A dockerized web app, written in python, for easily adding or removing time for users of Timekpr-nExT. The primary goal is to allow parents to use their phone to easily give more computer time to their child(ren). Works on Desktop or Mobile:
Features:
- Manage at least 1, likely up to 10, accounts
- Run via a docker one liner
- Intuitive web app interface is easy to use from any phone in the house
- Optionally send alerts via Gotify whenever time is added
Video - Mobile phone controlling desktop
In this demo, you can see how a parental phone (foreground) can easily load the web UI and quickly add time to a childs desktop device (background):
timekpr-next-remote.720p.MP4
Video - Docker start with gracefull error handling
In this demo, you when some nodes are down, the back end and front end handle this without breaking. Further, users on two different desktops can easily be controlled from the UI:
timekpr-docker-with-errors-demo.720p.mp4
As of 1.3.0, alerts can be sent when ever time is added or removed. This is a different model, where instead of administrators controlling time, end users can be trusted to give themselves time. The catch is they know that administrators will know the moment they do. When our kids hit high school, it became too tedious and too gatekeeper-ish to always be asked for more time and just blindly give it. This self server approach seemed way more appropriate!
Assuming your user is named "Adnan", and they added 15 minutes and had 1 hours and 2 minutes left, the alert would look like this:
Timekpr: Adnan added 15 minutes
removed 15 minutes, 1 hours and 2 minutes remaining :)
- Server that can run docker compose and can SSH to the clients you want to control
- Client device runs linux and has SSH enable
- Client device has Timekpr-nExT installed and configured to have a limited amount of time per day (<24 hrs ;)
- clone this repo
- copy
conf.example.py
toconf.py
- edit
conf.py
per Settings section below - run
docker compose up -d
- go to
http://your-server-IP:8080
on your phone or desktop
Follow these steps for on each client you want to control:
- Add a new
timekpr-next-remote
user to each machine you want to manage. - Set the password for
timekpr-next-remote
to be the same as step 3 above, so it matches the config value ofssh_password
- Add the
timekpr-next-remote
to thetimekpr
group:sudo gpasswd -a timekpr-next-remote timekpr
- Restart to ensure the group change took effect
- Ensure the user can SSH in using the IP from
trackme
, thessh_user
and thessh_password
Whenever you're editing setting, use care. It's actually a python file, so you can cause the app to crash if you have an invalid config file.
trackme
- python object to store all the folks you want to managessh_user
- user to SSH into client machines as. Defaults totimekpr-next-remote
ssh_password
- password to use wen SSHing into client machines. Defaults totimekpr-next-remote
ssh_timekpra_bin
- path on clients wheretimekpra
executable is. defaults to/usr/bin/timekpra
ssh_key
- wtf - I don't know, SSH library wouldn't work with out this. don't touch this
These are optional! Ignore if you don't want to send alerts.
If you do want to set up alerts, go create a new app in your Gotify instance and get the token to send alerts. You can add as many Gotify instances as you want. By allowing more than one, administrators with their own Gotify user can get alerts. Or more simply, send one alert and administrators can share an account.
gotify
- This is an array of Gotify instances that looks like this:
gotify =[
# set to True to enable, update with you token and URL
{
'enabled': False,
'token': 'token1-here',
'url': 'http://url1-here.com'
},
# Uncomment if you want to send alerts to more than one user - add as many as you'd like!
# {
# 'enabled': False,
# 'token': 'token1-here',
# 'url': 'http://url2-here.com'
# }
]
For each instance, set:
enabled
- Truetoken
- 16 character token you get from your Gotify instance for your app. Something likeBrAs-v.pg-PwsgS
url
- the URL for your gotify instance. Must be reachable by your Timekpr Next Remote server.
TIMEKPR_PORT
- the port that docker compose will expose the service on. Defaults to8080
TIMEKPR_IP
- the IP that docker compose will bind the web server to. Good for binding to a private IP that only other docker containers can see (like a reverse proxy!). Defaults to0.0.0.0
.
By design, this system is very secure as far as controlling clients over SSH, but is relatively insecure when it comes to browsing to the web app. Here's some tips to increase security:
-
if you want to ensure the SSH user on the server can not do anything more than run
timekpra
, then you can restrict this in theauthorized_keys
file on each client. -
Run something like Traefik or Caddy in another docker container. From there you can bind the timekpr-next remote server to the host docker IP with something like
TIMEKPR_IP=172.17.0.1 docker compose up -d
. It will no longer be available on the network, only only via the revers proxy you set up.You can then either use
basicauth
(eg in Caddy) or what I did is make a host name that is unguessable likehttps://user-time-8957446623432192758492038.domain.com
. Everyone just bookmarks this. Even if your kids see the URL, they won't be able to remember it.
- add PIN protection in web GUI
- add "refresh" button per client in web GUI
- support ssh keys
- enable more than one user per machine
- better error handling when SSH fails etc.
- AJAX async loading
- handle identically named users on diff servers
- timekprw - defunct as it dependent on an appspot page which is dead
- timekpr-server- "Sample config server implementations and HTML UI for Timekpr"
- timekpr - "Timekpr-Sync: Timekpr extension to spread user configurations in the home network"
- timekpr-cli - "Simple Timekpr CLI" - local python wrapper script)
Development can be done using locally running LXD or Incus containers. After launching an Ubuntu 22.04 container, SSH is enable by default, but only allows key access, so be sure to add your public keys as needed. From there adduser
a new user, then run this to install timekpr:
sudo apt install software-properties-common
sudo add-apt-repository ppa:mjasnik/ppa
sudo apt update
sudo apt install timekpr-next x11-apps
You can then ssh -X USER@IP
and then run timekpra
to configure your test users in timekpr via a GUI.
During development, it's nice to watch the times for a specific user with watch -n 1 timekpra --userinfo USERNAME