initial setup on Raspberry Pi 3

4 years ago · c40d1ac8ec
commit c40d1ac8ec
12 changed files with 408 additions and 0 deletions
--- a/html/INSTALLATION_NOTES.html
+++ b/html/INSTALLATION_NOTES.html
@ -0,0 +1,103 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
+<head>
+  <meta charset="utf-8" />
+  <meta name="generator" content="pandoc" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
+  <title>Installation notes</title>
+  <style type="text/css">
+      code{white-space: pre-wrap;}
+      span.smallcaps{font-variant: small-caps;}
+      span.underline{text-decoration: underline;}
+      div.column{display: inline-block; vertical-align: top; width: 50%;}
+  </style>
+  <link rel="stylesheet" href="styles.css" />
+</head>
+<body>
+<header>
+<h1 class="title">Installation notes</h1>
+</header>
+<h2 id="tinc">Tinc</h2>
+<p>Installed tinc following pzwiki guide!</p>
+<h2 id="nginx-config">NGINX config</h2>
+<p>sudo apt install nginx</p>
+<p>Added user directories to nginx setup</p>
+<pre><code>    # enable home directories ... eg ~USER/ =&gt; /home/USER/public_html/index.html
+    location ~ ^/~(.+?)(/.*)?$ {
+            alias /home/$1/public_html$2;
+        index index.html index.htm;
+            autoindex on;
+        }</code></pre>
+<p>Made the /var/www/html folder belong to group users</p>
+<pre><code>sudo chgrp users /var/www/html
+sudo chmod -R 2775 /var/www/html</code></pre>
+<p>NB: The 2 turns on the setGID bit meaning:</p>
+<blockquote>
+<p>newly created subfiles inherit the same group as the directory, and newly created subdirectories inherit the set GID bit of the parent directory.</p>
+</blockquote>
+<h3 id="reverse-proxies-for-jupyter">Reverse proxies for jupyter</h3>
+<pre><code>        location /lab/mmurtaugh/ {
+            proxy_pass http://localhost:9050/;
+        # ADDs sandbot
+        rewrite /(.*) /sandbot/$1  break;
+        include /etc/nginx/includes/lab.conf;
+        }</code></pre>
+<p>And made a file for common settings:</p>
+<pre><code>sudo nano /etc/nginx/includes/lab.conf</code></pre>
+<pre><code>error_page 502 /lab/502.html;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $http_host;
+            proxy_http_version 1.1;
+proxy_redirect off;
+proxy_buffering off;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection &quot;upgrade&quot;;
+proxy_read_timeout 86400;</code></pre>
+<h2 id="jupyter-config">Jupyter config</h2>
+<p>First installed pip3 &amp; updated it…</p>
+<pre><code>sudo apt install python3-pip
+sudo pip3 install --upgrade pip</code></pre>
+<p>Then used pip3 to install jupyterlab…</p>
+<pre><code>sudo pip3 install jupyterlab</code></pre>
+<p>Following <a href="http://sonny-qa.github.io/2017/11/16/jupyter-notebook-ec2-reverse-proxy/">this guide</a>, configured my local jupyter to use port 9050, and setup config</p>
+<p>To <a href="http://ipython.org/ipython-doc/stable/notebook/public_server.html">set the password</a>:</p>
+<pre><code>python3
+
+from  IPython.lib import passwd
+passwd()</code></pre>
+<p>Copied by “password hash”</p>
+<pre><code>jupyter notebook --generate-config
+nano ~/.jupyter/jupyter_notebook_config.py</code></pre>
+<pre><code>c.NotebookApp.base_url = &#39;/sandbot/lab/mmurtaugh/&#39;
+c.NotebookApp.port = 9050
+c.NotebookApp.trust_xheaders = True
+c.NotebookApp.port_retries = 50
+c.NotebookApp.password = &#39;sha1:PASSWORD_HASH_FROM_ABOVE&#39;
+c.NotebookApp.allow_remote_access = True</code></pre>
+<p>Followed <a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-a-jupyterlab-environment-on-ubuntu-18-04#step-6-%E2%80%94-setting-up-a-systemd-service">this tutorial</a> on creating a systemd service. Used my username (and group).</p>
+<pre><code>sudo nano /etc/systemd/system/jupyterlab@.service</code></pre>
+<pre><code>[Unit]
+Description=Jupyter Lab Server (%i)
+After=nginx.service
+
+[Service]
+User=%i
+Group=%i
+Type=simple
+WorkingDirectory=/home/%i/
+ExecStart=/usr/local/bin/jupyter-lab --config=/home/%i/.jupyter/jupyter_notebook_config.py
+StandardOutput=null
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target</code></pre>
+<p>Then you can</p>
+<p>sudo systemctl enable jupyterlab@mmurtaugh</p>
+<p>or</p>
+<p>sudo systemctl start jupyterlab@mmurtaugh</p>
+<p>and</p>
+<p>sudo systemctl status jupyterlab@mmurtaugh</p>
+</body>
+</html>
--- a/html/INSTALLATION_NOTES.md
+++ b/html/INSTALLATION_NOTES.md
@ -0,0 +1,134 @@
+---
+title: Installation notes
+---
+
+## Tinc
+
+Installed tinc following pzwiki guide!
