#!/bin/bash # 1. Setup localized SSH environment mkdir -p $HOME/ssh mkdir -p $HOME/.ssh chmod 700 $HOME/.ssh # Inject SSH Public Key from HF Secrets (Essential for secure non-root auth) if [ -n "$SSH_PUBLIC_KEY" ]; then echo "$SSH_PUBLIC_KEY" > $HOME/.ssh/authorized_keys chmod 600 $HOME/.ssh/authorized_keys else echo "WARNING: SSH_PUBLIC_KEY secret is not set. SSH login will fail." fi # Generate an ephemeral Host Key for the container if [ ! -f "$HOME/ssh/ssh_host_rsa_key" ]; then ssh-keygen -t rsa -f $HOME/ssh/ssh_host_rsa_key -N "" -q fi # Create a custom, non-root sshd_config cat < $HOME/ssh/sshd_config Port 2222 HostKey $HOME/ssh/ssh_host_rsa_key PidFile $HOME/ssh/sshd.pid AuthorizedKeysFile $HOME/.ssh/authorized_keys PasswordAuthentication no PubkeyAuthentication yes StrictModes no UsePAM no EOF # 2. Start the SSH daemon in the background pointing to the custom config /usr/sbin/sshd -f $HOME/ssh/sshd_config # 3. Dummy Health Check for Hugging Face (Port 7860) # This prevents the Space from crashing by satisfying the proxy's uptime ping echo "

Space Booted. Background Tunnel Active.

" > $HOME/index.html python3 -m http.server 7860 --bind 0.0.0.0 --directory $HOME & # 4. Execute Cloudflare Tunnel if [ -z "$CLOUDFLARE_TOKEN" ]; then echo "Error: CLOUDFLARE_TOKEN secret is missing!" tail -f /dev/null # Keep container alive for debugging if tunnel fails else echo "Initializing Cloudflare Tunnel..." cloudflared tunnel --no-autoupdate run --token $CLOUDFLARE_TOKEN fi