commit c40d1ac8ece168531e539915f6056ee94dde7813 Author: Michael Murtaugh Date: Thu Oct 29 18:59:44 2020 +0100 initial setup on Raspberry Pi 3 diff --git a/html/INSTALLATION_NOTES.html b/html/INSTALLATION_NOTES.html new file mode 100644 index 0000000..bdf536a --- /dev/null +++ b/html/INSTALLATION_NOTES.html @@ -0,0 +1,103 @@ + + + + + + + Installation notes + + + + +
+

Installation notes

+
+

Tinc

+

Installed tinc following pzwiki guide!

+

NGINX config

+

sudo apt install nginx

+

Added user directories to nginx setup

+
    # enable home directories ... eg ~USER/ => /home/USER/public_html/index.html
+    location ~ ^/~(.+?)(/.*)?$ {
+            alias /home/$1/public_html$2;
+        index index.html index.htm;
+            autoindex on;
+        }
+

Made the /var/www/html folder belong to group users

+
sudo chgrp users /var/www/html
+sudo chmod -R 2775 /var/www/html
+

NB: The 2 turns on the setGID bit meaning:

+
+

newly created subfiles inherit the same group as the directory, and newly created subdirectories inherit the set GID bit of the parent directory.

+
+

Reverse proxies for jupyter

+
        location /lab/mmurtaugh/ {
+            proxy_pass http://localhost:9050/;
+        # ADDs sandbot
+        rewrite /(.*) /sandbot/$1  break;
+        include /etc/nginx/includes/lab.conf;
+        }
+

And made a file for common settings:

+
sudo nano /etc/nginx/includes/lab.conf
+
error_page 502 /lab/502.html;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $http_host;
+            proxy_http_version 1.1;
+proxy_redirect off;
+proxy_buffering off;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+proxy_read_timeout 86400;
+

Jupyter config

+

First installed pip3 & updated it…

+
sudo apt install python3-pip
+sudo pip3 install --upgrade pip
+

Then used pip3 to install jupyterlab…

+
sudo pip3 install jupyterlab
+

Following this guide, configured my local jupyter to use port 9050, and setup config

+

To set the password:

+
python3
+
+from  IPython.lib import passwd
+passwd()
+

Copied by “password hash”

+
jupyter notebook --generate-config
+nano ~/.jupyter/jupyter_notebook_config.py
+
c.NotebookApp.base_url = '/sandbot/lab/mmurtaugh/'
+c.NotebookApp.port = 9050
+c.NotebookApp.trust_xheaders = True
+c.NotebookApp.port_retries = 50
+c.NotebookApp.password = 'sha1:PASSWORD_HASH_FROM_ABOVE'
+c.NotebookApp.allow_remote_access = True
+

Followed this tutorial on creating a systemd service. Used my username (and group).

+
sudo nano /etc/systemd/system/jupyterlab@.service
+
[Unit]
+Description=Jupyter Lab Server (%i)
+After=nginx.service
+
+[Service]
+User=%i
+Group=%i
+Type=simple
+WorkingDirectory=/home/%i/
+ExecStart=/usr/local/bin/jupyter-lab --config=/home/%i/.jupyter/jupyter_notebook_config.py
+StandardOutput=null
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+

