tfrfu

Sleeping

App Files Files Community

tfrfu / Dockerfile

no-name-here

Update Dockerfile

9d77a50 verified about 1 month ago

raw

history blame contribute delete

6.38 kB

	# ──────────────────────────────────────────────────────────────────────────────
	# HuggingFace Spaces Docker – SSH remote dev environment via gsocket
	#
	# HOW IT WORKS:
	# • A tiny Python HTTP server runs on port 7860 → satisfies HF health check
	# • sshd listens on port 2222 internally
	# • gsocket wraps sshd so you can reach it peer-to-peer without open ports
	#
	# TO CONNECT (from your local machine, after container starts):
	# gs-netcat -s YOUR_SECRET -i (interactive shell)
	# OR
	# gsocket -s YOUR_SECRET ssh user@localhost
	# ──────────────────────────────────────────────────────────────────────────────
	FROM python:3.9

	ENV DEBIAN_FRONTEND=noninteractive

	# ── System deps ───────────────────────────────────────────────────────────────
	RUN apt-get update && apt-get install -y \
	openssh-server \
	curl \
	build-essential \
	libssl-dev \
	git \
	automake \
	autoconf \
	nano \
	net-tools \
	wget \
	sudo \
	gnupg \
	ca-certificates \
	libcap2-bin && \
	rm -rf /var/lib/apt/lists/*

	# ── SSH setup ─────────────────────────────────────────────────────────────────
	RUN mkdir -p /var/run/sshd && \
	ssh-keygen -A

	# CRITICAL: private host keys must be 600 — sshd refuses to start with 644
	RUN chmod 600 /etc/ssh/ssh_host_*_key && \
	chmod 644 /etc/ssh/ssh_host_*_key.pub

	# SSH config: internal port 2222, key-auth only
	RUN sed -i -E 's/#?Port 22/Port 2222/' /etc/ssh/sshd_config && \
	sed -i -E 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config && \
	sed -i -E 's/#?UsePAM yes/UsePAM no/' /etc/ssh/sshd_config && \
	sed -i -E 's/#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config && \
	sed -i -E 's/#?ChallengeResponseAuthentication .*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config && \
	sed -i -E 's/#?PermitRootLogin .*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config

	# ── Non-root user ─────────────────────────────────────────────────────────────
	RUN useradd -m -u 1000 -s /bin/bash user && \
	usermod -aG sudo user && \
	echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/user && \
	echo "user:user" \| chpasswd && \
	usermod -U user

	# ── Authorized key ─────────────────────────────────────────────────────────────
	# REPLACE the key below with your own: ssh-keygen -t ed25519 -C "hf-space"
	# You can also pass it at build time: docker build --build-arg SSH_PUBLIC_KEY="$(cat ~/.ssh/id_ed25519.pub)"
	ARG SSH_PUBLIC_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/ea9QICE2WvsyrW8pExgonHhJPz5Kuj0jvX6HmsSWM hf-spac"

	RUN mkdir -p /home/user/.ssh /root/.ssh && \
	echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/ea9QICE2WvsyrW8pExgonHhJPz5Kuj0jvX6HmsSWM hf-spac" > /home/user/.ssh/authorized_keys && \
	echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWxPZTbbTrzQcOeO7qgLKr8DdnzZYT6Ciy+1hxKg5gT/JEk9Z1jS77YHhV6CEcrZ3dN6hsfOeIhn4sgXhR+4CqtkeWJmXiifsfp4+hDWgTiWWQoabgNnxq7+XS0Skh90yqjhA18RZOedf5cHrr1KhgmPZ0NwOOg6A84Z5oYNTuXPfHKHjfgdByvGqVOOHku7cesNS+syPz+QmSbIM5R31IaP3cuB+tnEIIid6Zc7q7DFAE0iheiaLWW0fGVRJ4tngxh2XxSoog1Qr+AHSLcmTBByAJwpu2iwXg6sv1M0rCDvNSuthlgi8y9M/mQ4UzQdPrJnHmDS4AhMCdaI/0YIgo5EEn9gvq/BMSCI+8AU8URZOMCn+DCygEHXVnCcblHm8/SLXH0DMaSuGR8jmnIXDxGi3NFwT+WwRKVsc8J/OLuJDD6ADJWsIjO0rA9TUEzm05Eub5+ugS4wswHsBF4VN+MlaQUqGBMurUGJLs+LXGbgoOZEhC7VCEdou+aOyzzjnYhZ4Ss4ope/xtlMpL1dGCle3jYlugnMbUUqtC8KGjETPhHlc+w2KahpjlaQaw/HJo523ZIcD0ZunPylSPgOGyTfZzv/fEvy7UzV0cRwc6YVEB/fNll+4V3bsFk/hjHRb8KVQTNvtEXnaZVG1xZ48ooJSXhzn3b/zDMzP+OzAfgw== hf-space" >> /home/user/.ssh/authorized_keys && \
	echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxiyMGImiwuQGuc1gglcuheK2NO9vy38BpamLMxD+XX hf-space" >> /home/user/.ssh/authorized_keys && \
	cp /home/user/.ssh/authorized_keys /root/.ssh/authorized_keys && \
	chmod 700 /home/user/.ssh /root/.ssh && \
	chmod 600 /home/user/.ssh/authorized_keys /root/.ssh/authorized_keys && \
	chown -R user:user /home/user/.ssh

	# ── gsocket ───────────────────────────────────────────────────────────────────
	# Build from source — no .deb dependencies, works in all environments.
	# autoreconf/automake/autoconf/libssl-dev are already installed above.
	RUN git clone --depth=1 https://github.com/hackerschoice/gsocket.git /tmp/gsocket-src && \
	cd /tmp/gsocket-src && \
	autoreconf -fi && \
	./configure && \
	make && \
	make install && \
	rm -rf /tmp/gsocket-src

	# ── Optional: Code Server (VS Code in browser on port 8080) ───────────────────
	# Uncomment if you want a browser-based IDE as well:
	# RUN curl -fsSL https://code-server.dev/install.sh \| sh

	# ── App ───────────────────────────────────────────────────────────────────────
	WORKDIR /app
	COPY . /app

	COPY entrypoint.sh /entrypoint.sh
	RUN chmod +x /entrypoint.sh

	# HuggingFace Spaces health-checks port 7860 via HTTP
	EXPOSE 7860

	CMD ["/entrypoint.sh"]

	# ── Debug: confirm bash path and fix shell ────────────────────────────────────
	RUN which bash && ls -la /bin/bash && \
	chsh -s /bin/bash user && \
	chsh -s /bin/bash root