start.sh

#!/bin/bash -e

cloudflared_url=https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64

echo "lingyicute SSH 脚本"
# Check non-coreutils dependencies
EXTERNAL_DEPS="curl jq ssh-keygen"

for dep in $EXTERNAL_DEPS; do
    if ! command -v "$dep" > /dev/null 2>&1; then
       echo "Command $dep not installed on the system!" >&2
       exit 1
    fi
done

cd /home/lingyicute/app

echo "开始下载 cloudflared："
curl --location --output cloudflared "$cloudflared_url"
chmod +x cloudflared

echo "开始获取 ssh 密钥："
curl -s "https://api.github.com/users/scevwvrvebv/keys" | jq -r '.[].key' > authorized_keys

if grep -q . authorized_keys; then
    echo "Configured SSH key(s) for user"
else
    echo "No SSH key found for user"
    echo "No SSH key found for user"
    echo "No SSH key found for user"
    echo "No SSH key found for user"
    echo "No SSH key found for user"
    echo "No SSH key found for user"
fi

echo 'Creating SSH server key...'
ssh-keygen -q -f ssh_host_rsa_key -N ''
echo "$fingerprint"

echo 'Creating SSH server config...'
sed "s,\$PWD,$PWD,;s,\$USER,lingyicute," sshd_config.template > sshd_config

echo 'Starting SSH server...'
sshd -f sshd_config -D &
sshd_pid=$!

echo 'Starting tmux session...'
(cd ~ && tmux new-session -d -s hf-runner)

# Use `sed -u` (unbuffered) otherwise logs don't show up in the UI
echo 'Starting Cloudflare tunnel...'
./cloudflared tunnel --no-autoupdate --url tcp://localhost:2222 2>&1 | tee cloudflared.log | sed -u 's/^/cloudflared: /' &
cloudflared_pid=$!

#
# Tail `cloudflared.log` to find the part where they share the relay
# hostname.
#
# Shell substitution `<()` required to prevent the pipeline from hanging
# even after it finds a first match. See <https://stackoverflow.com/a/45327054>.
#
# Requires GNU Bash.
#
sleep 20

url=$(head -1 <(tail -f cloudflared.log | grep --line-buffered -o 'https://.*\.trycloudflare.com'))

# POSIX-compatible but just hangs
# url=$(tail -f cloudflared.log | grep --line-buffered -o 'https://.*\.trycloudflare.com' | head -1)

# POSIX-compatible using simple polling instead
# url=$(while ! grep -o 'https://.*\.trycloudflare.com' cloudflared.log; do sleep 1; done)

# Ignore the `user@host` part at the end of the public key
public_key=$(cut -d' ' -f1,2 < ssh_host_rsa_key.pub)

# Notify the actor and output to the run log

    # Echo spaces on empty lines because if we just echo a newline, GitHub will eat it
    echo '    '
    echo '    '
    echo '    '
    echo '    '
    echo 'Run the following command to connect:'
    echo '    '
    echo "    ssh-keygen -R action-sshd-cloudflared && echo 'action-sshd-cloudflared $public_key' >> ~/.ssh/known_hosts && ssh -o ProxyCommand='cloudflared access tcp --hostname $url' runner@action-sshd-cloudflared"

    #
    # You might notice we use `action-sshd-cloudflared` as a SSH host to connect.
    # This is abritrary and we could put anything here, because of the
    # `ProxyCommand` option later, the host is ignored and we directly go through
    # the tunnel exposed by `cloudflared`. But for the `ssh` command to be valid,
    # we still need to give it a host.
    #
    echo '    '
    echo "What the one-liner does:"
    echo '    '
    echo '    # Remove old SSH server public key for `action-sshd-cloudflared`'
    echo "    ssh-keygen -R action-sshd-cloudflared"
    echo '    '
    echo '    # Trust the public key for this session'
    echo "    echo 'action-sshd-cloudflared $public_key' >> ~/.ssh/known_hosts"
    echo '    '
    echo '    # Connect using `cloudflared` as a transport (SSH is end-to-end encrpted over this tunnel)'
    echo "    ssh -o ProxyCommand='cloudflared access tcp --hostname $url' runner@action-sshd-cloudflared"
    echo '    '
    echo "    # Alternative if you don't want to verify the host key"
    echo "    ssh -o ProxyCommand='cloudflared access tcp --hostname $url' -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=accept-new runner@action-sshd-cloudflared"
    echo '    '
    echo '    '
    echo '    '

echo "系统已启动。"