initialize project

.env.example

@@ -0,0 +1,88 @@
+# ============================================================================
+# HuggingPost — Postiz on Hugging Face Spaces
+# Configuration reference (.env.example)
+#
+# These vars map to HF Space "Variables and secrets". Paste them at:
+#   https://huggingface.co/spaces/<user>/<your-space>/settings  →  Secrets
+# ============================================================================
+
+
+# ── Required for persistence ────────────────────────────────────────────────
+# HF token with WRITE access (https://huggingface.co/settings/tokens).
+# Without it, all data is lost on Space restart.
+HF_TOKEN=hf_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+# Optional. Auto-detected from HF_TOKEN if unset.
+# HF_USERNAME=your-username
+
+
+# ── Backup tuning ───────────────────────────────────────────────────────────
+# Backup interval in seconds. Default 300 (5 min).
+SYNC_INTERVAL=300
+
+# Skip backup if tarball exceeds this size in bytes. Default 100 MB.
+SYNC_MAX_FILE_BYTES=104857600
+
+# Dataset name. Created at <HF_USERNAME>/<BACKUP_DATASET_NAME>, private.
+BACKUP_DATASET_NAME=huggingpost-backup
+
+
+# ── Postiz core (auto-derived in start.sh — override only if needed) ────────
+# DATABASE_URL=postgresql://postiz:<auto-generated>@localhost:5432/postiz
+# REDIS_URL=redis://localhost:6379
+# JWT_SECRET=<auto-generated and persisted to backup>
+
+# These are derived from SPACE_HOST automatically. Override only for local dev.
+# FRONTEND_URL=http://localhost:7860
+# NEXT_PUBLIC_BACKEND_URL=http://localhost:7860/api
+# BACKEND_INTERNAL_URL=http://localhost:3000
+
+
+# ── Media storage ───────────────────────────────────────────────────────────
+# "local" = files saved in /postiz/uploads (included in HF Dataset backup).
+# "cloudflare" = R2 — set the CLOUDFLARE_* vars below.
+STORAGE_PROVIDER=local
+# UPLOAD_DIRECTORY=/postiz/uploads
+# NEXT_PUBLIC_UPLOAD_STATIC_DIRECTORY=/uploads
+
+
+# ── Cloudflare R2 (only if STORAGE_PROVIDER=cloudflare) ─────────────────────
+# Get from your Cloudflare dashboard → R2 → API Tokens.
+# CLOUDFLARE_ACCOUNT_ID=
+# CLOUDFLARE_ACCESS_KEY=
+# CLOUDFLARE_SECRET_ACCESS_KEY=
+# CLOUDFLARE_BUCKETNAME=
+# CLOUDFLARE_BUCKET_URL=https://<bucket>.r2.cloudflarestorage.com/
+# CLOUDFLARE_REGION=auto
+
+
+# ── Cloudflare proxy (Optional, fixes blocked outbound) ─────────────────────
+# CLOUDFLARE_WORKERS_TOKEN=
+# CLOUDFLARE_PROXY_DOMAINS=*  # or comma-separated list
+
+
+# ── Email (Optional — controls signup activation flow) ──────────────────────
+# Without RESEND_API_KEY, new signups are auto-activated.
+# RESEND_API_KEY=
+# EMAIL_FROM_ADDRESS=
+# EMAIL_FROM_NAME=
+
+# Set to true after creating your admin account to lock down the instance.
+# DISABLE_REGISTRATION=false
+
+
+# ── Misc ────────────────────────────────────────────────────────────────────
+# OPENAI_API_KEY=  # enables AI assistant inside Postiz
+# API_LIMIT=30
+
+
+# ── Developer settings (don't change unless you know why) ───────────────────
+NX_ADD_PLUGINS=false
+IS_GENERAL=true
+NODE_ENV=production
+
+
+# ── HF Spaces auto-injects these — DO NOT set manually ──────────────────────
+# SPACE_HOST=<your-space>.hf.space
+# SPACE_ID=<user>/<name>
+# SPACE_AUTHOR_NAME=<user>

.gitattributes

@@ -0,0 +1,35 @@
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text

Dockerfile

@@ -0,0 +1,133 @@
+# ============================================================================
+# HuggingPost — Postiz v2.11.3 on Hugging Face Spaces
+#
+# Builds Postiz from source with a Next.js basePath="/app" patch so the
+# Postiz UI mounts at /app/* and our HuggingPost dashboard owns /.
+#
+# Why source build (not the prebuilt ghcr image): Next.js basePath is
+# build-time. The official image bakes basePath="/" into the static bundle,
+# so we'd be unable to relocate the UI to /app without rebuilding.
+#
+# Container layout:
+#   - nginx (port 5000, internal)        — Postiz frontend + backend + uploads
+#   - PM2 → 4 Postiz procs (backend/frontend/workers/cron)
+#   - postgres (port 5432, internal)
+#   - redis    (port 6379, internal)
+#   - postiz-sync.py loop                — backup DB + uploads to HF Dataset
+#   - health-server.js (port 7860, public) — dashboard + reverse proxy
+# ============================================================================
+
+# ── Stage 1: Build Postiz with /app basePath patch ───────────────────────────
+FROM node:22.20-alpine AS postiz-builder
+
+WORKDIR /build
+
+ARG NEXT_PUBLIC_VERSION=v2.11.3
+ENV NEXT_PUBLIC_VERSION=$NEXT_PUBLIC_VERSION
+
+RUN apk add --no-cache \
+    git \
+    g++ \
+    make \
+    py3-pip \
+    bash
+
+RUN npm install -g pnpm@10.6.1
+
+# Pinned to v2.11.3 — last release before Temporal became a hard requirement.
+RUN git clone --depth=1 --branch v2.11.3 https://github.com/gitroomhq/postiz-app.git .
+
+# Patch Next.js config to mount the frontend at /app.
+# We inject basePath + assetPrefix immediately after `const nextConfig = {`.
+# This makes Next.js generate links/asset URLs prefixed with /app, so the
+# browser will hit /app/_next/* etc., which our health-server then strips
+# back to /_next/* before passing to nginx.
+RUN sed -i "s|const nextConfig = {|const nextConfig = {\n  basePath: '/app',\n  assetPrefix: '/app',|" apps/frontend/next.config.js \
+    && grep -q "basePath: '/app'" apps/frontend/next.config.js \
+    || (echo "BASEPATH PATCH FAILED — next.config.js shape changed upstream"; exit 1)
+
+# Install + build. 4 GB heap for the Next.js compile.
+RUN pnpm install --frozen-lockfile=false
+RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build
+
+# Drop dev junk to shrink the runtime image.
+RUN find . -name ".git" -type d -prune -exec rm -rf {} + 2>/dev/null || true \
+ && rm -rf .github reports Jenkins .devcontainer 2>/dev/null || true
+
+
+# ── Stage 2: Runtime ─────────────────────────────────────────────────────────
+FROM node:22.20-alpine
+
+WORKDIR /app
+
+# System deps — same set as upstream's Dockerfile.dev (bash, nginx, py3-pip)
+# plus postgres + redis + extras we need.
+RUN apk add --no-cache \
+    bash \
+    curl \
+    ca-certificates \
+    openssl \
+    jq \
+    nginx \
+    postgresql16 \
+    postgresql16-contrib \
+    postgresql16-client \
+    redis \
+    py3-pip \
+    su-exec
+
+# nginx user — upstream uses 'www'. Mirror that so its nginx.conf works.
+RUN adduser -D -g 'www' www \
+    && mkdir -p /var/lib/nginx /var/log/nginx \
+    && chown -R www:www /var/lib/nginx
+
+# pnpm + pm2 to run Postiz processes the same way upstream does
+RUN npm install -g pnpm@10.6.1 pm2
+
+# Python deps for HF Dataset sync
+RUN pip install --no-cache-dir --break-system-packages \
+    huggingface_hub \
+    PyYAML
+
+# Copy fully-built Postiz into /app
+COPY --from=postiz-builder /build /app
+
+# Use upstream's nginx.conf — defines the routing nginx :5000 → backend :3000
+# (under /api), uploads alias, and frontend :4200 (under /). HuggingPost's
+# health-server already strips /app before forwarding here, so nginx sees
+# the same paths it expects in the upstream layout.
+COPY --from=postiz-builder /build/var/docker/nginx.conf /etc/nginx/nginx.conf
+
+# Health-server lives outside /app so its node_modules don't collide with
+# Postiz's pnpm workspaces.
+RUN mkdir -p /opt/healthsrv && cd /opt/healthsrv && \
+    npm init -y >/dev/null && \
+    npm install --no-save --no-audit --no-fund express@4 cors morgan
+
+# Postgres/Redis/uploads dirs — all under /postiz so postiz-sync.py can
+# include them in the backup tarball.
+RUN mkdir -p /var/run/postgresql /postiz/pgdata /postiz/redis /postiz/uploads /postiz/.secrets \
+    && chown -R postgres:postgres /var/run/postgresql /postiz/pgdata \
+    && chmod 700 /postiz/pgdata
+
+# Symlink /uploads → /postiz/uploads so nginx's `alias /uploads/` picks up
+# media stored in the persisted tree.
+RUN ln -sf /postiz/uploads /uploads
+
+# Copy orchestration files
+COPY start.sh /opt/start.sh
+COPY health-server.js /opt/healthsrv/health-server.js
+COPY postiz-sync.py /opt/postiz-sync.py
+COPY cloudflare-proxy.js /opt/cloudflare-proxy.js
+COPY cloudflare-proxy-setup.py /opt/cloudflare-proxy-setup.py
+COPY cloudflare-worker.js /opt/cloudflare-worker.js
+COPY setup-uptimerobot.sh /opt/setup-uptimerobot.sh
+
+RUN chmod +x /opt/start.sh /opt/setup-uptimerobot.sh
+
+EXPOSE 7860
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=240s --retries=3 \
+    CMD curl -f http://localhost:7860/health || exit 1
+
+CMD ["/opt/start.sh"]

LICENSE

@@ -0,0 +1,34 @@
+MIT License
+
+Copyright (c) 2026 HuggingPost Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+---
+
+The wrapper / orchestration code in this repository is MIT-licensed.
+
+Postiz (https://github.com/gitroomhq/postiz-app) — the application this
+project deploys — is licensed AGPL-3.0. By running Postiz via this Space you
+agree to the terms of the AGPL-3.0 license.
+
+This project also builds upon orchestration patterns from:
+  - HuggingClip:  https://huggingface.co/spaces/somratpro/HuggingClip
+  - HuggingClaw:  https://github.com/democra-ai/HuggingClaw  (Apache 2.0)
+  - Hugging8n:    https://github.com/somratpro/Hugging8n     (MIT)

