
# Broker login used by simclient to connect to MQTT
|
||||
MQTT_USER=<broker-username>
|
||||
MQTT_PASSWORD_BROKER=<broker-password>
|
||||
# Optional per-device identity credentials (legacy fallback)
|
||||
MQTT_USERNAME=infoscreen-client-<client-uuid-prefix>
|
||||
MQTT_PASSWORD=<set-per-device-20-char-random-password>
|
||||
MQTT_TLS_ENABLED=0 # 1 when broker TLS is enabled for this client
|
||||
# MQTT_TLS_CA_CERT=/etc/infoscreen/mqtt/ca.crt
|
||||
# MQTT_TLS_CERT=/etc/infoscreen/mqtt/client.crt
|
||||
# MQTT_TLS_KEY=/etc/infoscreen/mqtt/client.key
|
||||
# MQTT_TLS_INSECURE=0 # only for controlled test environments
|
||||
|
||||
# Timing Configuration (quieter intervals for productive test)
|
||||
HEARTBEAT_INTERVAL=60 # Heartbeat frequency in seconds
|
||||
@@ -47,16 +58,26 @@ CEC_POWER_OFF_WAIT=5 # Seconds to wait after power OFF command (increase
|
||||
# hybrid — prefer MQTT intent when present and valid; fall back to local CEC if not
|
||||
# mqtt — MQTT intent is authoritative; local CEC only fires as last-resort guard
|
||||
# See README.md "TV Power Intent — Rollout Runbook" before changing from 'local'.
|
||||
POWER_CONTROL_MODE=local # local | hybrid | mqtt
|
||||
POWER_CONTROL_MODE=hybrid # local | hybrid | mqtt
|
||||
|
||||
# Optional: MQTT authentication (if your broker requires username/password)
|
||||
#MQTT_USERNAME=
|
||||
#MQTT_PASSWORD=
|
||||
# Reboot/Shutdown command handling
|
||||
# Helper installed by ./scripts/install-command-helper.sh
|
||||
COMMAND_HELPER_PATH=/usr/local/bin/infoscreen-cmd-helper.sh
|
||||
# Mock mode (safe canary): uncomment next line and comment the live path above
|
||||
# COMMAND_HELPER_PATH=/home/olafn/infoscreen-dev/scripts/mock-command-helper.sh
|
||||
# Timeout for helper execution (seconds)
|
||||
COMMAND_EXEC_TIMEOUT_SEC=15
|
||||
# Test mode: for reboot_host with mock helper, send completed without restart (0/1)
|
||||
COMMAND_MOCK_REBOOT_IMMEDIATE_COMPLETE=0
|
||||
# Command deduplication retention window (hours)
|
||||
COMMAND_DEDUPE_TTL_HOURS=24
|
||||
# Maximum processed command IDs kept in dedupe cache
|
||||
COMMAND_DEDUPE_MAX_ENTRIES=5000
|
||||
|
||||
# MQTT authentication
|
||||
# Use a per-client service account. Keep this file mode 600 on the device.
|
||||
|
||||
# Optional TLS settings (if using secure MQTT)
|
||||
#MQTT_TLS_CA_CERT=
|
||||
#MQTT_TLS_CERT=
|
||||
#MQTT_TLS_KEY=
|
||||
|
||||
# Notes:
|
||||
# - Keep actual secrets and host-specific values in a local .env file that is NOT committed.
|
||||
|
||||
Reference in New Issue
Block a user