2023-06-09 19:47:15 +02:00
|
|
|
{ pkgs
|
|
|
|
|
, lib
|
|
|
|
|
, packages
|
|
|
|
|
, jupyterUsers
|
|
|
|
|
, jupyterAdminGroup ? "uranus-owner"
|
|
|
|
|
, bind-ip ? "0.0.0.0"
|
|
|
|
|
, bind-port ? 8080
|
|
|
|
|
, ...
|
|
|
|
|
}:
|
2023-05-30 16:00:35 +02:00
|
|
|
let
|
2023-06-09 19:47:15 +02:00
|
|
|
miniconda-dockerhub = pkgs.dockerTools.pullImage {
|
2023-05-30 16:00:35 +02:00
|
|
|
imageName = "continuumio/miniconda3";
|
|
|
|
|
imageDigest = "sha256:a4b665d2075d9bf4b2c5aa896c059439a0baa5538ca67589a673121c31b4c35d";
|
|
|
|
|
sha256 = "sha256-boIAZ8PaPckWLzYYTqrqMEL7HGbyl9grCJrXOpsBMhg=";
|
|
|
|
|
finalImageTag = "23.3.1-0";
|
|
|
|
|
finalImageName = "miniconda";
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
pkgs.dockerTools.buildImage {
|
|
|
|
|
name = "stateful-jupyterlab";
|
|
|
|
|
tag = "latest";
|
2023-06-09 19:47:15 +02:00
|
|
|
fromImage = miniconda-dockerhub;
|
2023-05-30 20:10:59 +02:00
|
|
|
runAsRoot =
|
2023-05-30 17:14:55 +02:00
|
|
|
let
|
2023-06-09 19:47:15 +02:00
|
|
|
cont-interpreter = "/bin/bash";
|
2023-06-12 23:40:22 +02:00
|
|
|
useradd-string = (user: is-admin: ''
|
|
|
|
|
set +x # don't leak the hashed password
|
|
|
|
|
echo "creating user ${user}"
|
|
|
|
|
useradd \
|
|
|
|
|
-m \
|
2023-06-12 23:59:05 +02:00
|
|
|
${if is-admin then "-g ${jupyterAdminGroup}" else ""} \
|
2023-06-12 23:40:22 +02:00
|
|
|
-p $(cat /pw/hashed-password-${user}) \
|
|
|
|
|
${user} \
|
|
|
|
|
&& chown -R ${user}:${jupyterAdminGroup} /home/${user} \
|
|
|
|
|
&& ln --force -s /workdir /home/${user}/shared-workdir
|
|
|
|
|
set -x
|
|
|
|
|
'');
|
2023-06-09 19:47:15 +02:00
|
|
|
|
2023-06-09 22:32:39 +02:00
|
|
|
create-all-users-script = (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.isAdmin)) jupyterUsers));
|
2023-06-12 23:41:16 +02:00
|
|
|
jupyterhub-config = pkgs.writeText "jupyterhub-config.py" ''
|
|
|
|
|
c = get_config()
|
2023-06-09 19:47:15 +02:00
|
|
|
|
2023-06-12 23:41:16 +02:00
|
|
|
c.PAMAuthenticator.admin_groups = {'${jupyterAdminGroup}'}
|
2023-06-09 19:47:15 +02:00
|
|
|
|
2023-06-12 23:41:16 +02:00
|
|
|
c.Spawner.notebook_dir='/workdir'
|
|
|
|
|
c.Spawner.default_url='/lab'
|
|
|
|
|
'';
|
2023-06-09 19:47:15 +02:00
|
|
|
|
2023-05-30 17:14:55 +02:00
|
|
|
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
|
2023-06-09 19:47:15 +02:00
|
|
|
#!${cont-interpreter}
|
|
|
|
|
set -ex
|
|
|
|
|
|
|
|
|
|
# Update the System
|
|
|
|
|
apt update -y
|
|
|
|
|
apt dist-upgrade -y
|
|
|
|
|
|
|
|
|
|
# create jupyter group
|
|
|
|
|
groupadd ${jupyterAdminGroup}
|
2023-06-12 23:59:05 +02:00
|
|
|
chown -R root:${jupyterAdminGroup} /workdir
|
2023-06-12 23:40:57 +02:00
|
|
|
chmod -R g+rwx /workdir
|
2023-06-09 19:47:15 +02:00
|
|
|
|
|
|
|
|
# create all the users
|
2023-06-09 20:05:13 +02:00
|
|
|
${create-all-users-script}
|
2023-06-09 19:47:15 +02:00
|
|
|
|
|
|
|
|
# install the python environ
|
2023-06-09 20:22:52 +02:00
|
|
|
conda install -c conda-forge mamba
|
|
|
|
|
|
|
|
|
|
mamba install -c conda-forge ${packages} \
|
2023-06-09 19:47:15 +02:00
|
|
|
jupyterlab \
|
|
|
|
|
jupyterhub
|
2023-05-30 17:14:55 +02:00
|
|
|
|
2023-06-09 22:32:39 +02:00
|
|
|
|
2023-06-09 19:47:15 +02:00
|
|
|
# off to the races
|
|
|
|
|
jupyterhub --ip=${bind-ip} --port=${toString bind-port} -f /jupyterhub-config.py
|
2023-05-30 17:14:55 +02:00
|
|
|
'';
|
|
|
|
|
in
|
|
|
|
|
''
|
2023-05-30 20:10:59 +02:00
|
|
|
#!${pkgs.runtimeShell}
|
|
|
|
|
mkdir -p /workdir
|
2023-06-09 22:32:39 +02:00
|
|
|
|
|
|
|
|
# make temp store for pw hashes
|
|
|
|
|
mkdir -p /pw
|
|
|
|
|
|
2023-06-09 19:47:15 +02:00
|
|
|
cp ${jupyterhub-config} /jupyterhub-config.py
|
2023-05-30 20:10:59 +02:00
|
|
|
cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh
|
|
|
|
|
'';
|
2023-05-30 16:00:35 +02:00
|
|
|
config = {
|
|
|
|
|
WorkingDir = "/workdir";
|
2023-05-30 17:14:55 +02:00
|
|
|
Entrypoint = "/entrypoint.sh";
|
2023-05-30 16:00:35 +02:00
|
|
|
};
|
|
|
|
|
}
|
