-
-
Save sjsrey/fd2ba14379e217ae4c167bf82d74a945 to your computer and use it in GitHub Desktop.
Crostini Setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These scripts set up Crostini on my Pixelbook |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Basic dependencies | |
sudo apt-get update && \ | |
sudo apt-get -y install \ | |
nano \ | |
wget \ | |
apt-transport-https \ | |
ca-certificates \ | |
curl \ | |
software-properties-common \ | |
gnupg2 | |
# Add docker repository | |
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - | |
sudo apt-key fingerprint 0EBFCD88 | |
sudo add-apt-repository \ | |
"deb [arch=amd64] https://download.docker.com/linux/debian \ | |
$(lsb_release -cs) \ | |
stable" | |
sudo apt-get update | |
# Install Docker | |
sudo apt-get -y install docker-ce || exit 1 | |
# Modifications for Docker on Chrome OS | |
# (expected not needed by March 2019) | |
wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/runc-chromeos -O runc-chromeos || exit 1 | |
sudo mv runc-chromeos /usr/local/bin/ || exit 1 | |
sudo chmod +x /usr/local/bin/runc-chromeos || exit 1 | |
wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/daemon.json -O daemon.json || exit 1 | |
sudo mv daemon.json /etc/docker/ || exit 1 | |
sudo service docker restart || exit 1 | |
sudo docker run hello-world || exit 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Setup Crostini SSL | |
# [email protected] | |
# This generates the certificates (that you should trust in the browser) for the nginx proxy so that | |
# the rstudio server, CUPS server, and Jupyter Lab can communicate with the container via HTTPS. | |
# Should not run as root | |
if [ "$(whoami)" == "root" ]; then | |
echo "Script should not be run as root, but as a user with root privileges" | |
exit -1 | |
fi | |
mkdir ~/ssl | |
cd ~/ssl | |
openssl genrsa -des3 -out penguin.linux.test.key 2048 | |
openssl req -x509 -new -nodes -key penguin.linux.test.key -sha256 -days 1024 -out penguin.linux.test.pem | |
echo ' | |
[req] | |
default_bits = 2048 | |
prompt = no | |
default_md = sha256 | |
distinguished_name = dn | |
[dn] | |
C=PH | |
ST=NCR | |
L=Makati | |
O=Crostini | |
OU=Personal | |
[email protected] | |
CN = penguin.linux.test | |
' > server.csr.cnf | |
echo ' | |
authorityKeyIdentifier=keyid,issuer | |
basicConstraints=CA:FALSE | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
DNS.1 = penguin.linux.test | |
' > v3.ext | |
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf ) | |
openssl x509 -req -in server.csr -CA penguin.linux.test.pem -CAkey penguin.linux.test.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Setup Crostini (CrOS) Instance | |
# [email protected] | |
# 2018-09-10 | |
# Contains: | |
# 1. Linux basics | |
# 2. Nginx to broker all traffic between different services | |
# 3. Rstudio server and core R packages | |
# 4. Miniconda and Jupyter Lab | |
# 5. CUPS server for printing | |
# Should not run as root | |
if [ "$(whoami)" == "root" ]; then | |
echo "Script should not be run as root, but as a user with root privileges" | |
exit -1 | |
fi | |
# Install some basics | |
cd ~/ | |
sudo apt-get update | |
sudo apt-get -y install \ | |
software-properties-common \ | |
gnupg \ | |
wget \ | |
libssl-dev \ | |
nano \ | |
iputils-ping | |
# Repositories update | |
sudo apt-key adv --keyserver keys.gnupg.net --recv-key 'E19F5F87128899B192B1A2C2AD5F960A256A04AF' | |
sudo add-apt-repository 'deb [arch=amd64,i386] https://cran.rstudio.com/bin/linux/debian stretch-cran35/' -y | |
sudo apt-get update | |
# Install R 3.5.X and Rstudio server | |
sudo apt-get -y install \ | |
r-base \ | |
r-base-dev \ | |
libopenblas-base \ | |
libapparmor1 \ | |
gdebi-core | |
wget https://s3.amazonaws.com/rstudio-ide-build/server/debian9/x86_64/rstudio-server-1.2.981-amd64.deb && \ | |
sudo gdebi --non-interactive rstudio-server-1.2.981-amd64.deb && \ | |
rm rstudio-server-1.2.981-amd64.deb | |
# Set up password | |
sudo passwd $USER | |
# Linux R package dependencies | |
sudo apt-get -y install \ | |
libxml2-dev \ | |
libssl-dev \ | |
libcurl4-openssl-dev \ | |
default-jre \ | |
default-jdk \ | |
libssh2-1-dev \ | |
libpython3.5 | |
# Install CUPS Server | |
sudo apt-get -y install cups && sudo gpasswd -a $USER lpadmin | |
# Install miniconda and jupyter lab as a service | |
wget https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh && \ | |
bash Miniconda3-latest-Linux-x86_64.sh && \ | |
rm Miniconda3-latest-Linux-x86_64.sh && \ | |
source .bashrc && \ | |
conda install -y jupyterlab nodejs && \ | |
mkdir -p ~/.config/systemd/user/ && \ | |
mkdir -p ~/jupyter/ && \ | |
