The Geocaching Robot Arm has always been popular. It's always been a maintenance problem, and now I had a new problem to solve. The problem is this. When I start using the new firewall, things like this should be on the DMZ; accessible to the public (but only via the web). The problem is, the Arm is upstairs in a cupboard, where I can keep an eye and ear on it. I can hear when it's being used, because I hear the whirr of the motors. And there's a light that switches on. Sometimes I hold up encouraging notices in front of the Arm. All great fun.
The problem is, the house network will not be on the DMZ, it'll be on the "inside". Because the servers on the "inside" should have no access at all from the world outside.
I thought of moving the Arm to where the other DMZ computers are, but that would be a significant effort; the cameras are all taped in place, the whole thing is a bit delicate, and anyway, then it wouldn't be near me while I work.
So I came up with a neat idea. The Arm is controlled by a Raspberry Pi called robotarm.drsolly.com. I Samba-mounted the Arm directory onto anotherRaspberry Pi called ffiop.drsolly.com, which is where all the other geocaching stuff resides, things like the Night Mail. And that computer is where the other DMZ computers are.
But it isn't just a question of making the data available, there's also the issue of controlling the lighting (which is done via a relay controlled over the USB port) and the Arm itself (controlled via a Pololu microcontroller that is talked to over a serial port). That's all now being done via an ssh tunnel. So, for example, to switch the lights on, it used to be:
hidwrite 0x12bf 0xff03 128
But I can't do the same thing from ffion, it's a different computer. I need ffion to give a command to robotarm.drsolly.com. And here's how:
ssh drsolly@robotarm '/home/drsolly/engine/hidwrite 0x12bf 0xff03 128'
Normally, ssh would prompt for a password before doing anything. But you can set things up so that you don't need to give the password each time.
And now the Robot Arm works, and I can put the computer controlling it (ffiop) into the DMZ where it will have the right firewall protections.