Spaces:
Paused
Paused
Upload start.sh
Browse files
start.sh
ADDED
|
@@ -0,0 +1,113 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
#!/bin/bash -e
|
| 2 |
+
|
| 3 |
+
cloudflared_url=https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
|
| 4 |
+
|
| 5 |
+
echo "lingyicute Cloudflared SSH 脚本开始:"
|
| 6 |
+
# Check non-coreutils dependencies
|
| 7 |
+
EXTERNAL_DEPS="curl jq ssh-keygen"
|
| 8 |
+
|
| 9 |
+
for dep in $EXTERNAL_DEPS; do
|
| 10 |
+
if ! command -v "$dep" > /dev/null 2>&1; then
|
| 11 |
+
echo "Command $dep not installed on the system!" >&2
|
| 12 |
+
exit 1
|
| 13 |
+
fi
|
| 14 |
+
done
|
| 15 |
+
|
| 16 |
+
cd /home/lingyicute/app
|
| 17 |
+
|
| 18 |
+
echo "开始下载 cloudflared:"
|
| 19 |
+
curl --location --silent --output cloudflared "$cloudflared_url"
|
| 20 |
+
chmod +x cloudflared
|
| 21 |
+
|
| 22 |
+
echo "开始获取 ssh 密钥:"
|
| 23 |
+
curl -s "https://api.github.com/users/scevwvrvebv/keys" | jq -r '.[].key' > authorized_keys
|
| 24 |
+
|
| 25 |
+
if grep -q . authorized_keys; then
|
| 26 |
+
echo "Configured SSH key(s) for user"
|
| 27 |
+
else
|
| 28 |
+
echo "No SSH key found for user"
|
| 29 |
+
echo "No SSH key found for user"
|
| 30 |
+
echo "No SSH key found for user"
|
| 31 |
+
echo "No SSH key found for user"
|
| 32 |
+
echo "No SSH key found for user"
|
| 33 |
+
echo "No SSH key found for user"
|
| 34 |
+
fi
|
| 35 |
+
|
| 36 |
+
echo 'Creating SSH server key...'
|
| 37 |
+
ssh-keygen -q -f ssh_host_rsa_key -N ''
|
| 38 |
+
echo "$fingerprint"
|
| 39 |
+
|
| 40 |
+
echo 'Creating SSH server config...'
|
| 41 |
+
sed "s,\$PWD,$PWD,;s,\$USER,lingyicute," sshd_config.template > sshd_config
|
| 42 |
+
|
| 43 |
+
echo 'Starting SSH server...'
|
| 44 |
+
sshd -f sshd_config -D &
|
| 45 |
+
sshd_pid=$!
|
| 46 |
+
|
| 47 |
+
echo 'Starting tmux session...'
|
| 48 |
+
(cd ~ && tmux new-session -d -s hf-runner)
|
| 49 |
+
|
| 50 |
+
# Use `sed -u` (unbuffered) otherwise logs don't show up in the UI
|
| 51 |
+
echo 'Starting Cloudflare tunnel...'
|
| 52 |
+
./cloudflared tunnel --no-autoupdate --url tcp://localhost:2222 2>&1 | tee cloudflared.log | sed -u 's/^/cloudflared: /' &
|
| 53 |
+
cloudflared_pid=$!
|
| 54 |
+
|
| 55 |
+
#
|
| 56 |
+
# Tail `cloudflared.log` to find the part where they share the relay
|
| 57 |
+
# hostname.
|
| 58 |
+
#
|
| 59 |
+
# Shell substitution `<()` required to prevent the pipeline from hanging
|
| 60 |
+
# even after it finds a first match. See <https://stackoverflow.com/a/45327054>.
|
| 61 |
+
#
|
| 62 |
+
# Requires GNU Bash.
|
| 63 |
+
#
|
| 64 |
+
sleep 20
|
| 65 |
+
|
| 66 |
+
url=$(head -1 <(tail -f cloudflared.log | grep --line-buffered -o 'https://.*\.trycloudflare.com'))
|
| 67 |
+
|
| 68 |
+
# POSIX-compatible but just hangs
|
| 69 |
+
# url=$(tail -f cloudflared.log | grep --line-buffered -o 'https://.*\.trycloudflare.com' | head -1)
|
| 70 |
+
|
| 71 |
+
# POSIX-compatible using simple polling instead
|
| 72 |
+
# url=$(while ! grep -o 'https://.*\.trycloudflare.com' cloudflared.log; do sleep 1; done)
|
| 73 |
+
|
| 74 |
+
# Ignore the `user@host` part at the end of the public key
|
| 75 |
+
public_key=$(cut -d' ' -f1,2 < ssh_host_rsa_key.pub)
|
| 76 |
+
|
| 77 |
+
# Notify the actor and output to the run log
|
| 78 |
+
|
| 79 |
+
# Echo spaces on empty lines because if we just echo a newline, GitHub will eat it
|
| 80 |
+
echo ' '
|
| 81 |
+
echo ' '
|
| 82 |
+
echo ' '
|
| 83 |
+
echo ' '
|
| 84 |
+
echo 'Run the following command to connect:'
|
| 85 |
+
echo ' '
|
| 86 |
+
echo " ssh-keygen -R action-sshd-cloudflared && echo 'action-sshd-cloudflared $public_key' >> ~/.ssh/known_hosts && ssh -o ProxyCommand='cloudflared access tcp --hostname $url' runner@action-sshd-cloudflared"
|
| 87 |
+
|
| 88 |
+
#
|
| 89 |
+
# You might notice we use `action-sshd-cloudflared` as a SSH host to connect.
|
| 90 |
+
# This is abritrary and we could put anything here, because of the
|
| 91 |
+
# `ProxyCommand` option later, the host is ignored and we directly go through
|
| 92 |
+
# the tunnel exposed by `cloudflared`. But for the `ssh` command to be valid,
|
| 93 |
+
# we still need to give it a host.
|
| 94 |
+
#
|
| 95 |
+
echo ' '
|
| 96 |
+
echo "What the one-liner does:"
|
| 97 |
+
echo ' '
|
| 98 |
+
echo ' # Remove old SSH server public key for `action-sshd-cloudflared`'
|
| 99 |
+
echo " ssh-keygen -R action-sshd-cloudflared"
|
| 100 |
+
echo ' '
|
| 101 |
+
echo ' # Trust the public key for this session'
|
| 102 |
+
echo " echo 'action-sshd-cloudflared $public_key' >> ~/.ssh/known_hosts"
|
| 103 |
+
echo ' '
|
| 104 |
+
echo ' # Connect using `cloudflared` as a transport (SSH is end-to-end encrpted over this tunnel)'
|
| 105 |
+
echo " ssh -o ProxyCommand='cloudflared access tcp --hostname $url' runner@action-sshd-cloudflared"
|
| 106 |
+
echo ' '
|
| 107 |
+
echo " # Alternative if you don't want to verify the host key"
|
| 108 |
+
echo " ssh -o ProxyCommand='cloudflared access tcp --hostname $url' -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=accept-new runner@action-sshd-cloudflared"
|
| 109 |
+
echo ' '
|
| 110 |
+
echo ' '
|
| 111 |
+
echo ' '
|
| 112 |
+
|
| 113 |
+
echo "系统已启动。"
|