+
+
+
+## NGINX config
+
+   sudo apt install nginx
+
+
+Added user directories to nginx setup
+
+```
+	# enable home directories ... eg ~USER/ => /home/USER/public_html/index.html
+	location ~ ^/~(.+?)(/.*)?$ {
+            alias /home/$1/public_html$2;
+	    index index.html index.htm;
+            autoindex on;
+        }
+```
+
+Made the /var/www/html folder belong to group users
+
+    sudo chgrp users /var/www/html
+    sudo chmod -R 2775 /var/www/html
+
+NB: The 2 turns on the setGID bit meaning:
+
+> newly created subfiles inherit the same group as the directory, and newly created subdirectories inherit the set GID bit of the parent directory.
+
+
+### Reverse proxies for jupyter
+
+```
+        location /lab/mmurtaugh/ {
+            proxy_pass http://localhost:9050/;
+	    # ADDs sandbot
+	    rewrite /(.*) /sandbot/$1  break;
+	    include /etc/nginx/includes/lab.conf;
+        }
+```
+
+And made a file for common settings:
+
+    sudo nano /etc/nginx/includes/lab.conf
+```
+error_page 502 /lab/502.html;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $http_host;
+            proxy_http_version 1.1;
+proxy_redirect off;
+proxy_buffering off;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+proxy_read_timeout 86400;
+```
+
+## Jupyter config
+
+First installed pip3 & updated it...
+
+    sudo apt install python3-pip
+    sudo pip3 install --upgrade pip
+
+Then used pip3 to install jupyterlab...
+
+    sudo pip3 install jupyterlab
+
+
+
+Following [this guide](http://sonny-qa.github.io/2017/11/16/jupyter-notebook-ec2-reverse-proxy/), configured my local jupyter to use port 9050, and setup config
+
+To [set the password](http://ipython.org/ipython-doc/stable/notebook/public_server.html):
+
+    python3
+
+    from  IPython.lib import passwd
+    passwd()
+
+Copied by "password hash"
+
+    jupyter notebook --generate-config
+    nano ~/.jupyter/jupyter_notebook_config.py
+
+```
+c.NotebookApp.base_url = '/sandbot/lab/mmurtaugh/'
+c.NotebookApp.port = 9050
+c.NotebookApp.trust_xheaders = True
+c.NotebookApp.port_retries = 50
+c.NotebookApp.password = 'sha1:PASSWORD_HASH_FROM_ABOVE'
+c.NotebookApp.allow_remote_access = True
+```
+
+Followed [this tutorial](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-jupyterlab-environment-on-ubuntu-18-04#step-6-%E2%80%94-setting-up-a-systemd-service) on creating a systemd service. Used my username (and group).
+
+    sudo nano /etc/systemd/system/jupyterlab@.service
+
+```
+[Unit]
+Description=Jupyter Lab Server (%i)
+After=nginx.service
+
+[Service]
+User=%i
+Group=%i
+Type=simple
+WorkingDirectory=/home/%i/
+ExecStart=/usr/local/bin/jupyter-lab --config=/home/%i/.jupyter/jupyter_notebook_config.py
+StandardOutput=null
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Then you can
+
+sudo systemctl enable jupyterlab@mmurtaugh
+
+or
+
+sudo systemctl start jupyterlab@mmurtaugh
+
+and
+
+sudo systemctl status jupyterlab@mmurtaugh
+
--- a/html/MANUAL.md
+++ b/html/MANUAL.md
@ -0,0 +1,3 @@
+## Restarting all jupyter lab servers
+
+  sudo systemctl restart 'jupyterlab@*'
--- a/html/Makefile
+++ b/html/Makefile
@ -0,0 +1,10 @@
+md=$(shell ls *.md)
+mdhtml=$(md:%.md=%.html)
+
+all: $(mdhtml)
+
+%.html: %.md
+	pandoc --from markdown \
+	--to html5 \
+	--css styles.css \
+	--standalone $< -o $@
--- a/html/index.html
+++ b/html/index.html
@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
+<head>
+  <meta charset="utf-8" />
