Skip to content

Instantly share code, notes, and snippets.

@sjsrey
Forked from tjpalanca/.crostini-setup
Created December 16, 2018 00:51
Show Gist options
  • Save sjsrey/fd2ba14379e217ae4c167bf82d74a945 to your computer and use it in GitHub Desktop.
Save sjsrey/fd2ba14379e217ae4c167bf82d74a945 to your computer and use it in GitHub Desktop.
Crostini Setup
These scripts set up Crostini on my Pixelbook
#!/bin/bash
# Basic dependencies
sudo apt-get update && \
sudo apt-get -y install \
nano \
wget \
apt-transport-https \
ca-certificates \
curl \
software-properties-common \
gnupg2
# Add docker repository
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
sudo apt-get update
# Install Docker
sudo apt-get -y install docker-ce || exit 1
# Modifications for Docker on Chrome OS
# (expected not needed by March 2019)
wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/runc-chromeos -O runc-chromeos || exit 1
sudo mv runc-chromeos /usr/local/bin/ || exit 1
sudo chmod +x /usr/local/bin/runc-chromeos || exit 1
wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/daemon.json -O daemon.json || exit 1
sudo mv daemon.json /etc/docker/ || exit 1
sudo service docker restart || exit 1
sudo docker run hello-world || exit 1
# Setup Crostini SSL
# [email protected]
# This generates the certificates (that you should trust in the browser) for the nginx proxy so that
# the rstudio server, CUPS server, and Jupyter Lab can communicate with the container via HTTPS.
# Should not run as root
if [ "$(whoami)" == "root" ]; then
echo "Script should not be run as root, but as a user with root privileges"
exit -1
fi
mkdir ~/ssl
cd ~/ssl
openssl genrsa -des3 -out penguin.linux.test.key 2048
openssl req -x509 -new -nodes -key penguin.linux.test.key -sha256 -days 1024 -out penguin.linux.test.pem
echo '
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=PH
ST=NCR
L=Makati
O=Crostini
OU=Personal
[email protected]
CN = penguin.linux.test
' > server.csr.cnf
echo '
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = penguin.linux.test
' > v3.ext
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )
openssl x509 -req -in server.csr -CA penguin.linux.test.pem -CAkey penguin.linux.test.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
# Setup Crostini (CrOS) Instance
# [email protected]
# 2018-09-10
# Contains:
# 1. Linux basics
# 2. Nginx to broker all traffic between different services
# 3. Rstudio server and core R packages
# 4. Miniconda and Jupyter Lab
# 5. CUPS server for printing
# Should not run as root
if [ "$(whoami)" == "root" ]; then
echo "Script should not be run as root, but as a user with root privileges"
exit -1
fi
# Install some basics
cd ~/
sudo apt-get update
sudo apt-get -y install \
software-properties-common \
gnupg \
wget \
libssl-dev \
nano \
iputils-ping
# Repositories update
sudo apt-key adv --keyserver keys.gnupg.net --recv-key 'E19F5F87128899B192B1A2C2AD5F960A256A04AF'
sudo add-apt-repository 'deb [arch=amd64,i386] https://cran.rstudio.com/bin/linux/debian stretch-cran35/' -y
sudo apt-get update
# Install R 3.5.X and Rstudio server
sudo apt-get -y install \
r-base \
r-base-dev \
libopenblas-base \
libapparmor1 \
gdebi-core
wget https://s3.amazonaws.com/rstudio-ide-build/server/debian9/x86_64/rstudio-server-1.2.981-amd64.deb && \
sudo gdebi --non-interactive rstudio-server-1.2.981-amd64.deb && \
rm rstudio-server-1.2.981-amd64.deb
# Set up password
sudo passwd $USER
# Linux R package dependencies
sudo apt-get -y install \
libxml2-dev \
libssl-dev \
libcurl4-openssl-dev \
default-jre \
default-jdk \
libssh2-1-dev \
libpython3.5
# Install CUPS Server
sudo apt-get -y install cups && sudo gpasswd -a $USER lpadmin
# Install miniconda and jupyter lab as a service
wget https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh && \
bash Miniconda3-latest-Linux-x86_64.sh && \
rm Miniconda3-latest-Linux-x86_64.sh && \
source .bashrc && \
conda install -y jupyterlab nodejs && \
mkdir -p ~/.config/systemd/user/ && \
mkdir -p ~/jupyter/ && \
echo "
[Unit]
Description=Jupyter Lab
[Service]
Type=simple
ExecStart=/home/$USER/miniconda3/bin/jupyter-lab \
--no-browser \
--port=8888 \
--notebook-dir=/home/$USER/jupyter/ \
--NotebookApp.trust_xheaders=True \
--NotebookApp.password='sha1:5edd1c9a8fa0:b1a9a6998fb674102fa742af3d6562fb23371a45'\
--NotebookApp.base_url=jupyter
[Install]
WantedBy=default.target
" > ~/.config/systemd/user/jupyterlab.service && \
systemctl --user enable jupyterlab.service && \
systemctl --user start jupyterlab.service
# Install nginx reverse proxy
sudo apt-get -y install nginx && \
echo "
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
return 301 https://\$host\$request_uri;
}
server {
listen 443;
server_name penguin.linux.test;
ssl_certificate /home/$USER/ssl/server.crt;
ssl_certificate_key /home/$USER/ssl/server.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/penguin.linux.test.access.log;
# RStudio Server
location /rstudio/ {
rewrite ^/rstudio/(.*)\$ /\$1 break;
proxy_pass http://localhost:8787;
proxy_redirect http://localhost:8787/ \$scheme://\$host/rstudio/;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
proxy_read_timeout 20d;
}
# Jupyter Lab
location /jupyter/ {
proxy_pass http://localhost:8888/jupyter/;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$http_host;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# CUPS Server
location / {
proxy_pass http://localhost:631;
proxy_redirect http://localhost:631/ \$scheme://\$host/cups/;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
proxy_read_timeout 20d;
}
}" | sudo tee /etc/nginx/sites-available/default && \
sudo systemctl restart nginx.service
# Install 'core' R packages and R Kernel for Jupyter Lab
Rscript -e " \
dir.create(Sys.getenv('R_LIBS_USER'), recursive = TRUE); \
install.packages( \
pkgs = c('tidyverse', 'glue', 'devtools', 'rJava'), \
repos = 'https://cran.rstudio.com', \
lib = Sys.getenv('R_LIBS_USER') \
); \
" && \
Rscript -e "devtools::install_github('IRkernel/IRkernel'); IRkernel::installspec()"
# Install Jupyter Extensions
jupyter labextension install @jupyterlab/git
# Shortcuts in bash profile
echo '
# Aliases for starting and stopping rstudio and jupyter
alias rstudio-start="sudo systemctl start rstudio-server.service && sudo systemctl start nginx.service"
alias rstudio-restart="sudo systemctl restart rstudio-server.service && sudo systemctl start nginx.service"
alias rstudio-stop="sudo systemctl stop rstudio-server.service"
alias jupyter-start="systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
alias jupyter-restart="systemctl --user restart jupyterlab.service && sudo systemctl start nginx.service"
alias jupyter-stop="systemctl --user stop jupyterlab.service"
alias cups-start="sudo systemctl start cups.service && sudo systemctl start nginx.service"
alias cups-restart="sudo systemctl restart cups.service && sudo systemctl start nginx.service"
alias cups-stop="sudo systemctl stop cups.service"
alias all-start="sudo systemctl start rstudio-server.service && sudo systemctl start cups.service && systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
alias all-restart="sudo systemctl restart rstudio-server.service && sudo systemctl restart cups.service && systemctl --user restart jupyterlab.service && sudo systemctl restart nginx.service"
alias all-stop="sudo systemctl stop rstudio-server.service && sudo systemctl stop cups.service && systemctl --user stop jupyterlab.service && sudo systemctl stop nginx.service"
' > ~/.bash_profile && source ~/.bash_profile
# Permissions for ssh keys
chmod 700 /home/$USER/.ssh
chmod 700 /home/$USER/.ssh/id_rsa
chmod 644 /home/$USER/.ssh/id_rsa.pub
# Remove self
rm setup-crostini.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment