#!/bin/bash
JOB_URL_SCHEME=${JOB_URL_SCHEME:-"http://"}
JOB_ID=${JOB_ID:-'localhost'}
JOB_HOST=${JOB_HOST:-'local'}
export HOME=/workspace
cd /workspace

# Install git lfs
git lfs install
if [[ -z "$HF_TOKEN" || ! "$HF_TOKEN" =~ ^hf_ ]]; then
  export HF_TOKEN=${!#}
  unset ${!#}
fi

echo "HF_TOKEN: $HF_TOKEN"
. /workspace/.bashrc
. /workspace/.miniconda3/bin/activate
export SHELL=/bin/bash

# Decode apps.json.enc file
# encoded with: openssl aes-256-cbc -base64 -md sha256 -pass pass:"$HF_TOKEN" -in apps.json -out apps.json.enc
# decode with: openssl aes-256-cbc -a -d -md sha256 -pass pass:"$HF_TOKEN" -in apps.json.enc -out apps.json
if [ -f /workspace/.config/github-copilot/apps.json.enc ]; then
  openssl aes-256-cbc -a -d -md sha256 -pass pass:"$HF_TOKEN" -in /workspace/.config/github-copilot/apps.json.enc -out /workspace/.config/github-copilot/apps.json
fi

# Launch cloudflared tunnel
# CFTOKEN.enc is the Cloudflared encrypted token
# CFTOKEN.enc contained an encrypted string encrypted with the HF_TOKEN
# CFTOKEN.enc was created with:
# echo "the_cf_tunnel_token" | openssl aes-256-cbc -base64 -md sha256 -pass pass:"$HF_TOKEN" > CFTOKEN.enc
if [ -f /workspace/.config/CFTOKEN.enc ]; then
  echo "Decrypting CFTOKEN"
  CFTOKEN_ENC=$(cat /workspace/.config/CFTOKEN.enc)
  echo "$CFTOKEN_ENC" | openssl  aes-256-cbc -a -d -md sha256 -pass pass:"$HF_TOKEN"  > /workspace/.config/cftoken
  export CFTOKEN=$(cat /workspace/.config/cftoken)
  /usr/local/bin/cloudflared --pidfile /tmp/cf.pid  --autoupdate-freq 24h0m0s tunnel run --token $CFTOKEN &
fi

# Decode kaggle.json.enc file
# encoded with: openssl aes-256-cbc -base64 -md sha256 -pass pass:"$HF_TOKEN" -in kaggle.json -out kaggle.json.enc
# decode with: openssl aes-256-cbc -a -d -md sha256 -pass pass:"$HF_TOKEN" -in kaggle.json.enc -out kaggle.json
if [ -f /workspace/.config/kaggle.json.enc ]; then
  mkdir -p $HOME/.kaggle
  openssl aes-256-cbc -a -d -md sha256 -pass pass:"$HF_TOKEN" -in /workspace/.config/kaggle.json.enc -out /workspace/.kaggle/kaggle.json
fi

# Decode oauth2.cfg.enc file
# encoded with: openssl aes-256-cbc -base64 -md sha256 -pass pass:"$HF_TOKEN" -in oauth2.cfg -out oauth2.cfg.enc
# decode with: openssl aes-256-cbc -a -d -md sha256 -pass pass:"$HF_TOKEN" -in oauth2.cfg.enc -out oauth2.cfg
if [ -f /workspace/.config/oauth2.cfg.enc ]; then
  openssl aes-256-cbc -a -d -md sha256 -pass pass:"$HF_TOKEN" -in /workspace/.config/oauth2.cfg.enc -out /workspace/.config/oauth2.cfg
  oauth2-proxy --config /workspace/.config/oauth2.cfg &
fi

git clone https://huggingface.co/eltorio/IDEFICS3_ROCOv2
git clone https://huggingface.co/spaces/eltorio/Llama-3.2-3B-appreciation
git config --global user.email "me@hg.co"
git config --global user.name "me@hg.co"
git config --global credential.helper store

huggingface-cli login --add-to-git-credential --token $HF_TOKEN


screen -dmS jupyter bash -c 'SHELL=/bin/bash jupyter lab --ip=0.0.0.0 --port=8080 --no-browser --allow-root \
  --notebook-dir=/workspace \
  --LabApp.token="" \
  --LabApp.custom_display_url=${JOB_URL_SCHEME}${JOB_ID}-8080.${JOB_HOST} \
  --LabApp.allow_remote_access=True \
  --LabApp.allow_origin="*" \
  --LabApp.disable_check_xsrf=True'

echo "Jupyter Lab is running at ${JOB_URL_SCHEME}${JOB_ID}-8080.${JOB_HOST}"
exec "$@"