| # ββ Base image ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| FROM node:20-slim | |
| # ββ System dependencies βββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| # python3 / make / g++ β required to compile node-pty (used by shellular) | |
| # python3-pip β for yt-dlp and other Python tools | |
| # wget / curl β general-purpose download utilities | |
| # git β version control | |
| # neofetch β system info display | |
| # mediainfo β media file metadata inspector | |
| RUN apt-get update && \ | |
| apt-get install -y --no-install-recommends \ | |
| python3 \ | |
| python3-pip \ | |
| make \ | |
| g++ \ | |
| wget \ | |
| curl \ | |
| git \ | |
| sudo \ | |
| neofetch \ | |
| mediainfo \ | |
| python3-venv \ | |
| screen \ | |
| ca-certificates \ | |
| openssl \ | |
| && rm -rf /var/lib/apt/lists/* | |
| # ββ Passwordless sudo for the node user ββββββββββββββββββββββββββββββββββββββ | |
| # Lets you run sudo apt install <pkg> inside the shellular terminal | |
| # without needing a password. | |
| RUN echo "node ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/node && \ | |
| chmod 0440 /etc/sudoers.d/node | |
| # ββ yt-dlp (installed via pip, break-system-packages is fine in a container) ββ | |
| RUN pip3 install --no-cache-dir --break-system-packages yt-dlp | |
| # ββ Pin a stable machine-id βββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| # WHY THIS IS HERE (not in secrets): | |
| # β’ The shellular relay authenticates connections by matching the machineId | |
| # that was used at registration time. The container's /etc/machine-id must | |
| # always hash to the same value as SHELLULAR_MACHINE_ID in HF Secrets. | |
| # β’ /etc/machine-id must be written as root, at BUILD time. HF Spaces runs | |
| # all containers as UID 1000 at runtime, so it cannot be written then. | |
| # β’ This value is a stable identifier, NOT a secret or auth token. | |
| # The actual secrets (SHELLULAR_KEY, SHELLULAR_HOST_ID) live in HF Secrets. | |
| RUN echo "d8904b4d338adf83688caac869f64c0b" > /etc/machine-id && \ | |
| mkdir -p /var/lib/dbus && \ | |
| echo "d8904b4d338adf83688caac869f64c0b" > /var/lib/dbus/machine-id | |
| # ββ Use the built-in "node" user (UID 1000, matches HF Spaces runtime) ββββββββ | |
| USER node | |
| ENV HOME=/home/node \ | |
| PATH="/home/node/.npm-global/bin:${PATH}" | |
| # ββ Install shellular globally ββββββββββββββββββββββββββββββββββββββββββββββββ | |
| RUN npm config set prefix /home/node/.npm-global && \ | |
| npm install -g shellular | |
| # ββ App βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| WORKDIR /home/node/app | |
| COPY --chown=node:node package*.json ./ | |
| RUN npm install --omit=dev | |
| COPY --chown=node:node . . | |
| # ββ Runtime βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| EXPOSE 7860 | |
| ENV PORT=7860 | |
| CMD ["node", "app.js"] | |