PrimeTime / start.sh
Shinhati2023's picture
Create start.sh
bb5b628 verified
Raw
History Blame Contribute Delete
1.57 kB
#!/bin/bash
# 1. Setup localized SSH environment
mkdir -p $HOME/ssh
mkdir -p $HOME/.ssh
chmod 700 $HOME/.ssh
# Inject SSH Public Key from HF Secrets (Essential for secure non-root auth)
if [ -n "$SSH_PUBLIC_KEY" ]; then
echo "$SSH_PUBLIC_KEY" > $HOME/.ssh/authorized_keys
chmod 600 $HOME/.ssh/authorized_keys
else
echo "WARNING: SSH_PUBLIC_KEY secret is not set. SSH login will fail."
fi
# Generate an ephemeral Host Key for the container
if [ ! -f "$HOME/ssh/ssh_host_rsa_key" ]; then
ssh-keygen -t rsa -f $HOME/ssh/ssh_host_rsa_key -N "" -q
fi
# Create a custom, non-root sshd_config
cat <<EOF > $HOME/ssh/sshd_config
Port 2222
HostKey $HOME/ssh/ssh_host_rsa_key
PidFile $HOME/ssh/sshd.pid
AuthorizedKeysFile $HOME/.ssh/authorized_keys
PasswordAuthentication no
PubkeyAuthentication yes
StrictModes no
UsePAM no
EOF
# 2. Start the SSH daemon in the background pointing to the custom config
/usr/sbin/sshd -f $HOME/ssh/sshd_config
# 3. Dummy Health Check for Hugging Face (Port 7860)
# This prevents the Space from crashing by satisfying the proxy's uptime ping
echo "<html><body><h1>Space Booted. Background Tunnel Active.</h1></body></html>" > $HOME/index.html
python3 -m http.server 7860 --bind 0.0.0.0 --directory $HOME &
# 4. Execute Cloudflare Tunnel
if [ -z "$CLOUDFLARE_TOKEN" ]; then
echo "Error: CLOUDFLARE_TOKEN secret is missing!"
tail -f /dev/null # Keep container alive for debugging if tunnel fails
else
echo "Initializing Cloudflare Tunnel..."
cloudflared tunnel --no-autoupdate run --token $CLOUDFLARE_TOKEN
fi