README.md

@@ -0,0 +1,259 @@
+---
+title: HuggingPost
+emoji: 📮
+colorFrom: pink
+colorTo: indigo
+sdk: docker
+app_port: 7860
+pinned: true
+license: agpl-3.0
+secrets:
+  - name: HF_TOKEN
+    description: HF token with WRITE access — enables DB+uploads backup persistence to a private HF Dataset.
+  - name: JWT_SECRET
+    description: (Optional) Random 48-byte string. Auto-generated on first boot and persisted to backup.
+  - name: CLOUDFLARE_WORKERS_TOKEN
+    description: (Optional) Cloudflare API token (Workers Scripts → Edit) to auto-provision an outbound proxy.
+  - name: RESEND_API_KEY
+    description: (Optional) Resend key for sending email activation links. Without it, registration is auto-activated.
+  - name: STORAGE_PROVIDER
+    description: (Optional) "local" (default) or "cloudflare" to offload media to R2.
+  - name: CLOUDFLARE_ACCOUNT_ID
+    description: (Optional, if STORAGE_PROVIDER=cloudflare) R2 account ID.
+  - name: CLOUDFLARE_ACCESS_KEY
+    description: (Optional, if STORAGE_PROVIDER=cloudflare) R2 access key ID.
+  - name: CLOUDFLARE_SECRET_ACCESS_KEY
+    description: (Optional, if STORAGE_PROVIDER=cloudflare) R2 secret access key.
+  - name: CLOUDFLARE_BUCKETNAME
+    description: (Optional, if STORAGE_PROVIDER=cloudflare) R2 bucket name.
+  - name: CLOUDFLARE_BUCKET_URL
+    description: (Optional, if STORAGE_PROVIDER=cloudflare) R2 public bucket URL.
+---
+
+[![GitHub Stars](https://img.shields.io/github/stars/somratpro/huggingpost?style=flat-square)](https://github.com/somratpro/huggingpost)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=flat-square)](https://opensource.org/licenses/MIT)
+[![HF Space](https://img.shields.io/badge/🤗%20HuggingFace-Space-blue?style=flat-square)](https://huggingface.co/spaces/somratpro/HuggingPost)
+[![Postiz](https://img.shields.io/badge/Postiz-v2.11.3-ec4899?style=flat-square)](https://github.com/gitroomhq/postiz-app)
+
+**Self-host [Postiz](https://postiz.com) (open-source social-media scheduler — X, LinkedIn, Facebook, Threads, TikTok, YouTube, Pinterest, Reddit, Mastodon, Discord, Slack, and more) on the free Hugging Face Spaces tier.** Persistent across restarts via private HF Dataset backup. No external database, no paid storage required.
+
+## Table of Contents
+
+- [✨ Features](#-features)
+- [🚀 Quick Start](#-quick-start)
+- [🔑 Configuration](#-configuration)
+- [💾 Backup & Persistence](#-backup--persistence)
+- [💓 Keep It Awake](#-keep-it-awake)
+- [🌐 Cloudflare Proxy *(Optional)*](#-cloudflare-proxy-optional)
+- [🔌 Connecting Social Accounts](#-connecting-social-accounts)
+- [🏗️ Architecture](#️-architecture)
+- [🐛 Troubleshooting](#-troubleshooting)
+- [📚 Links](#-links)
+
+## ✨ Features
+
+- 📅 **30+ Social Platforms** — schedule posts to X, LinkedIn, Facebook, Threads, TikTok, YouTube, Reddit, Mastodon, Discord, Slack, Pinterest, etc.
+- ⚡ **One-click deploy** — duplicate the Space, add `HF_TOKEN`, you're done.
+- 💾 **Persistent across restarts** — PostgreSQL + uploaded media auto-backed up to a private HF Dataset every 5 min and restored on boot.
+- 💓 **Keep-Alive** — built-in dashboard helper to set up an UptimeRobot monitor so scheduled posts actually fire.
+- 🌐 **Outbound firewall workaround** — optional Cloudflare Worker proxy auto-provisioned for blocked platform APIs.
+- 🔒 **Secrets generated** — `JWT_SECRET` auto-generated on first boot and persisted, no manual setup.
+- 🏠 **100% HF-Native** — no external Postgres/Redis/storage accounts needed for the default path.
+- 📌 **Pinned to v2.11.3** — last release before Postiz mandated Temporal (which doesn't fit in a single HF container).
+
+## 🚀 Quick Start
+
+### Step 1: Duplicate this Space
+
+[![Duplicate this Space](https://huggingface.co/datasets/huggingface/badges/resolve/main/duplicate-this-space-xl.svg)](https://huggingface.co/spaces/somratpro/HuggingPost?duplicate=true)
+
+### Step 2: Add `HF_TOKEN`
+
+In your new Space's **Settings → Variables and secrets → New secret**:
+
+| Secret | How to get it |
+| :--- | :--- |
+| `HF_TOKEN` | [huggingface.co/settings/tokens](https://huggingface.co/settings/tokens) → New token → **Write** access |
+
+> [!WARNING]
+> Without `HF_TOKEN`, your data (accounts, scheduled posts, uploaded media) is **lost on every Space restart**. Set this up first.
+
+### Step 3: Wait for the build (~5–8 min first time)
+
+Watch progress in the **Logs** tab. The Postiz build is heavy because it compiles a Next.js frontend + NestJS backend.
+
+### Step 4: Open the Space
+
+Land on the HuggingPost dashboard. Click **Open Postiz →** to reach the login page. **Sign up** to create the first admin account — registration is auto-activated unless you set `RESEND_API_KEY`.
+
+### Step 5: Set Up Keep-Alive (1 min)
+
+On the dashboard, paste your UptimeRobot **Main API key** to create an external monitor that pings `/health` every 5 min. Without this, the Space will sleep and scheduled posts won't fire.
+
+## 🔑 Configuration
+
+### Required
+
+| Variable | Purpose |
+| :--- | :--- |
+| `HF_TOKEN` | Write-access HF token — enables backup persistence |
+
+### Recommended
+
+| Variable | Default | Purpose |
+| :--- | :--- | :--- |
+| `SYNC_INTERVAL` | `300` | Backup interval in seconds (5 min) |
+| `BACKUP_DATASET_NAME` | `huggingpost-backup` | Private dataset name (`<user>/<name>`) |
+| `RESEND_API_KEY` | — | Required only if you want signup activation emails |
+
+### Storage (Optional — for media offload)
+
+By default, uploaded media (post images/videos) is stored in `/postiz/uploads` inside the container and included in the HF Dataset backup. If your media exceeds ~80 MB total, switch to Cloudflare R2:
+
+| Variable | Purpose |
+| :--- | :--- |
+| `STORAGE_PROVIDER` | Set to `cloudflare` |
+| `CLOUDFLARE_ACCOUNT_ID` | R2 account ID |
+| `CLOUDFLARE_ACCESS_KEY` | R2 access key |
+| `CLOUDFLARE_SECRET_ACCESS_KEY` | R2 secret |
+| `CLOUDFLARE_BUCKETNAME` | R2 bucket name |
+| `CLOUDFLARE_BUCKET_URL` | Public R2 URL prefix |
+
+R2 free tier is 10 GB storage + 1M reads/month — plenty for typical use.
+
+### Advanced
+
+| Variable | Default | Purpose |
+| :--- | :--- | :--- |
+| `JWT_SECRET` | auto-generated | If unset, generated and persisted on first boot |
+| `SYNC_MAX_FILE_BYTES` | `104857600` (100 MB) | Skip backup if tarball exceeds this size |
+| `DISABLE_REGISTRATION` | `false` | Set to `true` after creating your admin account |
+| `API_LIMIT` | `30` | Public API hourly rate limit |
+
+## 💾 Backup & Persistence
+
+Every `SYNC_INTERVAL` seconds (default 5 min), HuggingPost:
+
+1. Runs `pg_dump` on the Postiz database.
+2. Tars the dump + `/postiz/uploads` + `/postiz/.secrets`.
+3. Uploads `snapshots/latest.tar.gz` to your private dataset `<your-username>/huggingpost-backup`.
+
+On boot, the reverse happens — secrets restored first, then DB drop+recreate+replay, then uploads copied back. Your scheduled posts, accounts, and media survive restarts.
+
+**To inspect or download your backup:**
+
+```bash
+huggingface-cli download --repo-type dataset <your-username>/huggingpost-backup
+```
+
+> [!NOTE]
+> The dataset is **private** by default. Don't share its URL publicly — the SQL dump contains your full Postiz state, including encrypted social-media tokens.
+
+## 💓 Keep It Awake
+
+Free HF Spaces sleep after ~48h of no traffic. A sleeping Space cannot fire scheduled posts. The dashboard has a one-time setup form for [UptimeRobot](https://uptimerobot.com) — create a free account, copy your **Main API key** (NOT a Read-only or Monitor-specific key), paste it in the dashboard.
+
+This works for **public** Spaces only. Private Spaces cannot be reached by external monitors.
+
+## 🌐 Cloudflare Proxy *(Optional)*
+
+Hugging Face Spaces sometimes block outbound HTTP to specific social-platform APIs. HuggingPost ships the same transparent Cloudflare Worker proxy used in HuggingClip / HuggingClaw / Hugging8n.
+
+**Auto-setup:**
+
+1. Create a Cloudflare API Token with `Workers Scripts: Edit` permission.
+2. Add `CLOUDFLARE_WORKERS_TOKEN` as a Space secret.
+3. Restart the Space.
+
+HuggingPost will create or update a Worker named `<your-space-host>-proxy` and route blocked outbound traffic through it transparently. You can scope it with `CLOUDFLARE_PROXY_DOMAINS` (default `*` = all external).
+
+## 🔌 Connecting Social Accounts
+
+Each social platform requires you to register your Postiz instance as an OAuth app. The callback URL pattern is:
+
+```
+https://<your-space-host>/api/integrations/social/<platform>/callback
+```
+
+For each platform you want (X, LinkedIn, Facebook, etc.), follow the [Postiz provider docs](https://docs.postiz.com/providers) to obtain client ID + secret, then enter them inside Postiz **Settings → Channels** (NOT as Space secrets — Postiz stores them encrypted in its DB).
+
+> [!TIP]
+> Some platforms (like X) require a publicly verifiable domain. The HF Space subdomain (`*.hf.space`) works for most but not all platforms. Check each platform's app-creation requirements.
+
+## 🏗️ Architecture
+
+```
+HuggingPost/
+├── Dockerfile               # Two-stage: build Postiz v2.11.3 → runtime
+├── start.sh                 # Orchestrator (Postgres → Redis → restore → procs)
+├── health-server.js         # Port 7860: dashboard + reverse proxy split
+├── postiz-sync.py           # Backup/restore DB + uploads to HF Dataset
+├── cloudflare-proxy.js      # Transparent outbound proxy injected via NODE_OPTIONS
+├── cloudflare-proxy-setup.py
+├── cloudflare-worker.js
+├── setup-uptimerobot.sh
+├── docker-compose.yml       # Local dev convenience
+├── .env.example             # Configuration reference
+└── README.md
+```
+
+**Single-port routing** (port 7860, the only port HF Spaces exposes):
+
+| Path | Target | Notes |
+| :--- | :--- | :--- |
+| `/` | dashboard (local) | HTML status page |
+| `/health`, `/status`, `/uptimerobot/setup` | local | JSON / handlers |
+| `/api/*` | backend `:3000` | `/api` prefix stripped |
+| `/uploads/*` | backend `:3000` | media files |
+| `/*` | frontend `:4200` | Next.js pages, `/_next/*`, etc. |
+
+**Internal processes:**
+
+| Process | Port | Memory cap |
+| :--- | :--- | :--- |
+| `health-server.js` | 7860 (public) | — |
+| Postiz frontend (Next.js) | 4200 | 2 GB |
+| Postiz backend (NestJS) | 3000 | 2 GB |
+| Postiz workers | — | 1 GB |
+| Postiz cron | — | 512 MB |
+| `postgres` | 5432 | — |
+| `redis-server` | 6379 | — |
+| `postiz-sync.py` (loop) | — | — |
+
+Total resident set ~3–6 GB under typical load — well within HF free tier's 16 GB.
+
+## 🐛 Troubleshooting
+
+**"Postiz backend unavailable" on first load**
+First boot takes 30–90s after the build finishes. Wait for the dashboard to show green badges for both backend and frontend.
+
+**Data lost after restart**
+`HF_TOKEN` is not set, or it doesn't have write access. Add it and the next restart will restore from backup. The backup must have run at least once before the restart.
+
+**Backup too large (>100 MB)**
+Either move media to Cloudflare R2 (`STORAGE_PROVIDER=cloudflare`) or raise `SYNC_MAX_FILE_BYTES`. The HF Dataset itself supports much larger files, but huge backups slow restart.
+
+**Scheduled posts didn't fire while I was away**
+The Space slept. Set up UptimeRobot from the dashboard.
+
+**OAuth callback fails for X/Facebook/LinkedIn**
+Some platforms reject `*.hf.space` subdomains as redirect URIs. You may need to put a custom domain in front (Cloudflare → HF Space CNAME).
+
+**Out of memory during build**
+The Next.js build needs `--max-old-space-size=4096`. If you forked and changed the Dockerfile, make sure the `NODE_OPTIONS` flag is still on the `pnpm run build` line.
+
+**`prisma-db-push` fails on first boot**
+Usually means Postgres didn't finish starting. Container will exit and HF will auto-restart — second boot usually succeeds. If it persists, check Logs for the actual Prisma error.
+
+## 📚 Links
+
+- [Postiz on GitHub](https://github.com/gitroomhq/postiz-app)
+- [Postiz docs](https://docs.postiz.com)
+- [HuggingFace Spaces docs](https://huggingface.co/docs/hub/spaces)
+- Sister projects: [HuggingClip](https://huggingface.co/spaces/somratpro/HuggingClip) (Paperclip), [Hugging8n](https://huggingface.co/spaces/somratpro/Hugging8n) (n8n)
+
+## 📄 License
+
+Wrapper code: MIT. Postiz itself: AGPL-3.0 — see [github.com/gitroomhq/postiz-app](https://github.com/gitroomhq/postiz-app/blob/main/LICENSE) for terms.
+
+*Made with ❤️ by [@somratpro](https://github.com/somratpro)*