echo " | |
[Unit] | |
Description=Jupyter Lab | |
[Service] | |
Type=simple | |
ExecStart=/home/$USER/miniconda3/bin/jupyter-lab \ | |
--no-browser \ | |
--port=8888 \ | |
--notebook-dir=/home/$USER/jupyter/ \ | |
--NotebookApp.trust_xheaders=True \ | |
--NotebookApp.password='sha1:5edd1c9a8fa0:b1a9a6998fb674102fa742af3d6562fb23371a45'\ | |
--NotebookApp.base_url=jupyter | |
[Install] | |
WantedBy=default.target | |
" > ~/.config/systemd/user/jupyterlab.service && \ | |
systemctl --user enable jupyterlab.service && \ | |
systemctl --user start jupyterlab.service | |
# Install nginx reverse proxy | |
sudo apt-get -y install nginx && \ | |
echo " | |
map \$http_upgrade \$connection_upgrade { | |
default upgrade; | |
'' close; | |
} | |
server { | |
listen 80; | |
return 301 https://\$host\$request_uri; | |
} | |
server { | |
listen 443; | |
server_name penguin.linux.test; | |
ssl_certificate /home/$USER/ssl/server.crt; | |
ssl_certificate_key /home/$USER/ssl/server.key; | |
ssl on; | |
ssl_session_cache builtin:1000 shared:SSL:10m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
access_log /var/log/nginx/penguin.linux.test.access.log; | |
# RStudio Server | |
location /rstudio/ { | |
rewrite ^/rstudio/(.*)\$ /\$1 break; | |
proxy_pass http://localhost:8787; | |
proxy_redirect http://localhost:8787/ \$scheme://\$host/rstudio/; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade \$http_upgrade; | |
proxy_set_header Connection \$connection_upgrade; | |
proxy_read_timeout 20d; | |
} | |
# Jupyter Lab | |
location /jupyter/ { | |
proxy_pass http://localhost:8888/jupyter/; | |
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
proxy_set_header X-Real-IP \$remote_addr; | |
proxy_set_header Host \$http_host; | |
proxy_http_version 1.1; | |
proxy_redirect off; | |
proxy_buffering off; | |
proxy_set_header Upgrade \$http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
proxy_read_timeout 86400; | |
} | |
# CUPS Server | |
location / { | |
proxy_pass http://localhost:631; | |
proxy_redirect http://localhost:631/ \$scheme://\$host/cups/; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade \$http_upgrade; | |
proxy_set_header Connection \$connection_upgrade; | |
proxy_read_timeout 20d; | |
} | |
}" | sudo tee /etc/nginx/sites-available/default && \ | |
sudo systemctl restart nginx.service | |
# Install 'core' R packages and R Kernel for Jupyter Lab | |
Rscript -e " \ | |
dir.create(Sys.getenv('R_LIBS_USER'), recursive = TRUE); \ | |
install.packages( \ | |
pkgs = c('tidyverse', 'glue', 'devtools', 'rJava'), \ | |
repos = 'https://cran.rstudio.com', \ | |
lib = Sys.getenv('R_LIBS_USER') \ | |
); \ | |
" && \ | |
Rscript -e "devtools::install_github('IRkernel/IRkernel'); IRkernel::installspec()" | |
# Install Jupyter Extensions | |
jupyter labextension install @jupyterlab/git | |
# Shortcuts in bash profile | |
echo ' | |
# Aliases for starting and stopping rstudio and jupyter | |
alias rstudio-start="sudo systemctl start rstudio-server.service && sudo systemctl start nginx.service" | |
alias rstudio-restart="sudo systemctl restart rstudio-server.service && sudo systemctl start nginx.service" | |
alias rstudio-stop="sudo systemctl stop rstudio-server.service" | |
alias jupyter-start="systemctl --user start jupyterlab.service && sudo systemctl start nginx.service" | |
alias jupyter-restart="systemctl --user restart jupyterlab.service && sudo systemctl start nginx.service" | |
alias jupyter-stop="systemctl --user stop jupyterlab.service" | |
alias cups-start="sudo systemctl start cups.service && sudo systemctl start nginx.service" | |
alias cups-restart="sudo systemctl restart cups.service && sudo systemctl start nginx.service" | |
alias cups-stop="sudo systemctl stop cups.service" | |
alias all-start="sudo systemctl start rstudio-server.service && sudo systemctl start cups.service && systemctl --user start jupyterlab.service && sudo systemctl start nginx.service" | |
alias all-restart="sudo systemctl restart rstudio-server.service && sudo systemctl restart cups.service && systemctl --user restart jupyterlab.service && sudo systemctl restart nginx.service" | |
alias all-stop="sudo systemctl stop rstudio-server.service && sudo systemctl stop cups.service && systemctl --user stop jupyterlab.service && sudo systemctl stop nginx.service" | |
' > ~/.bash_profile && source ~/.bash_profile | |
# Permissions for ssh keys | |
chmod 700 /home/$USER/.ssh | |
chmod 700 /home/$USER/.ssh/id_rsa | |
chmod 644 /home/$USER/.ssh/id_rsa.pub | |
# Remove self | |
rm setup-crostini.sh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment