amatsuo/.crostini-setup

## .crostini-setup
These scripts set up Crostini on my c223na

## setup-chromeos.sh
#!/bin/bash

# Basic dependencies
sudo apt-get update && \
  sudo apt-get -y install \
  nano \
  wget \
  apt-transport-https \
  ca-certificates \
  curl \
  software-properties-common \
  gnupg2

# # Add docker repository
# curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
# sudo apt-key fingerprint 0EBFCD88
# sudo add-apt-repository \
#    "deb [arch=amd64] https://download.docker.com/linux/debian \
#    $(lsb_release -cs) \
#    stable"
# sudo apt-get update

# # Install Docker
# sudo apt-get -y install docker-ce || exit 1

# # Modifications for Docker on Chrome OS
# # (expected not needed by March 2019)
# wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/runc-chromeos -O runc-chromeos || exit 1
# sudo mv runc-chromeos /usr/local/bin/ || exit 1
# sudo chmod +x /usr/local/bin/runc-chromeos || exit 1
# wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/daemon.json -O daemon.json || exit 1
# sudo mv daemon.json /etc/docker/ || exit 1
# sudo service docker restart || exit 1
# sudo docker run hello-world || exit 1

## setup-crostini-ssl.sh
# # Setup Crostini SSL
# # mail@tjpalanca.com
#
# # This generates the certificates (that you should trust in the browser) for the nginx proxy so that
# # the rstudio server, CUPS server, and Jupyter Lab can communicate with the container via HTTPS.
#
# # Should not run as root
# if [ "$(whoami)" == "root" ]; then
#   echo "Script should not be run as root, but as a user with root privileges"
#   exit -1
# fi
#
# mkdir ~/ssl
# cd ~/ssl
# openssl genrsa -des3 -out penguin.linux.test.key 2048
# openssl req -x509 -new -nodes -key penguin.linux.test.key -sha256 -days 1024 -out penguin.linux.test.pem
# echo '
# [req]
# default_bits = 2048
# prompt = no
# default_md = sha256
# distinguished_name = dn
#
# [dn]
# C=PH
# ST=NCR
# L=Makati
# O=Crostini
# OU=Personal
# emailAddress=mail@tjpalanca.com
# CN = penguin.linux.test
# ' > server.csr.cnf
# echo '
# authorityKeyIdentifier=keyid,issuer
# basicConstraints=CA:FALSE
# keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
# subjectAltName = @alt_names
#
# [alt_names]
# DNS.1 = penguin.linux.test
# ' > v3.ext
# openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )
# openssl x509 -req -in server.csr -CA penguin.linux.test.pem -CAkey penguin.linux.test.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext

## setup-crostini.sh
# Setup Crostini (CrOS) Instance
# mail@tjpalanca.com
# 2018-09-10

# Contains:
# 1. Linux basics
# 2. Nginx to broker all traffic between different services
# 3. Rstudio server and core R packages
# 4. Miniconda and Jupyter Lab
# 5. CUPS server for printing

# Should not run as root
if [ "$(whoami)" == "root" ]; then
  echo "Script should not be run as root, but as a user with root privileges"
  exit -1
fi

# Install some basics
cd ~/
sudo apt-get update
sudo apt-get -y install \
  software-properties-common \
  gnupg \
  wget \
  libssl-dev \
  nano \
  iputils-ping

# Repositories update
sudo apt-key adv --keyserver keys.gnupg.net --recv-key 'E19F5F87128899B192B1A2C2AD5F960A256A04AF'
sudo add-apt-repository 'deb [arch=amd64,i386] https://cran.rstudio.com/bin/linux/debian stretch-cran35/' -y
sudo apt-get update

# Install R 3.5.X and Rstudio server
sudo apt-get -y install \
  r-base \
  r-base-dev \
  libopenblas-base \
  libapparmor1 \
  libxslt1-dev \
  gdebi-core
# wget https://s3.amazonaws.com/rstudio-ide-build/server/debian9/x86_64/rstudio-server-1.2.981-amd64.deb && \
#   sudo gdebi --non-interactive rstudio-server-1.2.981-amd64.deb && \
#   rm rstudio-server-1.2.981-amd64.deb
wget https://download1.rstudio.org/rstudio-xenial-1.1.463-amd64.deb && \
  sudo gdebi --non-interactive rstudio-xenial-1.1.463-amd64.deb && \
  rm rstudio-xenial-1.1.463-amd64.deb

# Set up password
sudo passwd $USER

# Linux R package dependencies
sudo apt-get -y install \
  libxml2-dev \
  libssl-dev \
  libcurl4-openssl-dev \
  default-jre \
  default-jdk \
  libssh2-1-dev \
  libpython3.5

# # Install CUPS Server
# sudo apt-get -y install cups && sudo gpasswd -a $USER lpadmin

# Install miniconda and jupyter lab as a service
wget https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh && \
  bash Miniconda3-latest-Linux-x86_64.sh && \
  rm Miniconda3-latest-Linux-x86_64.sh #&& \
#   source .bashrc && \
#   conda install -y jupyterlab nodejs && \
#   mkdir -p ~/.config/systemd/user/ && \
#   mkdir -p ~/jupyter/ && \
#   echo "
# [Unit]
# Description=Jupyter Lab
#
# [Service]
# Type=simple
# ExecStart=/home/$USER/miniconda3/bin/jupyter-lab \
#   --no-browser \
#   --port=8888 \
#   --notebook-dir=/home/$USER/jupyter/ \
#   --NotebookApp.trust_xheaders=True \
#   --NotebookApp.password='sha1:5edd1c9a8fa0:b1a9a6998fb674102fa742af3d6562fb23371a45'\
#   --NotebookApp.base_url=jupyter
#
# [Install]
# WantedBy=default.target
# " > ~/.config/systemd/user/jupyterlab.service && \
#   systemctl --user enable jupyterlab.service && \
#   systemctl --user start jupyterlab.service

# # Install nginx reverse proxy
# sudo apt-get -y install nginx && \
#   echo "
# map \$http_upgrade \$connection_upgrade {
#   default upgrade;
#   ''      close;
# }
# server {
#   listen 80;
#   return 301 https://\$host\$request_uri;
# }
# server {
#   listen 443;
#   server_name penguin.linux.test;
#   ssl_certificate /home/$USER/ssl/server.crt;
#   ssl_certificate_key /home/$USER/ssl/server.key;
#   ssl on;
#   ssl_session_cache  builtin:1000  shared:SSL:10m;
#   ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
#   ssl_prefer_server_ciphers on;
#   access_log            /var/log/nginx/penguin.linux.test.access.log;
#   # RStudio Server
#   location /rstudio/ {
#     rewrite ^/rstudio/(.*)\$ /\$1 break;
#     proxy_pass http://localhost:8787;
#     proxy_redirect http://localhost:8787/ \$scheme://\$host/rstudio/;
#     proxy_http_version 1.1;
#     proxy_set_header Upgrade \$http_upgrade;
#     proxy_set_header Connection \$connection_upgrade;
#     proxy_read_timeout 20d;
#   }
#   # Jupyter Lab
#   location /jupyter/ {
#     proxy_pass http://localhost:8888/jupyter/;
#     proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
#     proxy_set_header X-Real-IP \$remote_addr;
#     proxy_set_header Host \$http_host;
#     proxy_http_version 1.1;
#     proxy_redirect off;
#     proxy_buffering off;
#     proxy_set_header Upgrade \$http_upgrade;
#     proxy_set_header Connection "upgrade";
#     proxy_read_timeout 86400;
#   }
#   # CUPS Server
#   location / {
#     proxy_pass http://localhost:631;
#     proxy_redirect http://localhost:631/ \$scheme://\$host/cups/;
#     proxy_http_version 1.1;
#     proxy_set_header Upgrade \$http_upgrade;
#     proxy_set_header Connection \$connection_upgrade;
#     proxy_read_timeout 20d;
#   }
# }" | sudo tee /etc/nginx/sites-available/default && \
#   sudo systemctl restart nginx.service

# # Install 'core' R packages and R Kernel for Jupyter Lab
# Rscript -e " \
#   dir.create(Sys.getenv('R_LIBS_USER'), recursive = TRUE); \
#   install.packages( \
#     pkgs = c('tidyverse', 'glue', 'devtools', 'rJava'), \
#     repos = 'https://cran.rstudio.com', \
#     lib = Sys.getenv('R_LIBS_USER') \
#   ); \
# " && \
#   Rscript -e "devtools::install_github('IRkernel/IRkernel'); IRkernel::installspec()"

# Install Jupyter Extensions
jupyter labextension install @jupyterlab/git

# # Shortcuts in bash profile
# echo '
# # Aliases for starting and stopping rstudio and jupyter
# alias rstudio-start="sudo systemctl start rstudio-server.service && sudo systemctl start nginx.service"
# alias rstudio-restart="sudo systemctl restart rstudio-server.service && sudo systemctl start nginx.service"
# alias rstudio-stop="sudo systemctl stop  rstudio-server.service"
# alias jupyter-start="systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
# alias jupyter-restart="systemctl --user restart jupyterlab.service && sudo systemctl start nginx.service"
# alias jupyter-stop="systemctl --user stop jupyterlab.service"
# alias cups-start="sudo systemctl start cups.service && sudo systemctl start nginx.service"
# alias cups-restart="sudo systemctl restart cups.service && sudo systemctl start nginx.service"
# alias cups-stop="sudo systemctl stop  cups.service"
# alias all-start="sudo systemctl start rstudio-server.service && sudo systemctl start cups.service && systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
# alias all-restart="sudo systemctl restart rstudio-server.service && sudo systemctl restart cups.service && systemctl --user restart jupyterlab.service && sudo systemctl restart nginx.service"
# alias all-stop="sudo systemctl stop rstudio-server.service && sudo systemctl stop cups.service && systemctl --user stop jupyterlab.service && sudo systemctl stop nginx.service"
# ' > ~/.bash_profile && source ~/.bash_profile
#
# # Permissions for ssh keys
# chmod 700 /home/$USER/.ssh
# chmod 700 /home/$USER/.ssh/id_rsa
# chmod 644 /home/$USER/.ssh/id_rsa.pub
#
# # Remove self
# rm setup-crostini.sh
	#!/bin/bash

	# Basic dependencies
	sudo apt-get update && \
	sudo apt-get -y install \
	nano \
	wget \
	apt-transport-https \
	ca-certificates \
	curl \
	software-properties-common \
	gnupg2

	# # Add docker repository
	# curl -fsSL https://download.docker.com/linux/debian/gpg \| sudo apt-key add -
	# sudo apt-key fingerprint 0EBFCD88
	# sudo add-apt-repository \
	# "deb [arch=amd64] https://download.docker.com/linux/debian \
	# $(lsb_release -cs) \
	# stable"
	# sudo apt-get update

	# # Install Docker
	# sudo apt-get -y install docker-ce \|\| exit 1

	# # Modifications for Docker on Chrome OS
	# # (expected not needed by March 2019)
	# wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/runc-chromeos -O runc-chromeos \|\| exit 1
	# sudo mv runc-chromeos /usr/local/bin/ \|\| exit 1
	# sudo chmod +x /usr/local/bin/runc-chromeos \|\| exit 1
	# wget https://tjpalanca.sgp1.digitaloceanspaces.com/binaries/daemon.json -O daemon.json \|\| exit 1
	# sudo mv daemon.json /etc/docker/ \|\| exit 1
	# sudo service docker restart \|\| exit 1
	# sudo docker run hello-world \|\| exit 1
	# # Setup Crostini SSL
	# # mail@tjpalanca.com
	#
	# # This generates the certificates (that you should trust in the browser) for the nginx proxy so that
	# # the rstudio server, CUPS server, and Jupyter Lab can communicate with the container via HTTPS.
	#
	# # Should not run as root
	# if [ "$(whoami)" == "root" ]; then
	# echo "Script should not be run as root, but as a user with root privileges"
	# exit -1
	# fi
	#
	# mkdir ~/ssl
	# cd ~/ssl
	# openssl genrsa -des3 -out penguin.linux.test.key 2048
	# openssl req -x509 -new -nodes -key penguin.linux.test.key -sha256 -days 1024 -out penguin.linux.test.pem
	# echo '
	# [req]
	# default_bits = 2048
	# prompt = no
	# default_md = sha256
	# distinguished_name = dn
	#
	# [dn]
	# C=PH
	# ST=NCR
	# L=Makati
	# O=Crostini
	# OU=Personal
	# emailAddress=mail@tjpalanca.com
	# CN = penguin.linux.test
	# ' > server.csr.cnf
	# echo '
	# authorityKeyIdentifier=keyid,issuer
	# basicConstraints=CA:FALSE
	# keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
	# subjectAltName = @alt_names
	#
	# [alt_names]
	# DNS.1 = penguin.linux.test
	# ' > v3.ext
	# openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )
	# openssl x509 -req -in server.csr -CA penguin.linux.test.pem -CAkey penguin.linux.test.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
	# Setup Crostini (CrOS) Instance
	# mail@tjpalanca.com
	# 2018-09-10

	# Contains:
	# 1. Linux basics
	# 2. Nginx to broker all traffic between different services
	# 3. Rstudio server and core R packages
	# 4. Miniconda and Jupyter Lab
	# 5. CUPS server for printing

	# Should not run as root
	if [ "$(whoami)" == "root" ]; then
	echo "Script should not be run as root, but as a user with root privileges"
	exit -1
	fi

	# Install some basics
	cd ~/
	sudo apt-get update
	sudo apt-get -y install \
	software-properties-common \
	gnupg \
	wget \
	libssl-dev \
	nano \
	iputils-ping

	# Repositories update
	sudo apt-key adv --keyserver keys.gnupg.net --recv-key 'E19F5F87128899B192B1A2C2AD5F960A256A04AF'
	sudo add-apt-repository 'deb [arch=amd64,i386] https://cran.rstudio.com/bin/linux/debian stretch-cran35/' -y
	sudo apt-get update

	# Install R 3.5.X and Rstudio server
	sudo apt-get -y install \
	r-base \
	r-base-dev \
	libopenblas-base \
	libapparmor1 \
	libxslt1-dev \
	gdebi-core
	# wget https://s3.amazonaws.com/rstudio-ide-build/server/debian9/x86_64/rstudio-server-1.2.981-amd64.deb && \
	# sudo gdebi --non-interactive rstudio-server-1.2.981-amd64.deb && \
	# rm rstudio-server-1.2.981-amd64.deb
	wget https://download1.rstudio.org/rstudio-xenial-1.1.463-amd64.deb && \
	sudo gdebi --non-interactive rstudio-xenial-1.1.463-amd64.deb && \
	rm rstudio-xenial-1.1.463-amd64.deb

	# Set up password
	sudo passwd $USER

	# Linux R package dependencies
	sudo apt-get -y install \
	libxml2-dev \
	libssl-dev \
	libcurl4-openssl-dev \
	default-jre \
	default-jdk \
	libssh2-1-dev \
	libpython3.5

	# # Install CUPS Server
	# sudo apt-get -y install cups && sudo gpasswd -a $USER lpadmin

	# Install miniconda and jupyter lab as a service
	wget https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh && \
	bash Miniconda3-latest-Linux-x86_64.sh && \
	rm Miniconda3-latest-Linux-x86_64.sh #&& \
	# source .bashrc && \
	# conda install -y jupyterlab nodejs && \
	# mkdir -p ~/.config/systemd/user/ && \
	# mkdir -p ~/jupyter/ && \
	# echo "
	# [Unit]
	# Description=Jupyter Lab
	#
	# [Service]
	# Type=simple
	# ExecStart=/home/$USER/miniconda3/bin/jupyter-lab \
	# --no-browser \
	# --port=8888 \
	# --notebook-dir=/home/$USER/jupyter/ \
	# --NotebookApp.trust_xheaders=True \
	# --NotebookApp.password='sha1:5edd1c9a8fa0:b1a9a6998fb674102fa742af3d6562fb23371a45'\
	# --NotebookApp.base_url=jupyter
	#
	# [Install]
	# WantedBy=default.target
	# " > ~/.config/systemd/user/jupyterlab.service && \
	# systemctl --user enable jupyterlab.service && \
	# systemctl --user start jupyterlab.service

	# # Install nginx reverse proxy
	# sudo apt-get -y install nginx && \
	# echo "
	# map \$http_upgrade \$connection_upgrade {
	# default upgrade;
	# '' close;
	# }
	# server {
	# listen 80;
	# return 301 https://\$host\$request_uri;
	# }
	# server {
	# listen 443;
	# server_name penguin.linux.test;
	# ssl_certificate /home/$USER/ssl/server.crt;
	# ssl_certificate_key /home/$USER/ssl/server.key;
	# ssl on;
	# ssl_session_cache builtin:1000 shared:SSL:10m;
	# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	# ssl_prefer_server_ciphers on;
	# access_log /var/log/nginx/penguin.linux.test.access.log;
	# # RStudio Server
	# location /rstudio/ {
	# rewrite ^/rstudio/(.*)\$ /\$1 break;
	# proxy_pass http://localhost:8787;
	# proxy_redirect http://localhost:8787/ \$scheme://\$host/rstudio/;
	# proxy_http_version 1.1;
	# proxy_set_header Upgrade \$http_upgrade;
	# proxy_set_header Connection \$connection_upgrade;
	# proxy_read_timeout 20d;
	# }
	# # Jupyter Lab
	# location /jupyter/ {
	# proxy_pass http://localhost:8888/jupyter/;
	# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	# proxy_set_header X-Real-IP \$remote_addr;
	# proxy_set_header Host \$http_host;
	# proxy_http_version 1.1;
	# proxy_redirect off;
	# proxy_buffering off;
	# proxy_set_header Upgrade \$http_upgrade;
	# proxy_set_header Connection "upgrade";
	# proxy_read_timeout 86400;
	# }
	# # CUPS Server
	# location / {
	# proxy_pass http://localhost:631;
	# proxy_redirect http://localhost:631/ \$scheme://\$host/cups/;
	# proxy_http_version 1.1;
	# proxy_set_header Upgrade \$http_upgrade;
	# proxy_set_header Connection \$connection_upgrade;
	# proxy_read_timeout 20d;
	# }
	# }" \| sudo tee /etc/nginx/sites-available/default && \
	# sudo systemctl restart nginx.service

	# # Install 'core' R packages and R Kernel for Jupyter Lab
	# Rscript -e " \
	# dir.create(Sys.getenv('R_LIBS_USER'), recursive = TRUE); \
	# install.packages( \
	# pkgs = c('tidyverse', 'glue', 'devtools', 'rJava'), \
	# repos = 'https://cran.rstudio.com', \
	# lib = Sys.getenv('R_LIBS_USER') \
	# ); \
	# " && \
	# Rscript -e "devtools::install_github('IRkernel/IRkernel'); IRkernel::installspec()"

	# Install Jupyter Extensions
	jupyter labextension install @jupyterlab/git

	# # Shortcuts in bash profile
	# echo '
	# # Aliases for starting and stopping rstudio and jupyter
	# alias rstudio-start="sudo systemctl start rstudio-server.service && sudo systemctl start nginx.service"
	# alias rstudio-restart="sudo systemctl restart rstudio-server.service && sudo systemctl start nginx.service"
	# alias rstudio-stop="sudo systemctl stop rstudio-server.service"
	# alias jupyter-start="systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
	# alias jupyter-restart="systemctl --user restart jupyterlab.service && sudo systemctl start nginx.service"
	# alias jupyter-stop="systemctl --user stop jupyterlab.service"
	# alias cups-start="sudo systemctl start cups.service && sudo systemctl start nginx.service"
	# alias cups-restart="sudo systemctl restart cups.service && sudo systemctl start nginx.service"
	# alias cups-stop="sudo systemctl stop cups.service"
	# alias all-start="sudo systemctl start rstudio-server.service && sudo systemctl start cups.service && systemctl --user start jupyterlab.service && sudo systemctl start nginx.service"
	# alias all-restart="sudo systemctl restart rstudio-server.service && sudo systemctl restart cups.service && systemctl --user restart jupyterlab.service && sudo systemctl restart nginx.service"
	# alias all-stop="sudo systemctl stop rstudio-server.service && sudo systemctl stop cups.service && systemctl --user stop jupyterlab.service && sudo systemctl stop nginx.service"
	# ' > ~/.bash_profile && source ~/.bash_profile
	#
	# # Permissions for ssh keys
	# chmod 700 /home/$USER/.ssh
	# chmod 700 /home/$USER/.ssh/id_rsa
	# chmod 644 /home/$USER/.ssh/id_rsa.pub
	#
	# # Remove self
	# rm setup-crostini.sh