cowmix · April 28, 2019 02:14
diff --git a/.crostini-setup b/.crostini-setup
 These scripts set up Crostini on my Pixelbook
diff --git a/docker-chromeos.sh b/docker-chromeos.sh
 #!/bin/bash

 # Basic dependencies
 sudo apt-get update && \
  sudo apt-get -y install \
  nano \
  wget \
  apt-transport-https \
  ca-certificates \
  curl \
  software-properties-common \
  gnupg2
  
 # Add docker repository
 curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
 sudo apt-key fingerprint 0EBFCD88
 sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"
 sudo apt-get update

 # Install Docker
 sudo apt-get -y install docker-ce || exit 1

 # Modifications for Docker on Chrome OS
 # (expected not needed by March 2019)
 wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/runc-chromeos -O runc-chromeos || exit 1
 sudo mv runc-chromeos /usr/local/bin/ || exit 1
 sudo chmod +x /usr/local/bin/runc-chromeos || exit 1
 wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/daemon.json -O daemon.json || exit 1
 sudo mv daemon.json /etc/docker/ || exit 1
 sudo service docker restart || exit 1
 sudo docker run hello-world || exit 1
diff --git a/setup-crostini-ssl.sh b/setup-crostini-ssl.sh
 # Setup Crostini SSL
 # [email protected]

 # This generates the certificates (that you should trust in the browser) for the nginx proxy so that
 # the rstudio server, CUPS server, and Jupyter Lab can communicate with the container via HTTPS.

 # Should not run as root
 if [ "$(whoami)" == "root" ]; then
  echo "Script should not be run as root, but as a user with root privileges"
  exit -1
 fi

 mkdir ~/ssl 
 cd ~/ssl
 openssl genrsa -des3 -out penguin.linux.test.key 2048
 openssl req -x509 -new -nodes -key penguin.linux.test.key -sha256 -days 1024 -out penguin.linux.test.pem
 echo '
 [req]
 default_bits = 2048
 prompt = no
 default_md = sha256
 distinguished_name = dn

 [dn]
 C=PH
 ST=NCR
 L=Makati
 O=Crostini
 OU=Personal
 [email protected]
 CN = penguin.linux.test
 ' > server.csr.cnf
 echo '
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
 keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 subjectAltName = @alt_names

 [alt_names]
 DNS.1 = penguin.linux.test
 ' > v3.ext
 openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )
 openssl x509 -req -in server.csr -CA penguin.linux.test.pem -CAkey penguin.linux.test.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
diff --git a/setup-crostini.sh b/setup-crostini.sh
 # Setup Crostini (CrOS) Instance
 # [email protected]
 # 2018-09-10

 # Contains:
 # 1. Linux basics
 # 2. Nginx to broker all traffic between different services
 # 3. Rstudio server and core R packages
 # 4. Miniconda and Jupyter Lab
 # 5. CUPS server for printing

 # Should not run as root
 if [ "$(whoami)" == "root" ]; then
  echo "Script should not be run as root, but as a user with root privileges"
  exit -1
 fi

 # Install some basics
 cd ~/
 sudo apt-get update
 sudo apt-get -y install \
  software-properties-common \
  gnupg \
  wget \
  libssl-dev \
  nano \
  iputils-ping
  
 # Repositories update
 sudo apt-key adv --keyserver keys.gnupg.net --recv-key 'E19F5F87128899B192B1A2C2AD5F960A256A04AF'
 sudo add-apt-repository 'deb [arch=amd64,i386] https://cran.rstudio.com/bin/linux/debian stretch-cran35/' -y
 sudo apt-get update

 # Install R 3.5.X and Rstudio server
 sudo apt-get -y install \
  r-base \
  r-base-dev \
  libopenblas-base \
  libapparmor1 \
  gdebi-core
 wget https://s3.amazonaws.com/rstudio-ide-build/server/debian9/x86_64/rstudio-server-1.2.981-amd64.deb && \
  sudo gdebi --non-interactive rstudio-server-1.2.981-amd64.deb && \
  rm rstudio-server-1.2.981-amd64.deb
  
 # Set up password
 sudo passwd $USER

 # Linux R package dependencies
 sudo apt-get -y install \
  libxml2-dev \
  libssl-dev \
  libcurl4-openssl-dev \
  default-jre \
  default-jdk \
  libssh2-1-dev \
  libpython3.5

 # Install CUPS Server
 sudo apt-get -y install cups && sudo gpasswd -a $USER lpadmin

 # Install miniconda and jupyter lab as a service
 wget https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh && \
  bash Miniconda3-latest-Linux-x86_64.sh && \
  rm Miniconda3-latest-Linux-x86_64.sh && \
  source .bashrc && \
  conda install -y jupyterlab nodejs && \
  mkdir -p ~/.config/systemd/user/ && \
  mkdir -p ~/jupyter/ && \
  echo "
 [Unit]
 Description=Jupyter Lab

 [Service]
 Type=simple
 ExecStart=/home/$USER/miniconda3/bin/jupyter-lab \
  --no-browser \
  --port=8888 \
  --notebook-dir=/home/$USER/jupyter/ \
  --NotebookApp.trust_xheaders=True \
  --NotebookApp.password='sha1:5edd1c9a8fa0:b1a9a6998fb674102fa742af3d6562fb23371a45'\
  --NotebookApp.base_url=jupyter

 [Install]
 WantedBy=default.target
 " > ~/.config/systemd/user/jupyterlab.service && \
  systemctl --user enable jupyterlab.service && \
  systemctl --user start jupyterlab.service

 # Install nginx reverse proxy
 sudo apt-get -y install nginx && \
  echo "
 map \$http_upgrade \$connection_upgrade {
  default upgrade;
  ''      close;
 }
 server {
  listen 80;
  return 301 https://\$host\$request_uri;
 }
 server {
  listen 443;
  server_name penguin.linux.test;
  ssl_certificate /home/$USER/ssl/server.crt;
  ssl_certificate_key /home/$USER/ssl/server.key;
  ssl on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  access_log            /var/log/nginx/penguin.linux.test.access.log;
  # RStudio Server
  location /rstudio/ {
    rewrite ^/rstudio/(.*)\$ /\$1 break;
    proxy_pass http://localhost:8787;
    proxy_redirect http://localhost:8787/ \$scheme://\$host/rstudio/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection \$connection_upgrade;
    proxy_read_timeout 20d;
  }
  # Jupyter Lab
  location /jupyter/ {
    proxy_pass http://localhost:8888/jupyter/;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header Host \$http_host;
    proxy_http_version 1.1;
    proxy_redirect off;
    proxy_buffering off;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 86400;
  } 
  # CUPS Server
  location / {
    proxy_pass http://localhost:631;
    proxy_redirect http://localhost:631/ \$scheme://\$host/cups/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection \$connection_upgrade;
    proxy_read_timeout 20d;
  }  
 }" | sudo tee /etc/nginx/sites-available/default && \
  sudo systemctl restart nginx.service

 # Install 'core' R packages and R Kernel for Jupyter Lab
 Rscript -e " \
  dir.create(Sys.getenv('R_LIBS_USER'), recursive = TRUE); \
  install.packages( \
    pkgs = c('tidyverse', 'glue', 'devtools', 'rJava'), \
    repos = 'https://cran.rstudio.com', \
    lib = Sys.getenv('R_LIBS_USER') \
  ); \
 " && \
  Rscript -e "devtools::install_github('IRkernel/IRkernel'); IRkernel::installspec()" 

 # Install Jupyter Extensions
 jupyter labextension install @jupyterlab/git

 # Shortcuts in bash profile
 echo '
 # Aliases for starting and stopping rstudio and jupyter
 alias rstudio-start="sudo systemctl start rstudio-server.service && sudo systemctl start nginx.service"
 alias rstudio-restart="sudo systemctl restart rstudio-server.service && sudo systemctl start nginx.service"
 alias rstudio-stop="sudo systemctl stop  rstudio-server.service"
 alias jupyter-start="systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
 alias jupyter-restart="systemctl --user restart jupyterlab.service && sudo systemctl start nginx.service"
 alias jupyter-stop="systemctl --user stop jupyterlab.service"
 alias cups-start="sudo systemctl start cups.service && sudo systemctl start nginx.service"
 alias cups-restart="sudo systemctl restart cups.service && sudo systemctl start nginx.service"
 alias cups-stop="sudo systemctl stop  cups.service"
 alias all-start="sudo systemctl start rstudio-server.service && sudo systemctl start cups.service && systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
 alias all-restart="sudo systemctl restart rstudio-server.service && sudo systemctl restart cups.service && systemctl --user restart jupyterlab.service && sudo systemctl restart nginx.service"
 alias all-stop="sudo systemctl stop rstudio-server.service && sudo systemctl stop cups.service && systemctl --user stop jupyterlab.service && sudo systemctl stop nginx.service"
 ' > ~/.bash_profile && source ~/.bash_profile

 # Permissions for ssh keys
 chmod 700 /home/$USER/.ssh
 chmod 700 /home/$USER/.ssh/id_rsa 
 chmod 644 /home/$USER/.ssh/id_rsa.pub