Then you can

+

sudo systemctl enable jupyterlab@mmurtaugh

+

or

+

sudo systemctl start jupyterlab@mmurtaugh

+

and

+

sudo systemctl status jupyterlab@mmurtaugh

+ + diff --git a/html/INSTALLATION_NOTES.md b/html/INSTALLATION_NOTES.md new file mode 100644 index 0000000..1efce59 --- /dev/null +++ b/html/INSTALLATION_NOTES.md @@ -0,0 +1,134 @@ +--- +title: Installation notes +--- + +## Tinc + +Installed tinc following pzwiki guide! + + + +## NGINX config + + sudo apt install nginx + + +Added user directories to nginx setup + +``` + # enable home directories ... eg ~USER/ => /home/USER/public_html/index.html + location ~ ^/~(.+?)(/.*)?$ { + alias /home/$1/public_html$2; + index index.html index.htm; + autoindex on; + } +``` + +Made the /var/www/html folder belong to group users + + sudo chgrp users /var/www/html + sudo chmod -R 2775 /var/www/html + +NB: The 2 turns on the setGID bit meaning: + +> newly created subfiles inherit the same group as the directory, and newly created subdirectories inherit the set GID bit of the parent directory. + + +### Reverse proxies for jupyter + +``` + location /lab/mmurtaugh/ { + proxy_pass http://localhost:9050/; + # ADDs sandbot + rewrite /(.*) /sandbot/$1 break; + include /etc/nginx/includes/lab.conf; + } +``` + +And made a file for common settings: + + sudo nano /etc/nginx/includes/lab.conf +``` +error_page 502 /lab/502.html; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_http_version 1.1; +proxy_redirect off; +proxy_buffering off; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection "upgrade"; +proxy_read_timeout 86400; +``` + +## Jupyter config + +First installed pip3 & updated it... + + sudo apt install python3-pip + sudo pip3 install --upgrade pip + +Then used pip3 to install jupyterlab... + + sudo pip3 install jupyterlab + + + +Following [this guide](http://sonny-qa.github.io/2017/11/16/jupyter-notebook-ec2-reverse-proxy/), configured my local jupyter to use port 9050, and setup config + +To [set the password](http://ipython.org/ipython-doc/stable/notebook/public_server.html): + + python3 + + from IPython.lib import passwd + passwd() + +Copied by "password hash" + + jupyter notebook --generate-config + nano ~/.jupyter/jupyter_notebook_config.py + +``` +c.NotebookApp.base_url = '/sandbot/lab/mmurtaugh/' +c.NotebookApp.port = 9050 +c.NotebookApp.trust_xheaders = True +c.NotebookApp.port_retries = 50 +c.NotebookApp.password = 'sha1:PASSWORD_HASH_FROM_ABOVE' +c.NotebookApp.allow_remote_access = True +``` + +Followed [this tutorial](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-jupyterlab-environment-on-ubuntu-18-04#step-6-%E2%80%94-setting-up-a-systemd-service) on creating a systemd service. Used my username (and group). + + sudo nano /etc/systemd/system/jupyterlab@.service + +``` +[Unit] +Description=Jupyter Lab Server (%i) +After=nginx.service + +[Service] +User=%i +Group=%i +Type=simple +WorkingDirectory=/home/%i/ +ExecStart=/usr/local/bin/jupyter-lab --config=/home/%i/.jupyter/jupyter_notebook_config.py +StandardOutput=null +Restart=always +RestartSec=10 + +[Install] +WantedBy=multi-user.target +``` + +Then you can + +sudo systemctl enable jupyterlab@mmurtaugh + +or + +sudo systemctl start jupyterlab@mmurtaugh + +and + +sudo systemctl status jupyterlab@mmurtaugh + diff --git a/html/MANUAL.md b/html/MANUAL.md new file mode 100644 index 0000000..569759a --- /dev/null +++ b/html/MANUAL.md @@ -0,0 +1,3 @@ +## Restarting all jupyter lab servers + + sudo systemctl restart 'jupyterlab@*' \ No newline at end of file diff --git a/html/Makefile b/html/Makefile new file mode 100644 index 0000000..6965b67 --- /dev/null +++ b/html/Makefile @@ -0,0 +1,10 @@ +md=$(shell ls *.md) +mdhtml=$(md:%.md=%.html) + +all: $(mdhtml) + +%.html: %.md + pandoc --from markdown \ + --to html5 \ + --css styles.css \ + --standalone $< -o $@ diff --git a/html/index.html b/html/index.html new file mode 100644 index 0000000..b1087d0 --- /dev/null +++ b/html/index.html @@ -0,0 +1,44 @@ + + + + + + + ::: + + + + +
+

:::

+
+

welcome to the

+
                     _ _           _   
+ ___  __ _ _ __   __| | |__   ___ | |_ 
+/ __|/ _` | '_ \ / _` | '_ \ / _ \| __|
+\__ \ (_| | | | | (_| | |_) | (_) | |_ 
+|___/\__,_|_| |_|\__,_|_.__/ \___/ \__|
+
+