cloudflare-proxy-setup.py

@@ -0,0 +1,253 @@
+#!/usr/bin/env python3
+
+import json
+import os
+import re
+import secrets
+import sys
+import urllib.error
+import urllib.request
+from pathlib import Path
+
+API_BASE = "https://api.cloudflare.com/client/v4"
+ENV_FILE = Path("/tmp/huggingpost-cloudflare-proxy.env")
+DEFAULT_ALLOWED = [
+    "api.telegram.org",
+    "discord.com",
+    "discordapp.com",
+    "gateway.discord.gg",
+    "status.discord.com",
+    "web.whatsapp.com",
+    "graph.facebook.com",
+    "googleapis.com",
+    "google.com",
+    "googleusercontent.com",
+    "gstatic.com",
+]
+
+
+def cf_request(method: str, path: str, token: str, body: bytes | None = None, content_type: str = "application/json"):
+    req = urllib.request.Request(
+        f"{API_BASE}{path}",
+        data=body,
+        method=method,
+        headers={
+            "Authorization": f"Bearer {token}",
+            "Content-Type": content_type,
+        },
+    )
+    with urllib.request.urlopen(req, timeout=30) as response:
+        payload = json.loads(response.read().decode("utf-8"))
+    if not payload.get("success"):
+        errors = payload.get("errors") or [{"message": "Unknown Cloudflare API error"}]
+        raise RuntimeError(errors[0].get("message", "Unknown Cloudflare API error"))
+    return payload["result"]
+
+
+def slugify(value: str) -> str:
+    cleaned = re.sub(r"[^a-z0-9-]+", "-", value.lower()).strip("-")
+    cleaned = re.sub(r"-{2,}", "-", cleaned)
+    if not cleaned:
+        cleaned = "huggingpost-proxy"
+    return cleaned[:63].rstrip("-")
+
+
+def derive_worker_name() -> str:
+    explicit = os.environ.get("CLOUDFLARE_WORKER_NAME", "").strip()
+    if explicit:
+        return slugify(explicit)
+    space_host = os.environ.get("SPACE_HOST", "").strip()
+    if space_host:
+        base = space_host.replace(".hf.space", "")
+        return slugify(f"{base}-proxy")
+    return "huggingpost-proxy"
+
+
+def render_worker(secret_value: str, allowed_targets: list[str], allow_proxy_all: bool) -> str:
+    allowed_json = json.dumps(allowed_targets)
+    allow_all_js = "true" if allow_proxy_all else "false"
+    secret_json = json.dumps(secret_value)
+    return f"""addEventListener("fetch", (event) => {{
+  event.respondWith(handleRequest(event.request));
+}});
+
+const PROXY_SHARED_SECRET = {secret_json};
+const ALLOW_PROXY_ALL = {allow_all_js};
+const ALLOWED_TARGETS = {allowed_json};
+
+function isAllowedHost(hostname) {{
+  const normalized = String(hostname || "").trim().toLowerCase();
+  if (!normalized) return false;
+  if (ALLOW_PROXY_ALL) return true;
+  return ALLOWED_TARGETS.some(
+    (domain) => normalized === domain || normalized.endsWith(`.${{domain}}`),
+  );
+}}
+
+async function handleRequest(request) {{
+  const url = new URL(request.url);
+  const queryTarget = url.searchParams.get("proxy_target");
+  const targetHost = request.headers.get("x-target-host") || queryTarget;
+
+  if (PROXY_SHARED_SECRET) {{
+    const providedSecret = request.headers.get("x-proxy-key") || url.searchParams.get("proxy_key") || "";
+    if (providedSecret !== PROXY_SHARED_SECRET) {{
+      if (url.pathname.startsWith("/bot") && !targetHost) {{
+        // Allowed fallback
+      }} else {{
+        return new Response("Unauthorized: Invalid proxy key", {{ status: 401 }});
+      }}
+    }}
+  }}
+
+  let targetBase = "";
+  if (targetHost) {{
+    if (!isAllowedHost(targetHost)) {{
+      return new Response(`Forbidden: Host ${{targetHost}} is not allowed.`, {{ status: 403 }});
+    }}
+    targetBase = `https://${{targetHost}}`;
+  }} else if (url.pathname.startsWith("/bot")) {{
+    targetBase = "https://api.telegram.org";
+  }} else {{
+    return new Response("Invalid request: No target host provided.", {{ status: 400 }});
+  }}
+
+  const cleanSearch = new URLSearchParams(url.search);
+  cleanSearch.delete("proxy_target");
+  cleanSearch.delete("proxy_key");
+  const searchStr = cleanSearch.toString();
+  const targetUrl = targetBase + url.pathname + (searchStr ? `?${{searchStr}}` : "");
+  
+  const headers = new Headers(request.headers);
+  headers.delete("cf-connecting-ip");
+  headers.delete("cf-ray");
+  headers.delete("cf-visitor");
+  headers.delete("host");
+  headers.delete("x-real-ip");
+  headers.delete("x-target-host");
+  headers.delete("x-proxy-key");
+
+  const proxiedRequest = new Request(targetUrl, {{
+    method: request.method,
+    headers,
+    body: request.body,
+    redirect: "follow",
+  }});
+
+  try {{
+    return await fetch(proxiedRequest);
+  }} catch (error) {{
+    return new Response(`Proxy Error: ${{error.message}}`, {{ status: 502 }});
+  }}
+}}
+"""
+
+
+def write_env(proxy_url: str, proxy_secret: str) -> None:
+    ENV_FILE.write_text(
+        "\n".join(
+            [
+                f'export CLOUDFLARE_PROXY_URL="{proxy_url}"',
+                f'export CLOUDFLARE_PROXY_SECRET="{proxy_secret}"',
+            ]
+        )
+        + "\n",
+        encoding="utf-8",
+    )
+    # Belt-and-suspenders: even with umask 0077 on the parent shell, force
+    # 0600 since the file holds the worker shared secret.
+    try:
+        ENV_FILE.chmod(0o600)
+    except OSError:
+        pass
+
+
+def main() -> int:
+    existing_url = os.environ.get("CLOUDFLARE_PROXY_URL", "").strip()
+    existing_secret = os.environ.get("CLOUDFLARE_PROXY_SECRET", "").strip()
+    api_token = os.environ.get("CLOUDFLARE_WORKERS_TOKEN", "").strip()
+
+    if existing_url:
+        # Always write the env file so downstream `. $CF_PROXY_ENV_FILE` in
+        # start.sh has CLOUDFLARE_PROXY_URL set even when no secret was
+        # supplied. Empty secret means we send no x-proxy-key header — that
+        # only works if the deployed worker also has no secret baked in.
+        write_env(existing_url, existing_secret)
+        if not existing_secret:
+            print(
+                "Warning: CLOUDFLARE_PROXY_URL is set but CLOUDFLARE_PROXY_SECRET "
+                "is empty. Requests will succeed only if the deployed worker "
+                "was built without PROXY_SHARED_SECRET; otherwise you'll see "
+                "401 Unauthorized.",
+                file=sys.stderr,
+            )
+        return 0
+
+    if not api_token:
+        return 0
+
+    account_id = os.environ.get("CLOUDFLARE_ACCOUNT_ID", "").strip()
+    try:
+        if not account_id:
+            accounts = cf_request("GET", "/accounts", api_token)
+            if not accounts:
+                raise RuntimeError("No Cloudflare account available for this token.")
+            account_id = accounts[0]["id"]
+
+        subdomain_info = cf_request(
+            "GET",
+            f"/accounts/{account_id}/workers/subdomain",
+            api_token,
+        )
+        subdomain = (subdomain_info or {}).get("subdomain", "").strip()
+        if not subdomain:
+            raise RuntimeError(
+                "Cloudflare Workers subdomain is not configured. Enable workers.dev in your Cloudflare account first."
+            )
+
+        worker_name = derive_worker_name()
+        allowed_raw = os.environ.get("CLOUDFLARE_PROXY_DOMAINS", "").strip()
+        allow_proxy_all = not allowed_raw or allowed_raw == "*"
+        allowed_targets = DEFAULT_ALLOWED if not allowed_raw or allow_proxy_all else [
+            value.strip() for value in allowed_raw.split(",") if value.strip()
+        ]
+        proxy_secret = existing_secret or secrets.token_urlsafe(24)
+        worker_source = render_worker(proxy_secret, allowed_targets, allow_proxy_all)
+
+        cf_request(
+            "PUT",
+            f"/accounts/{account_id}/workers/scripts/{worker_name}",
+            api_token,
+            body=worker_source.encode("utf-8"),
+            content_type="application/javascript",
+        )
+        cf_request(
+            "POST",
+            f"/accounts/{account_id}/workers/scripts/{worker_name}/subdomain",
+            api_token,
+            body=json.dumps({"enabled": True, "previews_enabled": True}).encode("utf-8"),
+        )
+
+        proxy_url = f"https://{worker_name}.{subdomain}.workers.dev"
+        write_env(proxy_url, proxy_secret)
+        return 0
+    except urllib.error.HTTPError as error:
+        detail = error.read().decode("utf-8", errors="replace")
+        if error.code == 403 and '"code":9109' in detail:
+            print(
+                "Cloudflare proxy setup failed: invalid Workers token. "
+                "Use a Cloudflare API Token in CLOUDFLARE_WORKERS_TOKEN "
+                "(not a Global API Key, tunnel token, or worker secret). "
+                "For auto-setup, it should have account-level 'Workers Scripts: Edit'. "
+                "The setup can auto-discover your account; CLOUDFLARE_ACCOUNT_ID is not required.",
+                file=sys.stderr,
+            )
+        print(f"Cloudflare proxy setup failed: HTTP {error.code} {detail}", file=sys.stderr)
+        return 1
+    except Exception as error:
+        print(f"Cloudflare proxy setup failed: {error}", file=sys.stderr)
+        return 1
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