+  <meta name="generator" content="pandoc" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
+  <title>:::</title>
+  <style type="text/css">
+      code{white-space: pre-wrap;}
+      span.smallcaps{font-variant: small-caps;}
+      span.underline{text-decoration: underline;}
+      div.column{display: inline-block; vertical-align: top; width: 50%;}
+  </style>
+  <link rel="stylesheet" href="styles.css" />
+</head>
+<body>
+<header>
+<h1 class="title">:::</h1>
+</header>
+<p>welcome to the</p>
+<pre><code>                     _ _           _   
+ ___  __ _ _ __   __| | |__   ___ | |_ 
+/ __|/ _` | &#39;_ \ / _` | &#39;_ \ / _ \| __|
+\__ \ (_| | | | | (_| | |_) | (_) | |_ 
+|___/\__,_|_| |_|\__,_|_.__/ \___/ \__|
+                                       </code></pre>
+<h3 id="residents">residents</h3>
+<ul>
+<li><a href="/sandbot/~camilo/">camilo</a> <a href="/sandbot/~camilo/__lab__/">lab</a></li>
+<li><a href="/sandbot/~clara/">clara</a> <a href="/sandbot/~clara/__lab__/">lab</a></li>
+<li><a href="/sandbot/~eunalee/">eunalee</a> <a href="/sandbot/~eunalee/__lab__/">lab</a></li>
+<li><a href="/sandbot/~floorvanmeeuwen/">floorvanmeeuwen</a> <a href="/sandbot/~floorvanmeeuwen/__lab__/">lab</a></li>
+<li><a href="/sandbot/~foucaut/">foucaut</a> <a href="/sandbot/~foucaut/__lab__/">lab</a></li>
+<li><a href="/sandbot/~kendalb/">kendalb</a> <a href="/sandbot/~kendalb/__lab__/">lab</a></li>
+<li><a href="/sandbot/~louisa/">louisa</a> <a href="/sandbot/~louisa/__lab__/">lab</a></li>
+<li><a href="/sandbot/~manetta/">manetta</a> <a href="/sandbot/~manetta/__lab__/">lab</a></li>
+<li><a href="/sandbot/~mmurtaugh/">mmurtaugh</a> <a href="/sandbot/~mmurtaugh/__lab__/">lab</a></li>
+<li><a href="/sandbot/~namikim/">namikim</a> <a href="/sandbot/~namikim/__lab__/">lab</a></li>
+<li><a href="/sandbot/~pongie/">pongie</a> <a href="/sandbot/~pongie/__lab__/">lab</a></li>
+<li><a href="/sandbot/~poni/">poni</a> <a href="/sandbot/~poni/__lab__/">lab</a></li>
+</ul>
+<p><a href="INSTALLATION_NOTES.html">README</a></p>
+</body>
+</html>
--- a/html/index.md
+++ b/html/index.md
@ -0,0 +1,29 @@
+---
+title: ":::"
+---
+
+welcome to the
+
+                         _ _           _   
+     ___  __ _ _ __   __| | |__   ___ | |_ 
+    / __|/ _` | '_ \ / _` | '_ \ / _ \| __|
+    \__ \ (_| | | | | (_| | |_) | (_) | |_ 
+    |___/\__,_|_| |_|\__,_|_.__/ \___/ \__|
+                                           
+
+### residents
+
+-   [camilo](/sandbot/~camilo/) [lab](/sandbot/~camilo/__lab__/)
+-   [clara](/sandbot/~clara/) [lab](/sandbot/~clara/__lab__/)
+-   [eunalee](/sandbot/~eunalee/) [lab](/sandbot/~eunalee/__lab__/)
+-   [floorvanmeeuwen](/sandbot/~floorvanmeeuwen/) [lab](/sandbot/~floorvanmeeuwen/__lab__/)
+-   [foucaut](/sandbot/~foucaut/) [lab](/sandbot/~foucaut/__lab__/)
+-   [kendalb](/sandbot/~kendalb/) [lab](/sandbot/~kendalb/__lab__/)
+-   [louisa](/sandbot/~louisa/) [lab](/sandbot/~louisa/__lab__/)
+-   [manetta](/sandbot/~manetta/) [lab](/sandbot/~manetta/__lab__/)
+-   [mmurtaugh](/sandbot/~mmurtaugh/) [lab](/sandbot/~mmurtaugh/__lab__/)
+-   [namikim](/sandbot/~namikim/) [lab](/sandbot/~namikim/__lab__/)
+-   [pongie](/sandbot/~pongie/) [lab](/sandbot/~pongie/__lab__/)
+-   [poni](/sandbot/~poni/) [lab](/sandbot/~poni/__lab__/)
+
+[README](INSTALLATION_NOTES.html)
--- a/html/lab/502.html
+++ b/html/lab/502.html
@ -0,0 +1 @@
+<b>sandbot/lab</b> says: 502 Bad gateway (jupyter not running?)
