These files were created to make the use of the modified K40 laser cutter easier. The K40 is in a mixed-permissions environment, where some people have usage rights and others do not.
The original control board was removed and replaced with the following equipment:
- Raspberry Pi 3
- Protoneer RPi CNC Board
- Pololu DRV8825 stepper motor drivers
- 4 channel 5V relay module
- PN532 NFC/RFID module
- DS18B20 waterproof temperature sensors
- More jumper cables than you could imagine
The RPi is connected to the CNC board via 12 jumper cables to allow access to the remaining GPIO pins.
The NFC module is part of the multi-factor authentication scheme.
The relay module controls whether power is available to the main PSU and whether the laser tube itself can be activated.
Just two temperature sensors are used: one goes into the water bucket to make sure the water does not get too hot, while the other goes to the laser tube itself to detect any faster temperature changes there.
- Every new user is verified by a current administrator as having succifient knowledge to run the laser safely.
- The user choses a username and a password on the RPi.
- The user is given an NFC tag and its ID is associated with their account. (This may change in the future to the user receiving an NFC tag when their become members of RAH.) Currently, pam-nfc is what we are using for NFC auth.
- Google Authenticator generates a TOTP for the user.
In order to login, the user must have, in addition to their username and password, their TOTP.
Only their NFC tag is required to run sudo on lasercontrol.
If the user requires SSH access, they must be in the ssh group and copy their public key into their ~/.ssh/authorized_keys file via local methods.
Password authentication is turned off for SSH, requiring a public key and TOTP.
As sudo cannot grant superuser access without the NFC tag, regular users cannot turn on the laser while logged in via SSH unless they are also phsycally present.
Admins do have the ability to turn on the laser remotely, but they should be educated enough to know that that is an extremely bad idea.
More descriptions and better organization to follow