 # Remove self
 rm setup-crostini.sh
	#!/bin/bash

	# Basic dependencies
	sudo apt-get update && \
	sudo apt-get -y install \
	nano \
	wget \
	apt-transport-https \
	ca-certificates \
	curl \
	software-properties-common \
	gnupg2

	# Add docker repository
	curl -fsSL https://download.docker.com/linux/debian/gpg \| sudo apt-key add -
	sudo apt-key fingerprint 0EBFCD88
	sudo add-apt-repository \
	"deb [arch=amd64] https://download.docker.com/linux/debian \
	$(lsb_release -cs) \
	stable"
	sudo apt-get update

	# Install Docker
	sudo apt-get -y install docker-ce \|\| exit 1

	# Modifications for Docker on Chrome OS
	# (expected not needed by March 2019)
	wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/runc-chromeos -O runc-chromeos \|\| exit 1
	sudo mv runc-chromeos /usr/local/bin/ \|\| exit 1
	sudo chmod +x /usr/local/bin/runc-chromeos \|\| exit 1
	wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/daemon.json -O daemon.json \|\| exit 1
	sudo mv daemon.json /etc/docker/ \|\| exit 1
	sudo service docker restart \|\| exit 1
	sudo docker run hello-world \|\| exit 1
	# Setup Crostini SSL
	# [email protected]

	# This generates the certificates (that you should trust in the browser) for the nginx proxy so that
	# the rstudio server, CUPS server, and Jupyter Lab can communicate with the container via HTTPS.

	# Should not run as root
	if [ "$(whoami)" == "root" ]; then
	echo "Script should not be run as root, but as a user with root privileges"
	exit -1
	fi

	mkdir ~/ssl
	cd ~/ssl
	openssl genrsa -des3 -out penguin.linux.test.key 2048
	openssl req -x509 -new -nodes -key penguin.linux.test.key -sha256 -days 1024 -out penguin.linux.test.pem
	echo '
	[req]
	default_bits = 2048
	prompt = no
	default_md = sha256
	distinguished_name = dn

	[dn]
	C=PH
	ST=NCR
	L=Makati
	O=Crostini
	OU=Personal
	[email protected]
	CN = penguin.linux.test
	' > server.csr.cnf
	echo '
	authorityKeyIdentifier=keyid,issuer
	basicConstraints=CA:FALSE
	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = penguin.linux.test
	' > v3.ext
	openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )
	openssl x509 -req -in server.csr -CA penguin.linux.test.pem -CAkey penguin.linux.test.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
	# Setup Crostini (CrOS) Instance
	# [email protected]
	# 2018-09-10

	# Contains:
	# 1. Linux basics
	# 2. Nginx to broker all traffic between different services
	# 3. Rstudio server and core R packages
	# 4. Miniconda and Jupyter Lab
	# 5. CUPS server for printing

	# Should not run as root
	if [ "$(whoami)" == "root" ]; then
	echo "Script should not be run as root, but as a user with root privileges"
	exit -1
	fi

	# Install some basics
	cd ~/
	sudo apt-get update
	sudo apt-get -y install \
	software-properties-common \
	gnupg \
	wget \
	libssl-dev \
	nano \
	iputils-ping

	# Repositories update
	sudo apt-key adv --keyserver keys.gnupg.net --recv-key 'E19F5F87128899B192B1A2C2AD5F960A256A04AF'
	sudo add-apt-repository 'deb [arch=amd64,i386] https://cran.rstudio.com/bin/linux/debian stretch-cran35/' -y
	sudo apt-get update

	# Install R 3.5.X and Rstudio server
	sudo apt-get -y install \
	r-base \
	r-base-dev \
	libopenblas-base \
	libapparmor1 \
	gdebi-core
	wget https://s3.amazonaws.com/rstudio-ide-build/server/debian9/x86_64/rstudio-server-1.2.981-amd64.deb && \
	sudo gdebi --non-interactive rstudio-server-1.2.981-amd64.deb && \
	rm rstudio-server-1.2.981-amd64.deb

	# Set up password
	sudo passwd $USER

	# Linux R package dependencies
	sudo apt-get -y install \
	libxml2-dev \
	libssl-dev \
	libcurl4-openssl-dev \
	default-jre \
	default-jdk \
	libssh2-1-dev \
	libpython3.5

	# Install CUPS Server
	sudo apt-get -y install cups && sudo gpasswd -a $USER lpadmin

	# Install miniconda and jupyter lab as a service
	wget https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh && \
	bash Miniconda3-latest-Linux-x86_64.sh && \
	rm Miniconda3-latest-Linux-x86_64.sh && \
	source .bashrc && \
	conda install -y jupyterlab nodejs && \
	mkdir -p ~/.config/systemd/user/ && \
	mkdir -p ~/jupyter/ && \
	echo "
	[Unit]
	Description=Jupyter Lab