cloudflare-proxy.js

@@ -0,0 +1,375 @@
+/**
+ * Cloudflare Proxy: Transparent Fix for Blocked Domains
+ *
+ * Patches https.request/http.request/fetch and undici to redirect traffic 
+ * for blocked hosts through a Cloudflare Worker proxy.
+ */
+"use strict";
+
+const https = require("https");
+const http = require("http");
+
+// Use stderr for logs to avoid breaking child processes that communicate via stdout JSON
+const log = (...args) => console.error(...args);
+
+let PROXY_URL = process.env.CLOUDFLARE_PROXY_URL;
+if (
+  PROXY_URL &&
+  !PROXY_URL.startsWith("http://") &&
+  !PROXY_URL.startsWith("https://")
+) {
+  PROXY_URL = `https://${PROXY_URL}`;
+}
+
+const DEBUG = process.env.CLOUDFLARE_PROXY_DEBUG === "true";
+const PROXY_SHARED_SECRET = (process.env.CLOUDFLARE_PROXY_SECRET || "").trim();
+const PROXY_DOMAINS = process.env.CLOUDFLARE_PROXY_DOMAINS || "*";
+const BLOCKED_DOMAINS = PROXY_DOMAINS.split(",")
+  .map((domain) => domain.trim())
+  .filter(Boolean);
+const PROXY_ALL = PROXY_DOMAINS === "*";
+
+if (PROXY_URL) {
+  try {
+    const proxy = new URL(PROXY_URL);
+    const originalHttpsRequest = https.request;
+    const originalHttpRequest = http.request;
+    const originalFetch =
+      typeof globalThis.fetch === "function" ? globalThis.fetch.bind(globalThis) : null;
+
+    const shouldProxyHost = (hostname) => {
+      const normalized = String(hostname || "").trim().toLowerCase();
+      if (!normalized) return false;
+
+      const isInternal =
+        normalized === "localhost" ||
+        normalized === "127.0.0.1" ||
+        normalized === "::1" ||
+        normalized === "0.0.0.0" ||
+        normalized === proxy.hostname ||
+        normalized.endsWith(".hf.space") ||
+        normalized.endsWith(".huggingface.co") ||
+        normalized === "huggingface.co";
+
+      const should = PROXY_ALL ? !isInternal : BLOCKED_DOMAINS.some(
+        (domain) =>
+          normalized === domain || normalized.endsWith(`.${domain}`),
+      );
+
+      return should;
+    };
+
+    const patch = (original, originalModuleName) => {
+      return function patchedRequest(arg1, arg2, arg3) {
+        let options = {};
+        let callback;
+
+        if (typeof arg1 === "string" || arg1 instanceof URL) {
+          const url = typeof arg1 === "string" ? new URL(arg1) : arg1;
+          options = {
+            protocol: url.protocol,
+            hostname: url.hostname,
+            port: url.port,
+            path: url.pathname + url.search,
+          };
+          if (typeof arg2 === "object" && arg2 !== null) {
+            options = { ...options, ...arg2 };
+            callback = arg3;
+          } else {
+            callback = arg2;
+          }
+        } else {
+          options = { ...arg1 };
+          callback = arg2;
+        }
+
+        const hostname =
+          options.hostname ||
+          (options.host ? String(options.host).split(":")[0] : "");
+        const path = options.path || "/";
+        const headers = options.headers || {};
+
+        const shouldProxy = shouldProxyHost(hostname);
+        const alreadyProxied = options._proxied;
+        const hasTargetHeader =
+          headers["x-target-host"] || headers["X-Target-Host"];
+
+        if (shouldProxy && !alreadyProxied && !hasTargetHeader) {
+          if (DEBUG) {
+            log(
+              `[cloudflare-proxy] Redirecting ${originalModuleName}://${hostname}${path} -> ${proxy.hostname}`,
+            );
+          }
+
+          const newOptions = { ...options };
+          newOptions._proxied = true;
+          newOptions.protocol = "https:";
+          newOptions.hostname = proxy.hostname;
+          newOptions.port = proxy.port || 443;
+          newOptions.servername = proxy.hostname;
+          delete newOptions.host;
+          delete newOptions.agent;
+
+          newOptions.headers = {
+            ...(options.headers || {}),
+            host: proxy.host,
+            "x-target-host": hostname,
+          };
+
+          if (PROXY_SHARED_SECRET) {
+            newOptions.headers["x-proxy-key"] = PROXY_SHARED_SECRET;
+          }
+
+          return originalHttpsRequest.call(https, newOptions, callback);
+        }
+
+        return original.call(this, arg1, arg2, arg3);
+      };
+    };
+
+    https.request = patch(originalHttpsRequest, "https");
+    http.request = patch(originalHttpRequest, "http");
+
+    if (originalFetch) {
+      globalThis.fetch = async function patchedFetch(input, init) {
+        const request = input instanceof Request ? input : null;
+        const urlStr = request ? request.url : String(input);
+        
+        let url;
+        try {
+          url = new URL(urlStr);
+        } catch (e) {
+          return originalFetch(input, init);
+        }
+
+        const hostname = url.hostname;
+        const shouldProxy = shouldProxyHost(hostname);
+        
+        let mergedHeaders;
+        if (request) {
+            mergedHeaders = new Headers(request.headers);
+        } else {
+            mergedHeaders = new Headers(init?.headers || {});
+        }
+
+        const alreadyProxied =
+          mergedHeaders.has("x-target-host") || mergedHeaders.has("X-Target-Host");
+
+        if (!shouldProxy || alreadyProxied) {
+          return originalFetch(input, init);
+        }
+
+        if (DEBUG) {
+          log(
+            `[cloudflare-proxy] Redirecting fetch://${hostname}${url.pathname}${url.search} -> ${proxy.hostname}`,
+          );
+        }
+
+        mergedHeaders.set("x-target-host", hostname);
+        if (PROXY_SHARED_SECRET) {
+          mergedHeaders.set("x-proxy-key", PROXY_SHARED_SECRET);
+        }
+
+        const proxiedUrl = new URL(url.pathname + url.search, proxy);
+
+        const logProxyError = (promise, debugInfo) => {
+          promise
+            .then(r => {
+              if (DEBUG && !r.ok) {
+                log(`[cloudflare-proxy] Proxy HTTP ${r.status} for ${hostname}: ${r.statusText}`);
+              }
+            })
+            .catch(err => {
+              const cause = err?.cause;
+              const causeStr = cause
+                ? ` | cause: ${cause?.code || cause?.message || String(cause)}`
+                : "";
+              log(`[cloudflare-proxy] Proxy FAILED ${hostname}: ${err?.message}${causeStr}`);
+              if (DEBUG && debugInfo) {
+                log(`[cloudflare-proxy] Debug: ${debugInfo}`);
+              }
+            });
+          return promise;
+        };
+
+        if (request) {
+          const fetchOpts = {
+            method: request.method,
+            headers: mergedHeaders,
+            redirect: request.redirect,
+          };
+          if (request.body) {
+            fetchOpts.body = request.body;
+            fetchOpts.duplex = "half";
+          }
+          return logProxyError(
+            originalFetch(String(proxiedUrl), fetchOpts),
+            `request-mode method=${request.method} hasBody=${!!request.body}`,
+          );
+        }
+
+        // Build a fresh init: do NOT spread `init` because it may carry a
+        // `dispatcher`/`client` pinned to the original target's connection
+        // pool, which causes undici to throw UND_ERR_INVALID_ARG when we
+        // change the origin. Forward only well-known fetch options.
+        const newInit = {
+          method: init?.method || "GET",
+          headers: mergedHeaders,
+        };
+        if (init?.body != null) {
+          newInit.body = init.body;
+          if (init.body instanceof ReadableStream) {
+            newInit.duplex = init.duplex || "half";
+          }
+        }
+        if (init?.signal) newInit.signal = init.signal;
+        if (init?.redirect) newInit.redirect = init.redirect;
+        if (init?.credentials) newInit.credentials = init.credentials;
+        if (init?.cache) newInit.cache = init.cache;
+        if (init?.mode) newInit.mode = init.mode;
+        if (init?.referrer) newInit.referrer = init.referrer;
+        if (init?.referrerPolicy) newInit.referrerPolicy = init.referrerPolicy;
+        if (init?.integrity) newInit.integrity = init.integrity;
+        if (init?.keepalive != null) newInit.keepalive = init.keepalive;
+
+        const bodyType = init?.body == null
+          ? "none"
+          : init.body instanceof ReadableStream
+            ? "ReadableStream"
+            : (init.body?.constructor?.name || typeof init.body);
+
+        return logProxyError(
+          originalFetch(String(proxiedUrl), newInit),
+          `init-mode method=${newInit.method} body=${bodyType} initKeys=${Object.keys(init || {}).join(",")}`,
+        );
+      };
+    }
+
+    // undici patching
+    const patchUndiciInstance = (exports) => {
+      if (!exports) return;
+
+      const patchDispatch = (proto, name) => {
+        if (proto && proto.dispatch && !proto.dispatch._patched) {
+          const origDispatch = proto.dispatch;
+          proto.dispatch = function(options, handler) {
+            let origin = options.origin || this.origin;
+            if (origin && typeof origin !== 'string') {
+              try { origin = origin.origin || origin.toString(); } catch (e) { origin = ""; }
+            }
+            
+            let hostname = "";
+            try {
+              hostname = new URL(String(origin)).hostname;
+            } catch(e) {
+              hostname = String(origin || "").split(':')[0];
+            }
+
+            if (hostname && shouldProxyHost(hostname)) {
+              if (DEBUG) log(`[cloudflare-proxy] Redirecting undici ${name}.dispatch: ${hostname}${options.path || ""} -> ${proxy.hostname}`);
+              
+              const targetHeader = "x-target-host";
+              const secretHeader = "x-proxy-key";
+
+              if (Array.isArray(options.headers)) {
+                let foundTarget = false;
+                for (let i = 0; i < options.headers.length; i += 2) {
+                  if (String(options.headers[i]).toLowerCase() === targetHeader) {
+                    foundTarget = true;
+                    break;
+                  }
+                }
+                if (!foundTarget) {
+                  options.headers.push(targetHeader, hostname);
+                  if (PROXY_SHARED_SECRET) options.headers.push(secretHeader, PROXY_SHARED_SECRET);
+                }
+              } else {
+                options.headers = options.headers || {};
+                if (options.headers instanceof Map || (typeof options.headers.set === 'function')) {
+                  options.headers.set(targetHeader, hostname);
+                  if (PROXY_SHARED_SECRET) options.headers.set(secretHeader, PROXY_SHARED_SECRET);
+                } else {
+                  options.headers[targetHeader] = hostname;
+                  if (PROXY_SHARED_SECRET) options.headers[secretHeader] = PROXY_SHARED_SECRET;
+                }
+              }
+              options.origin = `https://${proxy.hostname}`;
+            }
+            return origDispatch.call(this, options, handler);
+          };
+          proto.dispatch._patched = true;
+        }
+      };
+
+      for (const key in exports) {
+        if (exports[key] && exports[key].prototype && typeof exports[key].prototype.dispatch === 'function') {
+           patchDispatch(exports[key].prototype, key);
+        }
+      }
+
+      if (exports.getGlobalDispatcher) {
+        try {
+          const globalDispatcher = exports.getGlobalDispatcher();
+          if (globalDispatcher && globalDispatcher.dispatch && !globalDispatcher.dispatch._patched) {
+            patchDispatch(globalDispatcher, "GlobalDispatcherInstance");
+          }
+        } catch (e) {}
+      }
+
+      // Also patch Agent and other potentially unexported classes if they have dispatch
+      if (exports.Agent && exports.Agent.prototype) patchDispatch(exports.Agent.prototype, "Agent");
+      if (exports.Pool && exports.Pool.prototype) patchDispatch(exports.Pool.prototype, "Pool");
+      if (exports.Client && exports.Client.prototype) patchDispatch(exports.Client.prototype, "Client");
+
+      if (exports.fetch && !exports.fetch._patched) {
+        const origFetch = exports.fetch;
+        exports.fetch = async function (input, init) {
+          // If we are calling undici.fetch, it should use our globalThis.fetch which is patched
+          return globalThis.fetch(input, init);
+        };
+        exports.fetch._patched = true;
+      }
+    };
+
+    // Try to require undici immediately
+    try {
+      const undici = require("undici");
+      patchUndiciInstance(undici);
+    } catch (e) {}
+
+    // Hook require() to patch any undici instance the moment it loads.
+    // Match either the bare "undici" id or paths whose final package
+    // segment IS undici (e.g. "/foo/node_modules/undici/index.js"). The
+    // earlier substring check `id.includes("/undici/")` would also match
+    // unrelated packages like "super-undici-x".
+    const Module = require("module");
+    const originalRequire = Module.prototype.require;
+    const UNDICI_PATH_RE = /(?:^|\/)node_modules\/undici(?:\/|$)/;
+    Module.prototype.require = function (id) {
+      const exports = originalRequire.apply(this, arguments);
+      if (id === "undici" || UNDICI_PATH_RE.test(id)) {
+        try { patchUndiciInstance(exports); } catch (e) {}
+      }
+      return exports;
+    };
+
+    // Startup banner: print once across all Node spawns. Use a file marker
+    // because every Node process (health-server, gateway, sync subprocess)
+    // is spawned fresh from bash with NODE_OPTIONS=--require, so an env-var
+    // marker won't propagate. /tmp is per-container so it resets on rebuild.
+    if (DEBUG) {
+      try {
+        require("fs").writeFileSync("/tmp/.cf-proxy-banner-shown", "1", {
+          flag: "wx",
+        });
+        log(
+          `[cloudflare-proxy] active (${PROXY_ALL ? "wildcard" : "list"}) -> ${proxy.hostname}`,
+        );
+      } catch (_) {
+        // marker exists — banner already shown by another process
+      }
+    }
+  } catch (error) {
+    log(`[cloudflare-proxy] Failed to initialize: ${error.message}`);
+  }
+}

