divoom: add pi deploy artifact manifests

Add source-controlled Puppet/Hiera contracts for edge2 Divoom-as-DM-device without replacing the live flowercore-divoom systemd deployment. Add Divoom TV Pi HDMI systemd/Puppet deployment artifacts, LF shell-script guardrails, and focused lint coverage for the additive non-K8s deploy shape. Co-Authored-By: Codex <codex@openai.com>
2026-06-02 21:45:27 -05:00
parent 0307ae16ae
commit 5bdedfc5ae
17 changed files with 819 additions and 0 deletions
--- a/apps/fc-divoom-dm-pi-device/puppet/profile/pi/service/divoom_dm_device.pp
+++ b/apps/fc-divoom-dm-pi-device/puppet/profile/pi/service/divoom_dm_device.pp
@@ -0,0 +1,140 @@
+# Drop into FlowerCore.Puppet site-modules/profile/manifests/pi/service/divoom_dm_device.pp.
+# This profile is additive to profile::pi::service::divoom. It must not manage,
+# restart, replace, or subscribe the existing flowercore-divoom.service.
+class profile::pi::service::divoom_dm_device (
+  Enum['present', 'absent'] $ensure = 'present',
+  Boolean $service_enabled = false,
+  Enum['running', 'stopped'] $service_ensure = 'stopped',
+  String $service_name = 'flowercore-divoom-dm-agent',
+  String $device_id = 'edge2-divoom-minitoo',
+  String $display_name = 'edge2 Divoom MiniToo',
+  String $host_fqdn = 'edge2.iamworkin.lan',
+  String $dm_web_url = 'https://devicemgmt.iamworkin.lan',
+  String $divoom_install_dir = '/opt/flowercore/divoom',
+  String $agent_install_dir = '/opt/flowercore/devicemanagement-agent',
+  String $agent_binary = 'FlowerCore.DeviceManagement.Agent',
+  Array[String] $bt_candidate_channels = ['1', '10'],
+  String $default_bt_channel = '1',
+  Enum['on', 'off'] $a2dp_default_state = 'off',
+  Boolean $fm_radio_enabled = false,
+  Boolean $visible_render_proof_required = true,
+) {
+  include profile::workstation::safe_account_exclusion
+
+  $safe_account = $profile::workstation::safe_account_exclusion::safe_account
+  $config_dir = '/etc/flowercore/device-management/devices'
+  $state_dir = '/var/lib/flowercore/divoom-dm-agent'
+  $log_dir = '/var/log/flowercore/divoom-dm-agent'
+  $registration_path = "${config_dir}/${device_id}.json"
+  $agent_binary_path = "${agent_install_dir}/${agent_binary}"
+  $bt_channels_json = inline_template('[<%= @bt_candidate_channels.map { |c| "\"#{c}\"" }.join(", ") %>]')
+
+  if $safe_account {
+    notify { 'fc-divoom-dm-device safe-account exclusion':
+      message => 'SAFE-ACCOUNT-EXCLUSION: Divoom DM Pi device profile refused to apply on operator workstation',
+    }
+
+    if $facts['os']['family'] != 'windows' {
+      ensure_resource('file', '/var/log/flowercore-audit', {
+          'ensure' => 'directory',
+          'owner'  => 'root',
+          'group'  => 'root',
+          'mode'   => '0755',
+      })
+
+      file { '/var/log/flowercore-audit/safe-account-noop-fc-divoom-dm-device.log':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+        content => "noop: divoom dm pi device profile refused to apply on safe-account host\n",
+        require => File['/var/log/flowercore-audit'],
+      }
+    }
+  } elsif $ensure == 'absent' {
+    service { $service_name:
+      ensure => stopped,
+      enable => false,
+    }
+
+    file { [
+        "/etc/systemd/system/${service_name}.service",
+        $registration_path,
+      ]:
+      ensure => absent,
+    }
+
+    exec { 'fc-divoom-dm-agent-systemd-reload':
+      command     => '/usr/bin/systemctl daemon-reload',
+      refreshonly => true,
+      path        => ['/usr/bin', '/bin'],
+    }
+  } else {
+    case $facts['os']['family'] {
+      'Debian': {}
+      default: { fail("profile::pi::service::divoom_dm_device only supports Debian-family OS, got ${facts['os']['family']}") }
+    }
+
+    file { [$config_dir, $state_dir, $log_dir]:
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0755',
+    }
+
+    file { $registration_path:
+      ensure  => file,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => epp('profile/pi/fc_divoom_dm/divoom-device-registration.json.epp', {
+        'device_id'                     => $device_id,
+        'display_name'                  => $display_name,
+        'host_fqdn'                     => $host_fqdn,
+        'divoom_install_dir'            => $divoom_install_dir,
+        'bt_channels_json'              => $bt_channels_json,
+        'default_bt_channel'            => $default_bt_channel,
+        'a2dp_default_state'            => $a2dp_default_state,
+        'fm_radio_enabled'              => $fm_radio_enabled,
+        'visible_render_proof_required' => $visible_render_proof_required,
+      }),
+      require => File[$config_dir],
+    }
+
+    file { "/etc/systemd/system/${service_name}.service":
+      ensure  => file,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => epp('profile/pi/fc_divoom_dm/flowercore-divoom-dm-agent.service.epp', {
+        'service_name'       => $service_name,
+        'device_id'          => $device_id,
+        'dm_web_url'         => $dm_web_url,
+        'registration_path'  => $registration_path,
+        'divoom_install_dir' => $divoom_install_dir,
+        'agent_install_dir'  => $agent_install_dir,
+        'agent_binary_path'  => $agent_binary_path,
+        'state_dir'          => $state_dir,
+        'log_dir'            => $log_dir,
+      }),
+      notify  => Exec['fc-divoom-dm-agent-systemd-reload'],
+      require => File[$registration_path],
+    }
+
+    exec { 'fc-divoom-dm-agent-systemd-reload':
+      command     => '/usr/bin/systemctl daemon-reload',
+      refreshonly => true,
+      path        => ['/usr/bin', '/bin'],
+    }
+
+    service { $service_name:
+      ensure  => $service_ensure,
+      enable  => $service_enabled,
+      require => [
+        File["/etc/systemd/system/${service_name}.service"],
+        File[$registration_path],
+        Exec['fc-divoom-dm-agent-systemd-reload'],
+      ],
+    }
+  }
+}