Interactive configuration wizard and fleet management tooling for the PiSpot Wi-Fi voucher ecosystem.
PiSpot Deployment is the provisioning and secrets-management layer for the PiSpot IoT ecosystem. It provides an interactive CLI wizard that collects venue details and voucher parameters, validates all inputs, and pushes the resulting configuration into HashiCorp Vault. It also manages Vault token lifecycle and includes Ansible inventory for fleet-wide device management.
Part of the PiSpot ecosystem:
| Project | Description |
|---|---|
| PiSpot Watch | Wrist-wearable e-ink voucher device |
| PiSpot Show | HDMI kiosk display for lobby TVs |
| PiSpot Deployment (this repo) | Fleet provisioning and Vault configuration |
- Interactive configuration wizard -- terminal-based UI (PyInquirer) collects venue name, town, device ID, Spotipo API credentials, voucher parameters, and Vault connection details with real-time input validation.
- HashiCorp Vault integration -- stores per-device configuration as KV secrets with structured paths (
{project}/{venue}_{town}_{id}), using AppRole authentication. - Input validation -- custom validators enforce UUID format for API keys, URL format for Vault addresses, and token format constraints before any write occurs.
- Token lifecycle management -- systemd-compatible renewal script monitors token TTL and auto-renews below a 10-day threshold, with rotating file logs.
- Ansible fleet inventory -- grouped inventory file for managing multiple PiSpot Watch and PiSpot Show devices across venues, with SSH and sudo configuration.
- AWX/Docker support -- custom Dockerfile template extending AWX with Vault CLI, MinIO client, and jq for CI/CD pipelines.
Operator runs creator.py
|
v
+------+------+
| PyInquirer | Collects: venue, town, device ID,
| CLI wizard | Spotipo API key, site number,
| | duration, speed limits, Vault addr
+------+------+
|
v
+------+------+
| HashiCorp | Writes KV secret:
| Vault | pispot_voucher/{venue}_{town}_{id}
| (AppRole) | containing all device config
+------+------+
|
v
+------+------+
| Ansible | Playbooks in Watch/Show repos
| (inventory) | target grouped devices via SSH
+-------------+
- The operator runs the interactive wizard to configure a new venue/device.
- The wizard validates all inputs and writes the configuration to Vault.
- Ansible playbooks (in the Watch and Show repos) reference the same Vault secrets during provisioning.
- A cron-scheduled token renewal script keeps Vault tokens alive across the fleet.
git clone https://github.com/GeiserX/PiSpot-Deployment.git
cd PiSpot-Deploymentpip3 install -r Interactive_Script/requirements.txtDependencies: hvac, PyInquirer, pyfiglet
python3 Interactive_Script/creator.pyThe wizard will prompt for:
- Venue name and town
- Device identifier
- Spotipo API key (UUID format) and site number
- Voucher duration, speed limits (default: 1024/256 Kbps DL/UL)
- Vault address and token
Edit the hosts file with your device IPs, SSH ports, and credentials:
[PiSpot_Voucher]
device1 ansible_host=10.80.1.2
[PiSpot_HDMI]
device2 ansible_host=10.80.2.2Then run the deployment playbooks from the Watch or Show repositories.
vault-renew-token.py runs as a cron job (weekly) and at boot. It checks the current token's TTL and renews it if below 10 days remaining. Logs are written to /var/log/vault/renew-token.log with automatic rotation.
# Example cron entry
0 12 * * 0 /usr/bin/python3 /path/to/vault-renew-token.pyPiSpot-Deployment/
Interactive_Script/
creator.py # Interactive configuration wizard
requirements.txt # Python dependencies
vault-renew-token.py # Vault token renewal service
hosts # Ansible inventory (device groups, SSH config)
Dockerfile.task.j2 # AWX custom task image (Vault CLI + MinIO + jq)
LICENSE # GPL-3.0
GNU General Public License v3.0
Contributions are welcome. Open an issue or submit a pull request.
This project follows the Contributor Covenant v2.1 Code of Conduct.