cloudflare-worker.js

@@ -0,0 +1,103 @@
+/**
+ * Cloudflare Worker: Universal Outbound Proxy
+ *
+ * Manual setup:
+ * 1. Create a Cloudflare Worker.
+ * 2. Paste this file and deploy it.
+ * 3. Use the worker URL as CLOUDFLARE_PROXY_URL.
+ *
+ * Optional worker vars:
+ * - PROXY_SHARED_SECRET
+ * - ALLOWED_TARGETS
+ * - ALLOW_PROXY_ALL
+ */
+
+function normalizeList(raw) {
+  return String(raw || "")
+    .split(",")
+    .map((value) => value.trim().toLowerCase())
+    .filter(Boolean);
+}
+
+export default {
+  async fetch(request, env) {
+    const url = new URL(request.url);
+    const queryTarget = url.searchParams.get("proxy_target");
+    const targetHost = request.headers.get("x-target-host") || queryTarget;
+    const proxySecret = (
+      env.PROXY_SHARED_SECRET ||
+      env.CLOUDFLARE_PROXY_SECRET ||
+      ""
+    ).trim();
+
+    if (proxySecret) {
+      const providedSecret = request.headers.get("x-proxy-key") || url.searchParams.get("proxy_key") || "";
+      if (providedSecret !== proxySecret) {
+        // Fallback: allow Telegram requests via path without secret if it looks like a bot API call.
+        // This is safe because it only proxies to api.telegram.org.
+        if (url.pathname.startsWith("/bot") && !targetHost) {
+          // Allowed
+        } else {
+          return new Response("Unauthorized: Invalid proxy key", { status: 401 });
+        }
+      }
+    }
+
+    const allowProxyAll =
+      String(env.ALLOW_PROXY_ALL || "true").toLowerCase() === "true";
+    const allowedTargets = normalizeList(
+      env.ALLOWED_TARGETS || "api.telegram.org,discord.com,discordapp.com,gateway.discord.gg,status.discord.com,web.whatsapp.com,graph.facebook.com,googleapis.com,google.com,googleusercontent.com,gstatic.com",
+    );
+
+    const isAllowedHost = (hostname) => {
+      const normalized = String(hostname || "")
+        .trim()
+        .toLowerCase();
+      if (!normalized) return false;
+      if (allowProxyAll) return true;
+      return allowedTargets.some(
+        (domain) => normalized === domain || normalized.endsWith(`.${domain}`),
+      );
+    };
+
+    let targetBase = "";
+    if (targetHost) {
+      if (!isAllowedHost(targetHost)) {
+        return new Response(`Forbidden: Host ${targetHost} is not allowed.`, { status: 403 });
+      }
+      targetBase = `https://${targetHost}`;
+    } else if (url.pathname.startsWith("/bot")) {
+      targetBase = "https://api.telegram.org";
+    } else {
+      return new Response("Invalid request: No target host provided.", { status: 400 });
+    }
+
+    const cleanSearch = new URLSearchParams(url.search);
+    cleanSearch.delete("proxy_target");
+    cleanSearch.delete("proxy_key");
+    const searchStr = cleanSearch.toString();
+    const targetUrl = targetBase + url.pathname + (searchStr ? `?${searchStr}` : "");
+    
+    const headers = new Headers(request.headers);
+    headers.delete("cf-connecting-ip");
+    headers.delete("cf-ray");
+    headers.delete("cf-visitor");
+    headers.delete("host");
+    headers.delete("x-real-ip");
+    headers.delete("x-target-host");
+    headers.delete("x-proxy-key");
+
+    const proxiedRequest = new Request(targetUrl, {
+      method: request.method,
+      headers,
+      body: request.body,
+      redirect: "follow",
+    });
+
+    try {
+      return await fetch(proxiedRequest);
+    } catch (error) {
+      return new Response(`Proxy Error: ${error.message}`, { status: 502 });
+    }
+  },
+};

docker-compose.yml

@@ -0,0 +1,54 @@
+# Local-dev convenience. For HF Space deployment, the Dockerfile alone is
+# enough — HF runs the container with auto-injected SPACE_HOST.
+#
+# Usage:
+#   cp .env.example .env   # add HF_TOKEN
+#   docker compose up --build
+#   open http://localhost:7860/
+
+services:
+  huggingpost:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: huggingpost
+    environment:
+      # HF backup (optional for local testing, but lets you smoke-test the
+      # restore path).
+      HF_TOKEN: ${HF_TOKEN:-}
+      HF_USERNAME: ${HF_USERNAME:-}
+      SYNC_INTERVAL: "180"
+      BACKUP_DATASET_NAME: huggingpost-backup-dev
+
+      # Public URL override (no SPACE_HOST when running locally)
+      FRONTEND_URL: http://localhost:7860
+      NEXT_PUBLIC_BACKEND_URL: http://localhost:7860/api
+      BACKEND_INTERNAL_URL: http://localhost:3000
+
+      # Storage
+      STORAGE_PROVIDER: local
+
+      # Cloudflare proxy (optional)
+      # CLOUDFLARE_WORKERS_TOKEN: ${CLOUDFLARE_WORKERS_TOKEN:-}
+
+    ports:
+      - "7860:7860"   # public — dashboard + reverse proxy
+      - "3000:3000"   # direct backend access (dev only)
+      - "4200:4200"   # direct frontend access (dev only)
+    volumes:
+      - postiz_data:/postiz
+      # Hot-reload of orchestration scripts during local dev (rebuild image
+      # when Dockerfile / postiz tree changes):
+      - ./start.sh:/app/start.sh
+      - ./health-server.js:/app/health-server.js
+      - ./postiz-sync.py:/app/postiz-sync.py
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:7860/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 180s
+
+volumes:
+  postiz_data:
+    driver: local

