Update Dockerfile

Dockerfile

@@ -2,71 +2,58 @@
 FROM node:20-slim
 
 # ── System dependencies ───────────────────────────────────────────────────────
-# python3 / make / g++  — required to compile node-pty (used by shellular)
-# python3-pip           — for yt-dlp and other Python tools
-# wget / curl           — general-purpose download utilities
-# git                   — version control
-# neofetch              — system info display
-# mediainfo             — media file metadata inspector
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
         python3 \
         python3-pip \
+        python3-venv \
         make \
         g++ \
         wget \
         curl \
         git \
-        sudo \
         neofetch \
         mediainfo \
-        python3-venv \
         screen \
-        ca-certificates \
-        openssl \
+        nano \
     && rm -rf /var/lib/apt/lists/*
 
-# ── Passwordless sudo for the node user ──────────────────────────────────────
-# Lets you run  sudo apt install <pkg>  inside the shellular terminal
-# without needing a password.
-RUN echo "node ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/node && \
-    chmod 0440 /etc/sudoers.d/node
+# ── Install bore (TCP tunnel — exposes SSH publicly for Termius) ──────────────
+RUN wget -q "https://github.com/ekzhang/bore/releases/download/v0.5.0/bore-v0.5.0-x86_64-unknown-linux-musl.tar.gz" \
+        -O /tmp/bore.tar.gz && \
+    tar -xzf /tmp/bore.tar.gz -C /usr/local/bin bore && \
+    chmod +x /usr/local/bin/bore && \
+    rm /tmp/bore.tar.gz
 
-# ── yt-dlp (installed via pip, break-system-packages is fine in a container) ──
-RUN pip3 install --no-cache-dir --break-system-packages yt-dlp
+# ── Prepare SSH runtime dirs ──────────────────────────────────────────────────
 
 # ── Pin a stable machine-id ───────────────────────────────────────────────────
-# WHY THIS IS HERE (not in secrets):
-#   • The shellular relay authenticates connections by matching the machineId
-#     that was used at registration time. The container's /etc/machine-id must
-#     always hash to the same value as SHELLULAR_MACHINE_ID in HF Secrets.
-#   • /etc/machine-id must be written as root, at BUILD time. HF Spaces runs
-#     all containers as UID 1000 at runtime, so it cannot be written then.
-#   • This value is a stable identifier, NOT a secret or auth token.
-#     The actual secrets (SHELLULAR_KEY, SHELLULAR_HOST_ID) live in HF Secrets.
 RUN echo "d8904b4d338adf83688caac869f64c0b" > /etc/machine-id && \
     mkdir -p /var/lib/dbus && \
     echo "d8904b4d338adf83688caac869f64c0b" > /var/lib/dbus/machine-id
 
-# ── Use the built-in "node" user (UID 1000, matches HF Spaces runtime) ────────
-USER node
-ENV HOME=/home/node \
-    PATH="/home/node/.npm-global/bin:${PATH}"
+# ── Set HOME for root ─────────────────────────────────────────────────────────
+ENV HOME=/root \
+    PATH="/root/.npm-global/bin:/root/venv/bin:${PATH}" \
+    VIRTUAL_ENV=/root/venv \
+    PIP_NO_CACHE_DIR=1
+
+# ── Create a persistent Python venv ──────────────────────────────────────────
+RUN python3 -m venv /root/venv && \
+    /root/venv/bin/pip install --upgrade pip && \
+    /root/venv/bin/pip install huggingface_hub
 
 # ── Install shellular globally ────────────────────────────────────────────────
-RUN npm config set prefix /home/node/.npm-global && \
+RUN npm config set prefix /root/.npm-global && \
     npm install -g shellular
 
 # ── App ───────────────────────────────────────────────────────────────────────
-WORKDIR /home/node/app
-
-COPY --chown=node:node package*.json ./
+WORKDIR /root/app
+COPY package*.json ./
 RUN npm install --omit=dev
-
-COPY --chown=node:node . .
+COPY . .
 
 # ── Runtime ───────────────────────────────────────────────────────────────────
 EXPOSE 7860
 ENV PORT=7860
-
-CMD ["node", "app.js"]
+CMD ["node", "app.js"]