Spaces:

Vvbbnnn
/

vps

Paused

App Files Files Community

soxogvv commited on 19 days ago

Commit

a74b29d

verified ·

1 Parent(s): 96bd928

Upload 2 files

Browse files

Files changed (2) hide show

Dockerfile +12 -1
app.js +106 -10

Dockerfile CHANGED Viewed

@@ -16,8 +16,19 @@ RUN apt-get update && \
         mediainfo \
         screen \
         nano \
     && rm -rf /var/lib/apt/lists/*
 # ── Pin a stable machine-id ───────────────────────────────────────────────────
 RUN echo "d8904b4d338adf83688caac869f64c0b" > /etc/machine-id && \
     mkdir -p /var/lib/dbus && \
@@ -47,4 +58,4 @@ COPY . .
 # ── Runtime ───────────────────────────────────────────────────────────────────
 EXPOSE 7860
 ENV PORT=7860
-CMD ["node", "app.js"]

         mediainfo \
         screen \
         nano \
+        openssh-server \
     && rm -rf /var/lib/apt/lists/*
+# ── Install bore (TCP tunnel — exposes SSH publicly for Termius) ──────────────
+RUN wget -q "https://github.com/ekzhang/bore/releases/download/v0.5.0/bore-v0.5.0-x86_64-unknown-linux-musl.tar.gz" \
+        -O /tmp/bore.tar.gz && \
+    tar -xzf /tmp/bore.tar.gz -C /usr/local/bin bore && \
+    chmod +x /usr/local/bin/bore && \
+    rm /tmp/bore.tar.gz
+# ── Prepare SSH runtime dirs ──────────────────────────────────────────────────
+RUN mkdir -p /run/sshd /root/.ssh
 # ── Pin a stable machine-id ───────────────────────────────────────────────────
 RUN echo "d8904b4d338adf83688caac869f64c0b" > /etc/machine-id && \
     mkdir -p /var/lib/dbus && \
 # ── Runtime ───────────────────────────────────────────────────────────────────
 EXPOSE 7860
 ENV PORT=7860
+CMD ["node", "app.js"]

app.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import express from 'express';
-import { spawn } from 'child_process';
 import crypto from 'crypto';
 import fs from 'fs';
 import os from 'os';
@@ -17,19 +17,22 @@ if (!SECRET_KEY) {
   process.exit(1);
 }
 app.use(express.json());
 app.use(express.static(path.join(__dirname, 'public')));
 // ── Session store ─────────────────────────────────────────────────────────────
 const sessions = new Set();
-// Persistent auto-token derived from SECRET_KEY — survives restarts on the
-// client side (stored in sessionStorage) and is always valid server-side.
 const AUTO_TOKEN = crypto.createHash('sha256').update(`auto:${SECRET_KEY}`).digest('hex');
 sessions.add(AUTO_TOKEN);
-// Unauthenticated endpoint — lets the frontend self-authenticate after a
-// container restart without the user having to type the key again.
 app.get('/api/auto-token', (_req, res) => {
   res.json({ token: AUTO_TOKEN });
 });
@@ -259,7 +262,6 @@ function startSyncPy() {
   syncProc.on('exit', (code, signal) => {
     console.warn(`[sync] sync.py exited — code=${code ?? '?'}, signal=${signal ?? 'none'}`);
     syncProc = null;
-    // Auto-restart after 10s if it crashes
     setTimeout(startSyncPy, 10_000);
   });
 }
@@ -270,6 +272,99 @@ function stopSyncPy() {
   syncProc = null;
 }
 // ── SSE stream ─────────────────────────────────────────────────────────────────
 app.get('/api/stream', requireAuth, (req, res) => {
   res.setHeader('Content-Type', 'text/event-stream');
@@ -351,10 +446,11 @@ app.get('/api/shellular/qr-data', requireAuth, (_req, res) => {
 // ��─ Start ──────────────────────────────────────────────────────────────────────
 app.listen(PORT, '0.0.0.0', () => {
   console.log(`Shellular Web UI → http://0.0.0.0:${PORT}`);
-  startSyncPy();     // 🐍 Launch sync.py on server start
-  startShellular();  // 🚀 Auto-start shellular on boot so QR is ready immediately
 });
 // ── Graceful shutdown ──────────────────────────────────────────────────────────
-process.on('SIGTERM', () => { stopShellular(); stopSyncPy(); });
-process.on('SIGINT',  () => { stopShellular(); stopSyncPy(); });