health-server.js

@@ -0,0 +1,833 @@
+// Single public entrypoint for HF Spaces: HuggingPost dashboard + reverse
+// proxy to Postiz (which lives behind the container's internal nginx on
+// port 5000 — that nginx routes /api → backend, /uploads → file system,
+// / → frontend).
+//
+// Routing rules (in order):
+//   /health, /status, /uptimerobot/setup → handled here
+//   / (exact)                            → HuggingPost dashboard HTML
+//   /app or /app/*                       → Postiz (nginx :5000), /app prefix stripped
+//   /_next/* or /static/*                → 301 redirect to /app/<same path>
+//                                          (catches asset URLs Next.js may emit
+//                                           without basePath in edge cases)
+//   anything else                        → 404
+//
+// Why strip /app: the Postiz frontend is built with basePath="/app" so it
+// emits asset URLs prefixed with /app. The browser sends /app/_next/foo to
+// us; we strip /app and forward /_next/foo to nginx :5000, which forwards
+// to Next.js on :4200. nginx's own routes (/api, /uploads, /) are also
+// reached after we strip the /app prefix.
+
+const http = require("http");
+const https = require("https");
+const fs = require("fs");
+const net = require("net");
+
+const PORT = 7860;
+const POSTIZ_HOST = "127.0.0.1";
+const POSTIZ_PORT = 5000;
+
+const startTime = Date.now();
+const HF_BACKUP_ENABLED = !!process.env.HF_TOKEN;
+const SYNC_INTERVAL = process.env.SYNC_INTERVAL || "300";
+const UPTIMEROBOT_SETUP_ENABLED =
+  String(process.env.UPTIMEROBOT_SETUP_ENABLED || "true").toLowerCase() === "true";
+const UPTIMEROBOT_RATE_WINDOW_MS = 60 * 1000;
+const UPTIMEROBOT_RATE_MAX = Number(process.env.UPTIMEROBOT_RATE_LIMIT_PER_MINUTE || 5);
+const SPACE_VISIBILITY_TTL_MS = 10 * 60 * 1000;
+const spaceVisibilityCache = new Map();
+const uptimerobotRateMap = new Map();
+
+// ============================================================================
+// URL helpers
+// ============================================================================
+
+function parseRequestUrl(url) {
+  try { return new URL(url, "http://localhost"); }
+  catch { return new URL("http://localhost/"); }
+}
+
+function isLocalRoute(pathname) {
+  return (
+    pathname === "/health" ||
+    pathname === "/status" ||
+    pathname === "/uptimerobot/setup" ||
+    pathname === "/" ||
+    pathname === ""
+  );
+}
+
+// ============================================================================
+// UptimeRobot helpers
+// ============================================================================
+
+function getRequesterIp(req) {
+  const forwarded = req.headers["x-forwarded-for"];
+  if (typeof forwarded === "string") return forwarded.split(",")[0].trim();
+  if (Array.isArray(forwarded) && forwarded.length > 0) return String(forwarded[0]).split(",")[0].trim();
+  return req.socket.remoteAddress || "unknown";
+}
+
+function isRateLimited(req) {
+  const now = Date.now();
+  const ip = getRequesterIp(req);
+  const bucket = uptimerobotRateMap.get(ip) || [];
+  const recent = bucket.filter((ts) => now - ts < UPTIMEROBOT_RATE_WINDOW_MS);
+  recent.push(now);
+  uptimerobotRateMap.set(ip, recent);
+  return recent.length > UPTIMEROBOT_RATE_MAX;
+}
+
+setInterval(() => {
+  const cutoff = Date.now() - UPTIMEROBOT_RATE_WINDOW_MS;
+  for (const [ip, timestamps] of uptimerobotRateMap) {
+    if (timestamps.every((ts) => ts < cutoff)) uptimerobotRateMap.delete(ip);
+  }
+}, 5 * 60 * 1000).unref();
+
+function isAllowedUptimeSetupOrigin(req) {
+  const host = String(req.headers.host || "").toLowerCase();
+  const origin = String(req.headers.origin || "").toLowerCase();
+  const referer = String(req.headers.referer || "").toLowerCase();
+  if (!host) return false;
+  if (origin && !origin.includes(host)) return false;
+  if (referer && !referer.includes(host)) return false;
+  return true;
+}
+
+function isValidUptimeApiKey(key) {
+  return /^[A-Za-z0-9_-]{20,128}$/.test(String(key || ""));
+}
+
+function decodeJwtPayload(token) {
+  try {
+    const parts = String(token || "").split(".");
+    if (parts.length < 2) return null;
+    const normalized = parts[1].replace(/-/g, "+").replace(/_/g, "/");
+    const padded = normalized + "=".repeat((4 - (normalized.length % 4)) % 4);
+    return JSON.parse(Buffer.from(padded, "base64").toString("utf8"));
+  } catch { return null; }
+}
+
+function getSpaceRef(parsedUrl) {
+  const signedToken = parsedUrl.searchParams.get("__sign");
+  if (!signedToken) return null;
+  const payload = decodeJwtPayload(signedToken);
+  const subject = payload && payload.sub;
+  const match = typeof subject === "string"
+    ? subject.match(/^\/spaces\/([^/]+)\/([^/]+)$/)
+    : null;
+  if (!match) return null;
+  return { owner: match[1], repo: match[2] };
+}
+
+function fetchStatusCode(url) {
+  return new Promise((resolve, reject) => {
+    const req = https.get(
+      url,
+      { headers: { "user-agent": "HuggingPost/1.0", accept: "application/json" } },
+      (res) => { res.resume(); resolve(res.statusCode || 0); },
+    );
+    req.on("error", reject);
+    req.setTimeout(5000, () => req.destroy(new Error("timeout")));
+  });
+}
+
+async function resolveSpaceIsPrivate(parsedUrl) {
+  const ref = getSpaceRef(parsedUrl);
+  if (!ref) return false;
+  const cacheKey = `${ref.owner}/${ref.repo}`;
+  const cached = spaceVisibilityCache.get(cacheKey);
+  if (cached && Date.now() - cached.timestamp < SPACE_VISIBILITY_TTL_MS) return cached.isPrivate;
+  try {
+    const statusCode = await fetchStatusCode(`https://huggingface.co/api/spaces/${ref.owner}/${ref.repo}`);
+    const isPrivate = statusCode === 401 || statusCode === 403 || statusCode === 404;
+    spaceVisibilityCache.set(cacheKey, { isPrivate, timestamp: Date.now() });
+    return isPrivate;
+  } catch {
+    if (cached) return cached.isPrivate;
+    return false;
+  }
+}
+
+function postUptimeRobot(path, form) {
+  const body = new URLSearchParams(form).toString();
+  return new Promise((resolve, reject) => {
+    const request = https.request(
+      {
+        hostname: "api.uptimerobot.com", port: 443, method: "POST", path,
+        headers: { "Content-Type": "application/x-www-form-urlencoded", "Content-Length": Buffer.byteLength(body) },
+      },
+      (response) => {
+        let raw = "";
+        response.setEncoding("utf8");
+        response.on("data", (c) => { raw += c; });
+        response.on("end", () => {
+          try { resolve(JSON.parse(raw)); }
+          catch { reject(new Error("Unexpected response from UptimeRobot")); }
+        });
+      },
+    );
+    request.on("error", reject);
+    request.write(body);
+    request.end();
+  });
+}
+
+async function createUptimeRobotMonitor(apiKey, host) {
+  const cleanHost = String(host || "").replace(/^https?:\/\//, "").replace(/\/.*$/, "");
+  if (!cleanHost) throw new Error("Missing Space host.");
+  const monitorUrl = `https://${cleanHost}/health`;
+  const existing = await postUptimeRobot("/v2/getMonitors", {
+    api_key: apiKey, format: "json", logs: "0", response_times: "0", response_times_limit: "1",
+  });
+  const existingMonitor = Array.isArray(existing.monitors)
+    ? existing.monitors.find((m) => m.url === monitorUrl) : null;
+  if (existingMonitor) return { created: false, message: `Monitor already exists for ${monitorUrl}` };
+  const created = await postUptimeRobot("/v2/newMonitor", {
+    api_key: apiKey, format: "json", type: "1",
+    friendly_name: `HuggingPost ${cleanHost}`,
+    url: monitorUrl, interval: "300",
+  });
+  if (created.stat !== "ok") {
+    const message = created?.error?.message || created?.message || "Failed to create UptimeRobot monitor.";
+    throw new Error(message);
+  }
+  return { created: true, message: `Monitor created for ${monitorUrl}` };
+}
+
+// ============================================================================
+// Status helpers
+// ============================================================================
+
+function readSyncStatus() {
+  try {
+    if (fs.existsSync("/tmp/sync-status.json")) {
+      return JSON.parse(fs.readFileSync("/tmp/sync-status.json", "utf8"));
+    }
+  } catch {}
+  if (HF_BACKUP_ENABLED) {
+    return {
+      db_status: "unknown", last_sync_time: null, last_error: null, sync_count: 0,
+      status: "configured",
+      message: `Backup enabled. Waiting for first sync (every ${SYNC_INTERVAL}s).`,
+    };
+  }
+  return { db_status: "unknown", last_sync_time: null, last_error: null, sync_count: 0 };
+}
+
+function checkPostizHealth() {
+  return new Promise((resolve) => {
+    const timeout = setTimeout(() => resolve({ status: "unreachable", reason: "timeout" }), 5000);
+    http.get(`http://${POSTIZ_HOST}:${POSTIZ_PORT}/`, (res) => {
+      clearTimeout(timeout);
+      resolve({ status: res.statusCode < 500 ? "running" : "error", statusCode: res.statusCode });
+      res.resume();
+    }).on("error", (err) => {
+      clearTimeout(timeout);
+      resolve({ status: "unreachable", reason: err.message });
+    });
+  });
+}
+
+function formatUptime(seconds) {
+  const h = Math.floor(seconds / 3600);
+  const m = Math.floor((seconds % 3600) / 60);
+  return `${h}h ${m}m`;
+}
+
+// ============================================================================
+// Dashboard HTML
+// ============================================================================
+
+function renderDashboard(initialData) {
+  const keepAwakeHtml = !UPTIMEROBOT_SETUP_ENABLED
+    ? `<div class="helper-summary">UptimeRobot setup is disabled for this Space.</div>`
+    : initialData.spacePrivate
+    ? `<div class="helper-summary"><strong>Space is private.</strong> External monitors cannot reach private HF Spaces. Switch to public to use keep-awake.</div>`
+    : `
+        <div id="uptimerobot-summary" class="helper-summary">
+            One-time setup for public Spaces. Paste your UptimeRobot <strong>Main API key</strong> to create the monitor.
+        </div>
+        <button id="uptimerobot-toggle" class="helper-toggle" type="button">Set Up Monitor</button>
+        <div id="uptimerobot-shell" class="helper-shell hidden">
+            <div class="helper-copy">
+                Do <strong>not</strong> use the Read-only API key or a Monitor-specific API key.
+            </div>
+            <div class="helper-row">
+                <input id="uptimerobot-key" class="helper-input" type="password"
+                    placeholder="Paste your UptimeRobot Main API key" autocomplete="off" />
+                <button id="uptimerobot-btn" class="helper-button" type="button">Create Monitor</button>
+            </div>
+            <div class="helper-note">One-time setup. Your key is only used to create the monitor for this Space.</div>
+        </div>
+        <div id="uptimerobot-result" class="helper-result"></div>`;
+
+  const syncStatus = initialData.sync;
+  const hasBackup = HF_BACKUP_ENABLED;
+  const lastSync = syncStatus.last_sync_time ? new Date(syncStatus.last_sync_time).toLocaleString() : "Never";
+  const syncError = syncStatus.last_error || null;
+
+  const syncBadge = !hasBackup
+    ? `<div class="status-badge status-offline">Disabled</div>`
+    : syncError
+    ? `<div class="status-badge status-error">Error</div>`
+    : syncStatus.last_sync_time
+    ? `<div class="status-badge status-online"><div class="pulse"></div>Enabled</div>`
+    : `<div class="status-badge status-syncing"><div class="pulse" style="background:#3b82f6"></div>Pending</div>`;
+
+  const postizBadge = initialData.postizRunning
+    ? `<div class="status-badge status-online"><div class="pulse"></div>Running</div>`
+    : `<div class="status-badge status-offline">Booting</div>`;
+
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>HuggingPost Dashboard</title>
+    <link href="https://fonts.googleapis.com/css2?family=Outfit:wght@300;400;600&display=swap" rel="stylesheet">
+    <style>
+        :root {
+            --bg: #0f172a;
+            --card-bg: rgba(30, 41, 59, 0.7);
+            --accent: linear-gradient(135deg, #ec4899, #8b5cf6);
+            --text: #f8fafc;
+            --text-dim: #94a3b8;
+            --success: #10b981;
+            --error: #ef4444;
+            --warning: #f59e0b;
+        }
+        * { box-sizing: border-box; margin: 0; padding: 0; }
+        body {
+            font-family: 'Outfit', sans-serif;
+            background-color: var(--bg);
+            color: var(--text);
+            display: flex;
+            justify-content: center;
+            align-items: flex-start;
+            min-height: 100vh;
+            padding: 24px 0;
+            background-image:
+                radial-gradient(at 0% 0%, rgba(236, 72, 153, 0.15) 0px, transparent 50%),
+                radial-gradient(at 100% 0%, rgba(139, 92, 246, 0.15) 0px, transparent 50%);
+        }
+        .dashboard {
+            width: 90%; max-width: 600px;
+            background: var(--card-bg);
+            backdrop-filter: blur(12px);
+            border: 1px solid rgba(255,255,255,0.1);
+            border-radius: 24px; padding: 40px;
+            box-shadow: 0 25px 50px -12px rgba(0,0,0,0.5);
+            animation: fadeIn 0.8s ease-out;
+            margin: 24px 0;
+        }
+        @keyframes fadeIn { from { opacity:0; transform:translateY(20px); } to { opacity:1; transform:translateY(0); } }
+        header { text-align: center; margin-bottom: 40px; }
+        h1 {
+            font-size: 2.5rem; margin-bottom: 8px;
+            background: var(--accent);
+            -webkit-background-clip: text;
+            -webkit-text-fill-color: transparent;
+            font-weight: 600;
+        }
+        .subtitle { color: var(--text-dim); font-size: 0.9rem; letter-spacing: 1px; text-transform: uppercase; }
+        .stats-grid { display: grid; grid-template-columns: repeat(2, 1fr); gap: 20px; margin-bottom: 20px; }
+        .stat-card {
+            background: rgba(255,255,255,0.03);
+            border: 1px solid rgba(255,255,255,0.05);
+            padding: 20px; border-radius: 16px;
+            transition: transform 0.3s ease, border-color 0.3s ease;
+        }
+        .stat-card:hover { transform: translateY(-3px); border-color: rgba(236,72,153,0.3); }
+        .stat-label { color: var(--text-dim); font-size: 0.75rem; text-transform: uppercase; margin-bottom: 8px; display: block; }
+        .stat-value { font-size: 1.1rem; font-weight: 600; }
+        .stat-btn {
+            grid-column: span 2;
+            background: var(--accent);
+            color: #fff; padding: 16px;
+            border-radius: 16px; text-align: center;
+            text-decoration: none; font-weight: 600;
+            display: block;
+            transition: transform 0.3s ease, box-shadow 0.3s ease;
+            box-shadow: 0 10px 20px -5px rgba(236,72,153,0.4);
+        }
+        .stat-btn:hover { transform: scale(1.02); box-shadow: 0 15px 30px -5px rgba(236,72,153,0.6); }
+        .status-badge {
+            display: inline-flex; align-items: center; gap: 6px;
+            padding: 4px 12px; border-radius: 20px;
+            font-size: 0.8rem; font-weight: 600;
+        }
+        .status-online  { background: rgba(16,185,129,0.1); color: var(--success); }
+        .status-offline { background: rgba(239,68,68,0.1); color: var(--error); }
+        .status-syncing { background: rgba(59,130,246,0.1); color: #3b82f6; }
+        .status-error   { background: rgba(239,68,68,0.1); color: var(--error); }
+        .pulse {
+            width: 8px; height: 8px; border-radius: 50%;
+            background: currentColor;
+            box-shadow: 0 0 0 0 rgba(16,185,129,0.7);
+            animation: pulse 2s infinite;
+        }
+        @keyframes pulse {
+            0%   { transform: scale(0.95); box-shadow: 0 0 0 0 rgba(16,185,129,0.7); }
+            70%  { transform: scale(1);    box-shadow: 0 0 0 10px rgba(16,185,129,0); }
+            100% { transform: scale(0.95); box-shadow: 0 0 0 0 rgba(16,185,129,0); }
+        }
+        .card-header { display: flex; align-items: center; justify-content: space-between; gap: 12px; margin-bottom: 8px; }
+        .card-header .stat-label { margin-bottom: 0; }
+        .sync-info { background: rgba(255,255,255,0.02); padding: 15px; border-radius: 12px; font-size: 0.85rem; color: var(--text-dim); margin-top: 10px; }
+        #sync-msg { color: var(--text); display: block; margin-top: 4px; }
+        .helper-card { width: 100%; margin-top: 20px; }
+        .helper-copy { color: var(--text-dim); font-size: 0.92rem; line-height: 1.6; margin-top: 10px; }
+        .helper-copy strong { color: var(--text); }
+        .helper-row { display: flex; gap: 10px; margin-top: 16px; flex-wrap: wrap; }
+        .helper-input {
+            flex: 1; min-width: 240px;
+            background: rgba(255,255,255,0.04);
+            border: 1px solid rgba(255,255,255,0.08);
+            color: var(--text); border-radius: 12px;
+            padding: 14px 16px; font: inherit;
+        }
+        .helper-input::placeholder { color: var(--text-dim); }
+        .helper-button {
+            background: var(--accent); color: #fff; border: 0;
+            border-radius: 12px; padding: 14px 18px;
+            font: inherit; font-weight: 600; cursor: pointer; min-width: 180px;
+        }
+        .helper-button:disabled { opacity: 0.6; cursor: wait; }
+        .hidden { display: none !important; }
+        .helper-note { margin-top: 10px; font-size: 0.82rem; color: var(--text-dim); }
+        .helper-result { margin-top: 14px; padding: 12px 14px; border-radius: 12px; font-size: 0.9rem; display: none; }
+        .helper-result.ok    { display: block; background: rgba(16,185,129,0.1); color: var(--success); }
+        .helper-result.error { display: block; background: rgba(239,68,68,0.1); color: var(--error); }
+        .helper-shell { margin-top: 12px; }
+        .helper-shell.hidden { display: none; }
+        .helper-summary {
+            margin-top: 14px; padding: 12px 14px; border-radius: 12px;
+            background: rgba(255,255,255,0.03); color: var(--text-dim);
+            font-size: 0.9rem; line-height: 1.5;
+        }
+        .helper-summary strong { color: var(--text); }
+        .helper-summary.success { background: rgba(16,185,129,0.08); }
+        .helper-toggle {
+            margin-top: 14px; display: inline-flex; align-items: center; justify-content: center;