residents

+ +

README

+ + diff --git a/html/index.md b/html/index.md new file mode 100644 index 0000000..90a7c17 --- /dev/null +++ b/html/index.md @@ -0,0 +1,29 @@ +--- +title: ":::" +--- + +welcome to the + + _ _ _ + ___ __ _ _ __ __| | |__ ___ | |_ + / __|/ _` | '_ \ / _` | '_ \ / _ \| __| + \__ \ (_| | | | | (_| | |_) | (_) | |_ + |___/\__,_|_| |_|\__,_|_.__/ \___/ \__| + + +### residents + +- [camilo](/sandbot/~camilo/) [lab](/sandbot/~camilo/__lab__/) +- [clara](/sandbot/~clara/) [lab](/sandbot/~clara/__lab__/) +- [eunalee](/sandbot/~eunalee/) [lab](/sandbot/~eunalee/__lab__/) +- [floorvanmeeuwen](/sandbot/~floorvanmeeuwen/) [lab](/sandbot/~floorvanmeeuwen/__lab__/) +- [foucaut](/sandbot/~foucaut/) [lab](/sandbot/~foucaut/__lab__/) +- [kendalb](/sandbot/~kendalb/) [lab](/sandbot/~kendalb/__lab__/) +- [louisa](/sandbot/~louisa/) [lab](/sandbot/~louisa/__lab__/) +- [manetta](/sandbot/~manetta/) [lab](/sandbot/~manetta/__lab__/) +- [mmurtaugh](/sandbot/~mmurtaugh/) [lab](/sandbot/~mmurtaugh/__lab__/) +- [namikim](/sandbot/~namikim/) [lab](/sandbot/~namikim/__lab__/) +- [pongie](/sandbot/~pongie/) [lab](/sandbot/~pongie/__lab__/) +- [poni](/sandbot/~poni/) [lab](/sandbot/~poni/__lab__/) + +[README](INSTALLATION_NOTES.html) diff --git a/html/lab/502.html b/html/lab/502.html new file mode 100644 index 0000000..88edadd --- /dev/null +++ b/html/lab/502.html @@ -0,0 +1 @@ +sandbot/lab says: 502 Bad gateway (jupyter not running?) diff --git a/html/styles.css b/html/styles.css new file mode 100644 index 0000000..fff34ab --- /dev/null +++ b/html/styles.css @@ -0,0 +1,3 @@ +body { + margin: 5%; +} \ No newline at end of file diff --git a/make_user_accounts.py b/make_user_accounts.py new file mode 100644 index 0000000..0c94311 --- /dev/null +++ b/make_user_accounts.py @@ -0,0 +1,66 @@ +#!/usr/bin/env python3 + +import argparse +import os, sys +from IPython.lib import passwd +from jinja2 import Environment, FileSystemLoader +from random import shuffle +from csv import writer + + +ap = argparse.ArgumentParser("Create user accounts + jupyterlab settings") +ap.add_argument("--from-file", type=argparse.FileType("r"), default=None, required=True) +ap.add_argument("--passwords", type=argparse.FileType("r"), default="words") +ap.add_argument("--templates", default="make_user_accounts") +ap.add_argument("--csv", type=argparse.FileType("w"), default="users.csv") +ap.add_argument("--nginx", type=argparse.FileType("w"), default="users.nginx.conf") +ap.add_argument("--md", type=argparse.FileType("w"), default="users.md") +ap.add_argument("--port", type=int, default=9060) +ap.add_argument("--addusers", action="store_true", default=False) +args = ap.parse_args() + +passwords = args.passwords.read().strip().splitlines() +passwords = [w.lower() for w in passwords] +template_env = Environment(loader=FileSystemLoader(args.templates)) +curport = args.port +usernames = args.from_file.read().strip().splitlines() + +nbconfig = template_env.get_template("jupyter_notebook_config.py") +csvout = writer(args.csv) +csvout.writerow("username port password".split()) + +users = [] +for username in usernames: + shuffle(passwords) + password = "".join(passwords[:3]) + userdata = {} + userdata['username'] = username + userdata['password'] = password + userdata['password_sha1'] = passwd(password) + userdata['port'] = curport + users.append(userdata) + csvout.writerow((userdata['username'], userdata['port'], userdata['password'])) + curport += 1 + if args.addusers: + os.system(f"sudo adduser {username} --disabled-password --gecos ''") + os.system(f"sudo mkdir /home/{username}/.jupyter") + if os.path.exists(f"/home/{username}/.jupyter/"): + with open("jupyter_notebook_config.temp.py", "w") as f: + print (nbconfig.render(**userdata), file=f) + os.system(f"sudo mv jupyter_notebook_config.temp.py /home/{username}/.jupyter/jupyter_notebook_config.py") + os.system(f"sudo chown {username}:{username} /home/{username}/.jupyter/jupyter_notebook_config.py") + else: + print (nbconfig.render(**userdata)) + print() + if args.addusers: + os.system(f"sudo systemctl enable jupyterlab@{username}") + os.system(f"sudo systemctl start jupyterlab@{username}") + os.system(f"sudo ln -s /var/www /home/{username}/shared") + os.system(f"sudo adduser {username} users") + +nginx = template_env.get_template("users.nginx.conf") +print (nginx.render({'users': users}), file=args.nginx) + +md = template_env.get_template("users.md") +print (md.render({'users': users}), file=args.md) + diff --git a/make_user_accounts/jupyter_notebook_config.py b/make_user_accounts/jupyter_notebook_config.py new file mode 100644 index 0000000..68774fa --- /dev/null +++ b/make_user_accounts/jupyter_notebook_config.py @@ -0,0 +1,6 @@ +c.NotebookApp.base_url = '/sandbot/~{{username}}/__lab__/' +c.NotebookApp.port = {{port}} +c.NotebookApp.trust_xheaders = True +c.NotebookApp.port_retries = 50 +c.NotebookApp.password = '{{password_sha1}}' +c.NotebookApp.allow_remote_access = True diff --git a/make_user_accounts/users.md b/make_user_accounts/users.md new file mode 100644 index 0000000..721bab9 --- /dev/null +++ b/make_user_accounts/users.md @@ -0,0 +1,3 @@ +{% for user in users %} +- [{{user.username}}](/sandbot/~{{user.username}}/) [lab](/sandbot/~{{user.username}}/__lab__/) +{%- endfor %} diff --git a/make_user_accounts/users.nginx.conf b/make_user_accounts/users.nginx.conf new file mode 100644 index 0000000..d67f6ef --- /dev/null +++ b/make_user_accounts/users.nginx.conf @@ -0,0 +1,6 @@ +{% for user in users %} + location ^~ /~{{user.username}}/__lab__/ { + proxy_pass http://localhost:{{user.port}}/; + include /etc/nginx/includes/lab.conf; + } +{%- endfor %} \ No newline at end of file