--- a/html/styles.css
+++ b/html/styles.css
@ -0,0 +1,3 @@
+body {
+    margin: 5%;
+}
--- a/make_user_accounts.py
+++ b/make_user_accounts.py
@ -0,0 +1,66 @@
+#!/usr/bin/env python3
+
+import argparse
+import os, sys
+from IPython.lib import passwd
+from jinja2 import Environment, FileSystemLoader
+from random import shuffle
+from csv import writer
+
+
+ap = argparse.ArgumentParser("Create user accounts + jupyterlab settings")
+ap.add_argument("--from-file", type=argparse.FileType("r"), default=None, required=True)
+ap.add_argument("--passwords", type=argparse.FileType("r"), default="words")
+ap.add_argument("--templates", default="make_user_accounts")
+ap.add_argument("--csv", type=argparse.FileType("w"), default="users.csv")
+ap.add_argument("--nginx", type=argparse.FileType("w"), default="users.nginx.conf")
+ap.add_argument("--md", type=argparse.FileType("w"), default="users.md")
+ap.add_argument("--port", type=int, default=9060)
+ap.add_argument("--addusers", action="store_true", default=False)
+args = ap.parse_args()
+
+passwords = args.passwords.read().strip().splitlines()
+passwords = [w.lower() for w in passwords]
+template_env = Environment(loader=FileSystemLoader(args.templates))
+curport = args.port
+usernames = args.from_file.read().strip().splitlines()
+
+nbconfig = template_env.get_template("jupyter_notebook_config.py")
+csvout = writer(args.csv)
+csvout.writerow("username port password".split())
+
+users = []
+for username in usernames:
+	shuffle(passwords)
+	password = "".join(passwords[:3])
+	userdata = {}
+	userdata['username'] = username
+	userdata['password'] = password
+	userdata['password_sha1'] = passwd(password)
+	userdata['port'] = curport
+	users.append(userdata)
+	csvout.writerow((userdata['username'], userdata['port'], userdata['password']))
+	curport += 1
+	if args.addusers:
+		os.system(f"sudo adduser {username} --disabled-password --gecos ''")
+		os.system(f"sudo mkdir /home/{username}/.jupyter")
+	if os.path.exists(f"/home/{username}/.jupyter/"):
+		with open("jupyter_notebook_config.temp.py", "w") as f:
+			print (nbconfig.render(**userdata), file=f)
+		os.system(f"sudo mv jupyter_notebook_config.temp.py /home/{username}/.jupyter/jupyter_notebook_config.py")
+		os.system(f"sudo chown {username}:{username} /home/{username}/.jupyter/jupyter_notebook_config.py")
+	else:
+		print (nbconfig.render(**userdata))
+		print()
+	if args.addusers:
+		os.system(f"sudo systemctl enable jupyterlab@{username}")
+		os.system(f"sudo systemctl start jupyterlab@{username}")
+	os.system(f"sudo ln -s /var/www /home/{username}/shared")
+	os.system(f"sudo adduser {username} users")
+
+nginx = template_env.get_template("users.nginx.conf")
+print (nginx.render({'users': users}), file=args.nginx)
+
+md = template_env.get_template("users.md")
+print (md.render({'users': users}), file=args.md)
+
--- a/make_user_accounts/jupyter_notebook_config.py
+++ b/make_user_accounts/jupyter_notebook_config.py
@ -0,0 +1,6 @@
+c.NotebookApp.base_url = '/sandbot/~{{username}}/__lab__/'
+c.NotebookApp.port = {{port}}
+c.NotebookApp.trust_xheaders = True
+c.NotebookApp.port_retries = 50
+c.NotebookApp.password = '{{password_sha1}}'
+c.NotebookApp.allow_remote_access = True
--- a/make_user_accounts/users.md
+++ b/make_user_accounts/users.md
@ -0,0 +1,3 @@
+{% for user in users %}
+-   [{{user.username}}](/sandbot/~{{user.username}}/) [lab](/sandbot/~{{user.username}}/__lab__/)
+{%- endfor %}
--- a/make_user_accounts/users.nginx.conf
+++ b/make_user_accounts/users.nginx.conf
@ -0,0 +1,6 @@
+{% for user in users %}
+        location ^~ /~{{user.username}}/__lab__/ {
+            proxy_pass http://localhost:{{user.port}}/;
+            include /etc/nginx/includes/lab.conf;
+        }
+{%- endfor %}
				`@ -0,0 +1 @@`
				`<b>sandbot/lab</b> says: 502 Bad gateway (jupyter not running?)`