+            background: rgba(255,255,255,0.04); color: var(--text);
+            border: 1px solid rgba(255,255,255,0.08); border-radius: 12px;
+            padding: 12px 16px; font: inherit; font-weight: 600; cursor: pointer;
+        }
+        .footer { text-align: center; color: var(--text-dim); font-size: 0.8rem; margin-top: 20px; }
+        @media (max-width: 700px) {
+            body { padding: 16px 0; }
+            .dashboard { width: calc(100% - 24px); padding: 24px; border-radius: 18px; margin: 12px 0; }
+            header { margin-bottom: 28px; }
+            h1 { font-size: 2rem; }
+            .stats-grid { grid-template-columns: 1fr; gap: 14px; margin-bottom: 16px; }
+            .stat-btn { grid-column: span 1; }
+            .helper-row { flex-direction: column; }
+            .helper-input, .helper-button { width: 100%; min-width: 0; }
+        }
+    </style>
+</head>
+<body>
+    <div class="dashboard">
+        <header>
+            <h1>📮 HuggingPost</h1>
+            <p class="subtitle">Postiz on HF Spaces</p>
+        </header>
+
+        <div class="stats-grid">
+            <div class="stat-card">
+                <div class="card-header">
+                    <span class="stat-label">Postiz</span>
+                    <span id="postiz-badge">${postizBadge}</span>
+                </div>
+                <div style="margin-top: 8px; font-size: 0.82rem; color: var(--text-dim);">
+                    Mounted at <strong style="color:var(--text)">/app</strong> · <a href="/app/" style="color:#f472b6;text-decoration:none;" target="_blank">Open UI →</a>
+                </div>
+            </div>
+            <div class="stat-card">
+                <span class="stat-label">Uptime</span>
+                <span class="stat-value" id="uptime">${formatUptime(Math.floor((Date.now() - startTime) / 1000))}</span>
+            </div>
+            <div class="stat-card">
+                <div class="card-header">
+                    <span class="stat-label">Backup</span>
+                    <span id="sync-badge">${syncBadge}</span>
+                </div>
+                <div style="margin-top: 8px; font-size: 0.82rem; color: var(--text-dim);">
+                    Last sync: <span id="last-sync">${lastSync}</span>
+                </div>
+            </div>
+            <div class="stat-card">
+                <span class="stat-label">Database</span>
+                <span class="stat-value" id="db-status">${syncStatus.db_status === "connected" ? "PostgreSQL ✓" : syncStatus.db_status === "error" ? "Error" : "PostgreSQL"}</span>
+            </div>
+            <a href="/app/" id="open-ui-btn" class="stat-btn" target="_blank" rel="noopener noreferrer">Open Postiz →</a>
+        </div>
+
+        <div class="stat-card" style="width: 100%; margin-bottom: 20px;">
+            <div class="card-header">
+                <span class="stat-label">Backup Sync</span>
+                <div id="sync-badge-detail">${syncBadge}</div>
+            </div>
+            <div class="sync-info">
+                Last activity: <span id="sync-time-detail">${lastSync}</span>
+                <span id="sync-msg">${syncError ? "Error: " + syncError : syncStatus.last_sync_time ? "Sync successful" : hasBackup ? "Waiting for first sync..." : "HF_TOKEN not set — backups disabled"}</span>
+            </div>
+        </div>
+
+        <div class="stat-card helper-card">
+            <span class="stat-label">Keep Space Awake</span>
+            ${keepAwakeHtml}
+        </div>
+
+        <div class="footer">Live updates every 30s · Schedule posts only fire while the Space is awake</div>
+    </div>
+
+    <script>
+        const KEEP_AWAKE_PRIVATE = ${initialData.spacePrivate ? "true" : "false"};
+        const KEEP_AWAKE_SETUP_ENABLED = ${UPTIMEROBOT_SETUP_ENABLED ? "true" : "false"};
+        const monitorStateKey = 'huggingpost_uptimerobot_v1';
+
+        function getCurrentSearch() { return window.location.search || ''; }
+
+        function renderSyncBadge(status, lastSyncTime, lastError) {
+            if (!${hasBackup}) return '<div class="status-badge status-offline">Disabled</div>';
+            if (lastError) return '<div class="status-badge status-error">Error</div>';
+            if (lastSyncTime) return '<div class="status-badge status-online"><div class="pulse"></div>Enabled</div>';
+            return '<div class="status-badge status-syncing"><div class="pulse" style="background:#3b82f6"></div>Pending</div>';
+        }
+
+        async function updateStatus() {
+            try {
+                const res = await fetch('/status' + getCurrentSearch());
+                const data = await res.json();
+                document.getElementById('uptime').textContent = data.uptime;
+
+                const pbadge = data.postizRunning
+                    ? '<div class="status-badge status-online"><div class="pulse"></div>Running</div>'
+                    : '<div class="status-badge status-offline">Booting</div>';
+                document.getElementById('postiz-badge').innerHTML = pbadge;
+
+                const badge = renderSyncBadge(data.sync.db_status, data.sync.last_sync_time, data.sync.last_error);
+                document.getElementById('sync-badge').innerHTML = badge;
+                document.getElementById('sync-badge-detail').innerHTML = badge;
+
+                const lastSync = data.sync.last_sync_time ? new Date(data.sync.last_sync_time).toLocaleString() : 'Never';
+                document.getElementById('last-sync').textContent = lastSync;
+                document.getElementById('sync-time-detail').textContent = lastSync;
+
+                const syncMsg = data.sync.last_error ? 'Error: ' + data.sync.last_error
+                    : data.sync.last_sync_time ? 'Sync successful'
+                    : ${hasBackup} ? 'Waiting for first sync...' : 'HF_TOKEN not set — backups disabled';
+                document.getElementById('sync-msg').textContent = syncMsg;
+
+                const dbEl = document.getElementById('db-status');
+                dbEl.textContent = data.sync.db_status === 'connected' ? 'PostgreSQL ✓'
+                    : data.sync.db_status === 'error' ? 'Error' : 'PostgreSQL';
+            } catch (e) { console.error('Status update failed:', e); }
+        }
+
+        function setMonitorUiState(isConfigured) {
+            const summary = document.getElementById('uptimerobot-summary');
+            const shell = document.getElementById('uptimerobot-shell');
+            const toggle = document.getElementById('uptimerobot-toggle');
+            if (!summary || !shell || !toggle) return;
+            if (isConfigured) {
+                summary.classList.add('success');
+                summary.innerHTML = '<strong>Already set up.</strong> Your UptimeRobot monitor should keep this public Space awake.';
+                shell.classList.add('hidden');
+                toggle.textContent = 'Set Up Again';
+            } else {
+                summary.classList.remove('success');
+                summary.innerHTML = 'One-time setup for public Spaces. Paste your UptimeRobot <strong>Main API key</strong> to create the monitor.';
+                toggle.textContent = 'Set Up Monitor';
+            }
+        }
+
+        function restoreMonitorUiState() {
+            try { setMonitorUiState(window.localStorage.getItem(monitorStateKey) === 'done'); }
+            catch { setMonitorUiState(false); }
+        }
+
+        async function setupUptimeRobot() {
+            const input = document.getElementById('uptimerobot-key');
+            const button = document.getElementById('uptimerobot-btn');
+            const result = document.getElementById('uptimerobot-result');
+            const apiKey = input.value.trim();
+            if (!apiKey) {
+                result.className = 'helper-result error';
+                result.textContent = 'Paste your UptimeRobot Main API key first.';
+                return;
+            }
+            button.disabled = true;
+            button.textContent = 'Creating...';
+            result.className = 'helper-result';
+            result.textContent = '';
+            try {
+                const res = await fetch('/uptimerobot/setup' + getCurrentSearch(), {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({ apiKey }),
+                });
+                const data = await res.json();
+                if (!res.ok) throw new Error(data.message || 'Failed to create monitor.');
+                result.className = 'helper-result ok';
+                result.textContent = data.message || 'UptimeRobot monitor is ready.';
+                input.value = '';
+                try { window.localStorage.setItem(monitorStateKey, 'done'); } catch {}
+                setMonitorUiState(true);
+                document.getElementById('uptimerobot-shell').classList.add('hidden');
+            } catch (error) {
+                result.className = 'helper-result error';
+                result.textContent = error.message || 'Failed to create monitor.';
+            } finally {
+                button.disabled = false;
+                button.textContent = 'Create Monitor';
+            }
+        }
+
+        updateStatus();
+        setInterval(updateStatus, 30000);
+
+        if (KEEP_AWAKE_SETUP_ENABLED && !KEEP_AWAKE_PRIVATE) {
+            restoreMonitorUiState();
+            const toggleBtn = document.getElementById('uptimerobot-toggle');
+            const createBtn = document.getElementById('uptimerobot-btn');
+            if (toggleBtn) toggleBtn.addEventListener('click', () => {
+                document.getElementById('uptimerobot-shell').classList.toggle('hidden');
+            });
+            if (createBtn) createBtn.addEventListener('click', setupUptimeRobot);
+        }
+    </script>
+</body>
+</html>`;
+}
+
+// ============================================================================
+// Request body reader
+// ============================================================================
+
+function readRequestBody(req) {
+  return new Promise((resolve, reject) => {
+    let body = "";
+    req.on("data", (chunk) => {
+      body += chunk;
+      if (body.length > 64 * 1024) { reject(new Error("Request too large")); req.destroy(); }
+    });
+    req.on("end", () => resolve(body));
+    req.on("error", reject);
+  });
+}
+
+// ============================================================================
+// Reverse proxy
+// ============================================================================
+
+function buildProxyHeaders(headers) {
+  const f = headers["x-forwarded-for"];
+  const clientIp = typeof f === "string" ? f.split(",")[0].trim()
+    : (Array.isArray(f) && f.length ? String(f[0]).split(",")[0].trim() : "");
+  return {
+    ...headers,
+    host: `${POSTIZ_HOST}:${POSTIZ_PORT}`,
+    "x-forwarded-for": clientIp,
+    "x-forwarded-host": headers.host || "",
+    "x-forwarded-proto": headers["x-forwarded-proto"] || "https",
+  };
+}
+
+function proxyHttp(req, res, overridePath) {
+  const targetPath = overridePath !== undefined ? overridePath : req.url;
+  let upstreamStarted = false;
+  const proxyReq = http.request(
+    { hostname: POSTIZ_HOST, port: POSTIZ_PORT, method: req.method,
+      path: targetPath, headers: buildProxyHeaders(req.headers) },
+    (proxyRes) => {
+      upstreamStarted = true;
+      res.writeHead(proxyRes.statusCode || 502, proxyRes.headers);
+      proxyRes.pipe(res);
+    },
+  );
+  proxyReq.on("error", (error) => {
+    if (res.headersSent || upstreamStarted) { res.destroy(); return; }
+    res.writeHead(502, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({
+      status: "error",
+      message: "Postiz unavailable",
+      detail: error.message,
+      hint: "Postiz may still be starting (first boot ~60s after build). Check the Logs tab.",
+    }));
+  });
+  res.on("close", () => proxyReq.destroy());
+  req.pipe(proxyReq);
+}
+
+function proxyUpgrade(req, socket, head, overridePath) {
+  const targetPath = overridePath !== undefined ? overridePath : req.url;
+  const proxySocket = net.connect(POSTIZ_PORT, POSTIZ_HOST);
+  proxySocket.on("connect", () => {
+    const f = req.headers["x-forwarded-for"];
+    const clientIp = typeof f === "string" ? f.split(",")[0].trim() : req.socket.remoteAddress || "";
+    const headerLines = [];
+    for (let i = 0; i < req.rawHeaders.length; i += 2) {
+      const name = req.rawHeaders[i];
+      const value = req.rawHeaders[i + 1];
+      const lower = String(name).toLowerCase();
+      if (lower === "host" || lower.startsWith("x-forwarded-")) continue;
+      headerLines.push(`${name}: ${value}`);
+    }
+    const lines = [
+      `${req.method} ${targetPath} HTTP/${req.httpVersion}`,
+      ...headerLines,
+      `Host: ${POSTIZ_HOST}:${POSTIZ_PORT}`,
+      `X-Forwarded-For: ${clientIp}`,
+      `X-Forwarded-Host: ${req.headers.host || ""}`,
+      `X-Forwarded-Proto: ${req.headers["x-forwarded-proto"] || "https"}`,
+      "", "",
+    ];
+    proxySocket.write(lines.join("\r\n"));
+    if (head && head.length > 0) proxySocket.write(head);
+    socket.pipe(proxySocket).pipe(socket);
+  });
+  proxySocket.on("error", () => {
+    if (socket.writable) socket.write("HTTP/1.1 502 Bad Gateway\r\nConnection: close\r\n\r\n");
+    socket.destroy();
+  });
+  socket.on("error", () => proxySocket.destroy());
+}
+
+// ============================================================================
+// HTTP Server
+// ============================================================================
+
+const server = http.createServer((req, res) => {
+  const parsedUrl = parseRequestUrl(req.url || "/");
+  const pathname = parsedUrl.pathname;
+  const uptime = Math.floor((Date.now() - startTime) / 1000);
+
+  // ── /health ──────────────────────────────────────────────────────────────
+  if (pathname === "/health") {
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({
+      status: "ok", uptime, uptimeHuman: formatUptime(uptime),
+      timestamp: new Date().toISOString(), sync: readSyncStatus(),
+    }));
+    return;
+  }
+
+  // ── /status ──────────────────────────────────────────────────────────────
+  if (pathname === "/status") {
+    void (async () => {
+      const postiz = await checkPostizHealth();
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({
+        uptime: formatUptime(uptime),
+        postizRunning: postiz.status === "running",
+        sync: readSyncStatus(),
+      }));
+    })();
+    return;
+  }
+
+  // ── /uptimerobot/setup ───────────────────────────────────────────────────
+  if (pathname === "/uptimerobot/setup") {
+    if (req.method !== "POST") {
+      res.writeHead(405, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ message: "Method not allowed" }));
+      return;
+    }
+    void (async () => {
+      try {
+        if (!UPTIMEROBOT_SETUP_ENABLED) {
+          res.writeHead(403, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ message: "Uptime setup is disabled." }));
+          return;
+        }
+        if (isRateLimited(req)) {
+          res.writeHead(429, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ message: "Too many requests." }));
+          return;
+        }
+        if (!isAllowedUptimeSetupOrigin(req)) {
+          res.writeHead(403, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ message: "Invalid request origin." }));
+          return;
+        }
+        const body = await readRequestBody(req);
+        const parsed = JSON.parse(body || "{}");
+        const apiKey = String(parsed.apiKey || "").trim();
+        if (!isValidUptimeApiKey(apiKey)) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ message: "A valid API key is required." }));
+          return;
+        }
+        const result = await createUptimeRobotMonitor(apiKey, req.headers.host);
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify(result));
+      } catch (error) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ message: error?.message || "Failed to create UptimeRobot monitor." }));
+      }
+    })();
+    return;
+  }
+
+  // ── Dashboard at exact / ─────────────────────────────────────────────────
+  if (pathname === "/" || pathname === "") {
+    void (async () => {
+      const [postiz, spacePrivate] = await Promise.all([
+        checkPostizHealth(),
+        resolveSpaceIsPrivate(parsedUrl),
+      ]);
+      const initialData = {
+        postizRunning: postiz.status === "running",
+        sync: readSyncStatus(),
+        spacePrivate,
+      };
+      res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(renderDashboard(initialData));
+    })();
+    return;
+  }
+
+  // ── /app or /app/* → strip prefix, proxy to Postiz nginx :5000 ───────────
+  if (pathname === "/app" || pathname.startsWith("/app/")) {
+    const stripped = pathname.slice("/app".length) || "/";
+    const query = parsedUrl.search || "";
+    proxyHttp(req, res, stripped + query);
+    return;
+  }
+
+  // ── Stray asset URLs without basePath (Sentry, hardcoded /static) ────────
+  // Browser-side libs sometimes emit absolute URLs that bypass Next.js
+  // basePath. Catch /_next/* and /static/* at root and 301 to /app/* so the
+  // browser learns the right prefix.
+  if (pathname.startsWith("/_next/") || pathname.startsWith("/static/")) {
+    res.writeHead(301, { Location: "/app" + pathname + (parsedUrl.search || "") });
+    res.end();
+    return;
+  }
+
+  // ── Anything else → 404 ──────────────────────────────────────────────────
+  res.writeHead(404, { "Content-Type": "text/plain" });
+  res.end("Not found. Try / for the dashboard or /app for Postiz.");
+});
+
+server.on("upgrade", (req, socket, head) => {
+  const parsedUrl = parseRequestUrl(req.url || "/");
+  const pathname = parsedUrl.pathname;
+  if (isLocalRoute(pathname)) { socket.destroy(); return; }
+  if (pathname === "/app" || pathname.startsWith("/app/")) {
+    const stripped = pathname.slice("/app".length) || "/";
+    proxyUpgrade(req, socket, head, stripped + (parsedUrl.search || ""));
+    return;
+  }
+  socket.destroy();
+});
+
+server.listen(PORT, "0.0.0.0", () => {
+  console.log(`✓ Health server listening on port ${PORT}`);
+  console.log(`✓ Dashboard : http://localhost:${PORT}/`);
+  console.log(`✓ Postiz    : http://localhost:${PORT}/app/  → nginx :${POSTIZ_PORT}`);
+});

