Removes a lot of 'sudo -E' usage, and eventually should
let us get rid of the $PATH override for jupyterhub-admins,
which arguably is less secure than just dropping stuff into
/usr/bin
Also remove sudo -E from apt and mkdir calls. Not necessary.
TLJH is a great base to build 'stacks' on top of
for various use cases. These 'stacks' should be built by
people who are domain experts in their fields, and easily
updateable with new TLJH versions. Extension points need
to be very clearly defined & evolvable, so we can modify
TLJH without fear of breaking everything.
[pluggy](https://pluggy.readthedocs.io/) is the plugin
mechanism for pytest spun out into its own library,
and fits our requirements well.
There is an experimental pangeo stack in progress at
https://github.com/yuvipanda/tljh-pangeo for an example
of how this would work
- TLJH should support raspberry pi, which runs ARM. conda does
not support ARM.
- Get nodejs from nodesource instead of conda or default repositories.
Default repositories get out of date pretty quickly.
- Install CHP from npm
- This was going to get too complex for bash. Only way to
kill those scripts is before they get too complex.
- Better progress messages from bootstrapper.
- Differentiate between bootstrapper & installer
- Cleanup documentation a little bit
jupyterhub admins should be able to run `sudo -E pip install numpy`
and install numpy into the user environment. However, since pip
is in the PATH we explicitly set in jupyterhub_config.py and
sudo doesn't preserve PATH, this won't work.
We exempt jupyterhub-admins groups from the PATH restriction,
so sudo -E works. This has some security costs, but we are already
allowing passwordless roots for them with unrestricted paths...
conda was not installed in the user environment explicitly,
so users can't install conda packages themselves.
Also install JupyterLab while we're at it :)
Dynamic Users are neat and probably very useful for a tmpnb
style situation. However, for regular use they have the following
problems:
1. Can't set ProtectHome=no, so you can never apt install or
similar from inside admin accounts.
2. Dynamic uid / gid makes it hard to write sudo rules. We want
admin users to have sudo.
3. Persistent uids / gids are very useful for ad-hoc ACLs between
users. gid sharing isn't the most flexible sharing mechanism,
but it is well known & quite useful.
4. /etc/skel is pretty useful!