	[Service]
	Type=simple
	ExecStart=/home/$USER/miniconda3/bin/jupyter-lab \
	--no-browser \
	--port=8888 \
	--notebook-dir=/home/$USER/jupyter/ \
	--NotebookApp.trust_xheaders=True \
	--NotebookApp.password='sha1:5edd1c9a8fa0:b1a9a6998fb674102fa742af3d6562fb23371a45'\
	--NotebookApp.base_url=jupyter

	[Install]
	WantedBy=default.target
	" > ~/.config/systemd/user/jupyterlab.service && \
	systemctl --user enable jupyterlab.service && \
	systemctl --user start jupyterlab.service

	# Install nginx reverse proxy
	sudo apt-get -y install nginx && \
	echo "
	map \$http_upgrade \$connection_upgrade {
	default upgrade;
	'' close;
	}
	server {
	listen 80;
	return 301 https://\$host\$request_uri;
	}
	server {
	listen 443;
	server_name penguin.linux.test;
	ssl_certificate /home/$USER/ssl/server.crt;
	ssl_certificate_key /home/$USER/ssl/server.key;
	ssl on;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	access_log /var/log/nginx/penguin.linux.test.access.log;
	# RStudio Server
	location /rstudio/ {
	rewrite ^/rstudio/(.*)\$ /\$1 break;
	proxy_pass http://localhost:8787;
	proxy_redirect http://localhost:8787/ \$scheme://\$host/rstudio/;
	proxy_http_version 1.1;
	proxy_set_header Upgrade \$http_upgrade;
	proxy_set_header Connection \$connection_upgrade;
	proxy_read_timeout 20d;
	}
	# Jupyter Lab
	location /jupyter/ {
	proxy_pass http://localhost:8888/jupyter/;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header Host \$http_host;
	proxy_http_version 1.1;
	proxy_redirect off;
	proxy_buffering off;
	proxy_set_header Upgrade \$http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_read_timeout 86400;
	}
	# CUPS Server
	location / {
	proxy_pass http://localhost:631;
	proxy_redirect http://localhost:631/ \$scheme://\$host/cups/;
	proxy_http_version 1.1;
	proxy_set_header Upgrade \$http_upgrade;
	proxy_set_header Connection \$connection_upgrade;
	proxy_read_timeout 20d;
	}
	}" \| sudo tee /etc/nginx/sites-available/default && \
	sudo systemctl restart nginx.service

	# Install 'core' R packages and R Kernel for Jupyter Lab
	Rscript -e " \
	dir.create(Sys.getenv('R_LIBS_USER'), recursive = TRUE); \
	install.packages( \
	pkgs = c('tidyverse', 'glue', 'devtools', 'rJava'), \
	repos = 'https://cran.rstudio.com', \
	lib = Sys.getenv('R_LIBS_USER') \
	); \
	" && \
	Rscript -e "devtools::install_github('IRkernel/IRkernel'); IRkernel::installspec()"

	# Install Jupyter Extensions
	jupyter labextension install @jupyterlab/git

	# Shortcuts in bash profile
	echo '
	# Aliases for starting and stopping rstudio and jupyter
	alias rstudio-start="sudo systemctl start rstudio-server.service && sudo systemctl start nginx.service"
	alias rstudio-restart="sudo systemctl restart rstudio-server.service && sudo systemctl start nginx.service"
	alias rstudio-stop="sudo systemctl stop rstudio-server.service"
	alias jupyter-start="systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
	alias jupyter-restart="systemctl --user restart jupyterlab.service && sudo systemctl start nginx.service"
	alias jupyter-stop="systemctl --user stop jupyterlab.service"
	alias cups-start="sudo systemctl start cups.service && sudo systemctl start nginx.service"
	alias cups-restart="sudo systemctl restart cups.service && sudo systemctl start nginx.service"
	alias cups-stop="sudo systemctl stop cups.service"
	alias all-start="sudo systemctl start rstudio-server.service && sudo systemctl start cups.service && systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
	alias all-restart="sudo systemctl restart rstudio-server.service && sudo systemctl restart cups.service && systemctl --user restart jupyterlab.service && sudo systemctl restart nginx.service"
	alias all-stop="sudo systemctl stop rstudio-server.service && sudo systemctl stop cups.service && systemctl --user stop jupyterlab.service && sudo systemctl stop nginx.service"
	' > ~/.bash_profile && source ~/.bash_profile

	# Permissions for ssh keys
	chmod 700 /home/$USER/.ssh
	chmod 700 /home/$USER/.ssh/id_rsa
	chmod 644 /home/$USER/.ssh/id_rsa.pub

	# Remove self
	rm setup-crostini.sh