Skip to content
/ k40-laser-scripts Public

Scripts (and other objects) created to make use of the GRBL Pi Hat + Raspberry Pi a little easier in a multi-user environment where not everyone has usage rights.

License

MIT license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RootAccessHackerspace/k40-laser-scripts

BranchesTags

Repository files navigation

K40 Laser Scripts

These files were created to make the use of the modified K40 laser cutter easier. The K40 is in a mixed-permissions environment, where some people have usage rights and others do not.

Current setup

The original control board was removed and replaced with the following equipment:

The RPi is connected to the CNC board via 12 jumper cables to allow access to the remaining GPIO pins.

The NFC module is part of the multi-factor authentication scheme.

The relay module controls whether power is available to the main PSU and whether the laser tube itself can be activated.

Just two temperature sensors are used: one goes into the water bucket to make sure the water does not get too hot, while the other goes to the laser tube itself to detect any faster temperature changes there.

Security scheme

  1. Every new user is verified by a current administrator as having succifient knowledge to run the laser safely.
  2. The user choses a username and a password on the RPi.
  3. The user is given an NFC tag and its ID is associated with their account. (This may change in the future to the user receiving an NFC tag when their become members of RAH.) Currently, pam-nfc is what we are using for NFC auth.
  4. Google Authenticator generates a TOTP for the user.

In order to login, the user must have, in addition to their username and password, their TOTP. Only their NFC tag is required to run sudo on lasercontrol.

If the user requires SSH access, they must be in the ssh group and copy their public key into their ~/.ssh/authorized_keys file via local methods. Password authentication is turned off for SSH, requiring a public key and TOTP.

As sudo cannot grant superuser access without the NFC tag, regular users cannot turn on the laser while logged in via SSH unless they are also phsycally present. Admins do have the ability to turn on the laser remotely, but they should be educated enough to know that that is an extremely bad idea.

More descriptions and better organization to follow

About

Scripts (and other objects) created to make use of the GRBL Pi Hat + Raspberry Pi a little easier in a multi-user environment where not everyone has usage rights.

Topics

raspberry-pi rpi laser raspberrypi nfc totp bash-script raspberry-pi-gpio rpi-gpio nfc-tag

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

3 tags

Packages

No packages published

Languages