 import express from 'express';
+import { spawn, execSync } from 'child_process';
 import crypto from 'crypto';
 import fs from 'fs';
 import os from 'os';
   process.exit(1);
 }
+// SSH password: deterministic from SECRET_KEY — same across restarts, easy to copy
+const SSH_PASSWORD = crypto
+  .createHash('sha256')
+  .update(`ssh:${SECRET_KEY}`)
+  .digest('hex')
+  .slice(0, 20);
 app.use(express.json());
 app.use(express.static(path.join(__dirname, 'public')));
 // ── Session store ─────────────────────────────────────────────────────────────
 const sessions = new Set();
 const AUTO_TOKEN = crypto.createHash('sha256').update(`auto:${SECRET_KEY}`).digest('hex');
 sessions.add(AUTO_TOKEN);
 app.get('/api/auto-token', (_req, res) => {
   res.json({ token: AUTO_TOKEN });
 });
   syncProc.on('exit', (code, signal) => {
     console.warn(`[sync] sync.py exited — code=${code ?? '?'}, signal=${signal ?? 'none'}`);
     syncProc = null;
     setTimeout(startSyncPy, 10_000);
   });
 }
   syncProc = null;
 }
+// ── SSH server setup ──────────────────────────────────────────────────────────
+function setupSSH() {
+  try {
+    // Set root password
+    execSync(`echo "root:${SSH_PASSWORD}" | chpasswd`, { stdio: 'ignore' });
+    console.log('[ssh] root password set');
+    // Allow root + password login
+    fs.mkdirSync('/etc/ssh/sshd_config.d', { recursive: true });
+    fs.writeFileSync('/etc/ssh/sshd_config.d/99-termius.conf', [
+      'PermitRootLogin yes',
+      'PasswordAuthentication yes',
+      'ChallengeResponseAuthentication no',
+      'UsePAM no',
+      'PrintMotd no',
+    ].join('\n') + '\n', 'utf-8');
+    // Generate host keys (no-op if already present)
+    execSync('ssh-keygen -A', { stdio: 'ignore' });
+    // Launch sshd
+    const sshd = spawn('/usr/sbin/sshd', ['-D', '-e'], {
+      detached: true,
+      stdio: 'ignore',
+    });
+    sshd.unref();
+    console.log('[ssh] sshd started, pid:', sshd.pid);
+    // Give sshd a moment then open the bore tunnel
+    setTimeout(startBore, 2000);
+  } catch (err) {
+    console.error('[ssh] setup error:', err.message);
+  }
+}
+// ── Bore tunnel (exposes SSH port to the internet) ────────────────────────────
+let boreProc = null;
+let boreHost = null;
+let borePort = null;
+function startBore() {
+  if (boreProc) return;
+  console.log('[bore] starting tunnel…');
+  boreProc = spawn('bore', ['local', '22', '--to', 'bore.pub'], {
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+  const onData = (chunk) => {
+    const text = chunk.toString();
+    console.log('[bore]', text.trim());
+    // bore prints: "… Listening at bore.pub:NNNNN"
+    const m = text.match(/bore\.pub:(\d+)/i);
+    if (m) {
+      boreHost = 'bore.pub';
+      borePort = parseInt(m[1], 10);
+      console.log(`[bore] tunnel ready → ${boreHost}:${borePort}`);
+    }
+  };
+  boreProc.stdout.on('data', onData);
+  boreProc.stderr.on('data', onData);
+  boreProc.on('error', (err) => {
+    console.error('[bore] error:', err.message);
+    boreProc = null; boreHost = null; borePort = null;
+    setTimeout(startBore, 15_000);
+  });
+  boreProc.on('exit', (code, signal) => {
+    console.warn(`[bore] exited code=${code} signal=${signal} — restarting in 10 s`);
+    boreProc = null; boreHost = null; borePort = null;
+    setTimeout(startBore, 10_000);
+  });
+}
+function stopBore() {
+  if (!boreProc) return;
+  boreProc.kill('SIGTERM');
+  boreProc = null; boreHost = null; borePort = null;
+}
+// ── SSH info endpoint (used by frontend to show Termius credentials) ──────────
+app.get('/api/ssh-info', requireAuth, (_req, res) => {
+  res.json({
+    ready:    !!(boreHost && borePort),
+    host:     boreHost,
+    port:     borePort,
+    username: 'root',
+    password: SSH_PASSWORD,
+  });
+});
 // ── SSE stream ─────────────────────────────────────────────────────────────────
 app.get('/api/stream', requireAuth, (req, res) => {
   res.setHeader('Content-Type', 'text/event-stream');
 // ��─ Start ──────────────────────────────────────────────────────────────────────
 app.listen(PORT, '0.0.0.0', () => {
   console.log(`Shellular Web UI → http://0.0.0.0:${PORT}`);
+  startSyncPy();    // 🐍 Sync to HF dataset
+  startShellular(); // 🚀 Shellular for QR access
+  setupSSH();       // 🔒 SSH server + bore tunnel for Termius
 });
 // ── Graceful shutdown ──────────────────────────────────────────────────────────
+process.on('SIGTERM', () => { stopShellular(); stopSyncPy(); stopBore(); });
+process.on('SIGINT',  () => { stopShellular(); stopSyncPy(); stopBore(); });