test new jupyter config

hosts/uranus/jupyter-container.nix

@@ -1,6 +1,14 @@
-{ pkgs, packages, bind-ip ? "0.0.0.0", bind-port ? 8080, ... }:
+{ pkgs
+, lib
+, packages
+, jupyterUsers
+, jupyterAdminGroup ? "uranus-owner"
+, bind-ip ? "0.0.0.0"
+, bind-port ? 8080
+, ...
+}:
 let
-  miniconda-alpine-dockerhub = pkgs.dockerTools.pullImage {
+  miniconda-dockerhub = pkgs.dockerTools.pullImage {
     imageName = "continuumio/miniconda3";
     imageDigest = "sha256:a4b665d2075d9bf4b2c5aa896c059439a0baa5538ca67589a673121c31b4c35d";
     sha256 = "sha256-boIAZ8PaPckWLzYYTqrqMEL7HGbyl9grCJrXOpsBMhg=";
@@ -12,20 +20,57 @@ in
 pkgs.dockerTools.buildImage {
   name = "stateful-jupyterlab";
   tag = "latest";
-  fromImage = miniconda-alpine-dockerhub;
+  fromImage = miniconda-dockerhub;
   runAsRoot =
     let
-      entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
-        #!/bin/bash
-        conda install -c conda-forge ${packages} \
-                      jupyterlab
+      cont-interpreter = "/bin/bash";
+      useradd-string = (user: hashed-pw: is-admin: ''useradd \
+                            ${if is-admin then "-aG ${jupyterAdminGroup}" else ""} \
+                            -p ${hashed-pw} \
+                            ${user}'');
 
-        jupyter-lab --ip=${bind-ip} --port=${toString bind-port} --no-browser --allow-root
+      create-all-users-script = pkgs.writeScriptBin "create-users"
+        (lib.strings.concatStringsSep "\n" (builtins.map (u: (useradd-string u.username u.hashedPassword u.isAdmin)) jupyterUsers));
+        # (lib.foldl
+        # (script: u: lib.strings.concatStringsSep "\n" script (useradd-string u.username u.hashedPassword u.isAdmin)) ''''
+        # jupyterUsers);
+
+        jupyterhub-config = pkgs.writeText "jupyterhub-config.py" ''
+          c = get_config()
+
+          c.PAMAuthenticator.admin_groups = {'${jupyterAdminGroup}'}
+
+          c.Spawner.notebook_dir='/workdir'
+          c.Spawner.default_url='/lab'
+        '';
+
+      entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
+        #!${cont-interpreter}
+        set -ex
+
+        # Update the System
+        apt update -y
+        apt dist-upgrade -y
+
+        # create jupyter group
+        groupadd ${jupyterAdminGroup}
+
+        # create all the users
+        ${create-all-users-script}/bin/create-users
+
+        # install the python environ
+        conda install -c conda-forge ${packages} \
+                         jupyterlab \
+                         jupyterhub
+
+        # off to the races
+        jupyterhub --ip=${bind-ip} --port=${toString bind-port} -f /jupyterhub-config.py
       '';
     in
     ''
       #!${pkgs.runtimeShell}
       mkdir -p /workdir
+      cp ${jupyterhub-config} /jupyterhub-config.py
       cp ${entrypoint}/bin/entrypoint.sh /entrypoint.sh
     '';
   config = {

hosts/uranus/stateful-jupyter.nix

@@ -18,10 +18,11 @@
       volumes = [
         "/var/lib/jupyter-volume:/workdir"
         "/var/lib/root-home:/root"
+        # "/var/lib/conda-persist:/opt/conda"
       ];
       imageFile =
         let
-          package-string = lib.concatStringsSep " " [
+          packages = lib.concatStringsSep " " [
             # alphabetically `:sort`ed plz
             "geojson"
             "matplotlib"
@@ -33,10 +34,16 @@
             "seaborn"
             "bitstring"
           ];
+          jupyterUsers = [
+            {
+              username = "0xa";
+              hashedPassword = "$y$j9T$vXyoscuYL2CUGnSXLBpw51$4TH60t.zpNwkb23jt/oEZSJDLxGaSni54sJxn1TXDfA"; # just a test, plz ignore
+              isAdmin = true;
+            }
+          ];
         in
         (import ./jupyter-container.nix {
-          inherit pkgs;
-          packages = package-string;
+          inherit pkgs lib jupyterUsers packages;
         });
       image = "stateful-jupyterlab";
     };