postiz-sync.py

@@ -0,0 +1,382 @@
+#!/usr/bin/env python3
+"""
+HuggingPost backup/restore — Postgres dump + uploads dir + secrets → HF Dataset.
+
+Usage:
+    python3 postiz-sync.py sync     # backup → HF Dataset
+    python3 postiz-sync.py restore  # HF Dataset → restore DB + uploads + secrets
+
+Adapted from HuggingClip/paperclip-sync.py with three differences:
+  1. DB user is `postiz` (not `postgres`) — pg_dump is run as the postiz role.
+  2. Tarball includes /postiz/uploads (Postiz media) AND /postiz/.secrets
+     (jwt secret + db password) so a fresh container can recover identity.
+  3. Restore drops + recreates the postiz database before psql replay so we
+     don't get "database already exists" / duplicate-key errors.
+"""
+
+import os
+import sys
+import json
+import shutil
+import tarfile
+import tempfile
+import subprocess
+import logging
+import warnings
+from datetime import datetime, timezone
+from pathlib import Path
+
+warnings.filterwarnings("ignore", category=UserWarning, module="huggingface_hub")
+
+from huggingface_hub import HfApi
+from huggingface_hub.utils import RepositoryNotFoundError, EntryNotFoundError
+import huggingface_hub
+
+huggingface_hub.utils.disable_progress_bars()
+
+# ── Logging ──────────────────────────────────────────────────────────────────
+logging.basicConfig(level=logging.WARNING, format="%(asctime)s - %(levelname)s - %(message)s")
+logger = logging.getLogger(__name__)
+logger.setLevel(logging.INFO)
+logging.getLogger("httpx").setLevel(logging.WARNING)
+logging.getLogger("huggingface_hub").setLevel(logging.WARNING)
+
+# ── Config ───────────────────────────────────────────────────────────────────
+HF_TOKEN = os.environ.get("HF_TOKEN")
+HF_USERNAME = os.environ.get("HF_USERNAME")
+DATABASE_URL = os.environ.get("DATABASE_URL", "postgresql://postiz:postiz@localhost:5432/postiz")
+BACKUP_DATASET_NAME = os.environ.get("BACKUP_DATASET_NAME", "huggingpost-backup")
+SYNC_MAX_FILE_BYTES = int(os.environ.get("SYNC_MAX_FILE_BYTES", str(100 * 1024 * 1024)))  # 100 MB
+POSTIZ_HOME = Path(os.environ.get("POSTIZ_HOME", "/postiz"))
+UPLOADS_DIR = Path(os.environ.get("UPLOAD_DIRECTORY", str(POSTIZ_HOME / "uploads")))
+SECRETS_DIR = POSTIZ_HOME / ".secrets"
+STATUS_FILE = Path("/tmp/sync-status.json")
+
+
+# ── Helpers ──────────────────────────────────────────────────────────────────
+def parse_db_url(db_url: str) -> dict:
+    try:
+        s = db_url.replace("postgres://", "").replace("postgresql://", "")
+        if "@" in s:
+            creds, host_db = s.split("@", 1)
+            if ":" in creds:
+                user, password = creds.split(":", 1)
+            else:
+                user, password = creds, ""
+        else:
+            user, password, host_db = "postgres", "", s
+        if "/" in host_db:
+            host_port, database = host_db.rsplit("/", 1)
+        else:
+            host_port, database = host_db, "postiz"
+        if ":" in host_port:
+            host, port = host_port.rsplit(":", 1)
+        else:
+            host, port = host_port, "5432"
+        return {"user": user, "password": password, "host": host, "port": port, "database": database}
+    except Exception as e:
+        logger.error(f"Failed to parse DATABASE_URL: {e}")
+        return None
+
+
+def write_status(status: dict):
+    try:
+        STATUS_FILE.write_text(json.dumps(status, indent=2))
+    except Exception as e:
+        logger.error(f"Failed to write status file: {e}")
+
+
+def read_status() -> dict:
+    if STATUS_FILE.exists():
+        try:
+            return json.loads(STATUS_FILE.read_text())
+        except Exception:
+            pass
+    return {"db_status": "unknown", "last_sync_time": None, "last_error": None, "sync_count": 0}
+
+
+def env_with_password(db: dict) -> dict:
+    env = os.environ.copy()
+    if db["password"]:
+        env["PGPASSWORD"] = db["password"]
+    return env
+
+
+# ── Backup ───────────────────────────────────────────────────────────────────
+def backup_database() -> tuple[str | None, bool]:
+    db = parse_db_url(DATABASE_URL)
+    if not db:
+        return None, False
+
+    temp_dir = tempfile.mkdtemp()
+    dump_file = Path(temp_dir) / "postiz.sql"
+
+    cmd = [
+        "pg_dump",
+        f"--host={db['host']}",
+        f"--port={db['port']}",
+        f"--username={db['user']}",
+        "--format=plain",
+        "--no-owner",
+        "--no-privileges",
+        "--clean",         # emit DROP statements so restore is idempotent
+        "--if-exists",
+        db["database"],
+    ]
+
+    try:
+        with open(dump_file, "w") as f:
+            result = subprocess.run(cmd, stdout=f, stderr=subprocess.PIPE, env=env_with_password(db), timeout=600)
+        if result.returncode != 0:
+            logger.error(f"pg_dump failed: {result.stderr.decode('utf-8', errors='ignore')}")
+            return None, False
+        size_mb = dump_file.stat().st_size / 1024 / 1024
+        logger.debug(f"Database dumped ({size_mb:.2f} MB)")
+        return str(dump_file), True
+    except subprocess.TimeoutExpired:
+        logger.error("pg_dump timed out (>600s)")
+        return None, False
+    except Exception as e:
+        logger.error(f"Database backup error: {e}")
+        return None, False
+
+
+def create_backup_tarball(dump_file: str) -> tuple[str | None, bool]:
+    temp_dir = tempfile.mkdtemp()
+    tarball = Path(temp_dir) / "huggingpost-backup.tar.gz"
+    try:
+        with tarfile.open(tarball, "w:gz") as tar:
+            tar.add(dump_file, arcname="postiz.sql")
+            if UPLOADS_DIR.exists():
+                tar.add(str(UPLOADS_DIR), arcname="uploads")
+            if SECRETS_DIR.exists():
+                tar.add(str(SECRETS_DIR), arcname=".secrets")
+        size = tarball.stat().st_size
+        size_mb = size / 1024 / 1024
+        logger.debug(f"Tarball created ({size_mb:.2f} MB)")
+        if size > SYNC_MAX_FILE_BYTES:
+            logger.error(
+                f"Backup too large: {size_mb:.0f} MB > {SYNC_MAX_FILE_BYTES/1024/1024:.0f} MB. "
+                "Move uploads to Cloudflare R2 (set STORAGE_PROVIDER=cloudflare) "
+                "or raise SYNC_MAX_FILE_BYTES."
+            )
+            return None, False
+        return str(tarball), True
+    except Exception as e:
+        logger.error(f"Failed to create tarball: {e}")
+        return None, False
+
+
+def upload_to_hf(backup_file: str) -> bool:
+    if not HF_TOKEN:
+        logger.warning("HF_TOKEN not set — skipping upload")
+        return False
+    try:
+        api = HfApi(token=HF_TOKEN)
+        username = HF_USERNAME or api.whoami().get("name")
+        if not username:
+            logger.error("Failed to resolve HF username")
+            return False
+        dataset_id = f"{username}/{BACKUP_DATASET_NAME}"
+        api.create_repo(repo_id=dataset_id, repo_type="dataset", private=True, exist_ok=True)
+        api.upload_file(
+            path_or_fileobj=backup_file,
+            path_in_repo="snapshots/latest.tar.gz",
+            repo_id=dataset_id,
+            repo_type="dataset",
+            commit_message=f"Backup at {datetime.now(timezone.utc).isoformat()}",
+        )
+        logger.debug(f"Uploaded to {dataset_id}")
+        return True
+    except Exception as e:
+        logger.error(f"HF upload failed: {e}")
+        return False
+
+
+# ── Restore ──────────────────────────────────────────────────────────────────
+def restore_database(sql_file: str) -> bool:
+    db = parse_db_url(DATABASE_URL)
+    if not db:
+        return False
+
+    # Drop+recreate the postiz database as the OS postgres superuser. This
+    # bypasses connection-busy errors and gives us a clean slate to replay
+    # the dump into. The dump itself was taken with --clean --if-exists so
+    # it's also idempotent if we ever skip the recreate.
+    try:
+        recreate = (
+            f"DROP DATABASE IF EXISTS {db['database']} WITH (FORCE); "
+            f"CREATE DATABASE {db['database']} OWNER {db['user']};"
+        )
+        subprocess.run(
+            ["su", "-", "postgres", "-c", f"psql -c \"{recreate}\""],
+            check=False, capture_output=True, timeout=60,
+        )
+    except Exception as e:
+        logger.warning(f"DB recreate via su postgres failed (continuing): {e}")
+
+    cmd = [
+        "psql",
+        f"--host={db['host']}",
+        f"--port={db['port']}",
+        f"--username={db['user']}",
+        "--no-password",
+        "--single-transaction",
+        db["database"],
+    ]
+
+    try:
+        with open(sql_file, "r") as f:
+            result = subprocess.run(
+                cmd, stdin=f, stdout=subprocess.DEVNULL, stderr=subprocess.PIPE,
+                env=env_with_password(db), timeout=600,
+            )
+        if result.returncode != 0:
+            logger.error(f"psql restore failed: {result.stderr.decode('utf-8', errors='ignore')[:2000]}")
+            return False
+        return True
+    except subprocess.TimeoutExpired:
+        logger.error("psql restore timed out (>600s)")
+        return False
+    except Exception as e:
+        logger.error(f"Database restore error: {e}")
+        return False
+
+
+def download_and_restore() -> bool | None:
+    if not HF_TOKEN:
+        logger.warning("HF_TOKEN not set — skipping restore")
+        return False
+    try:
+        api = HfApi(token=HF_TOKEN)
+        username = HF_USERNAME or api.whoami().get("name")
+        if not username:
+            return False
+        dataset_id = f"{username}/{BACKUP_DATASET_NAME}"
+        temp_dir = tempfile.mkdtemp()
+        try:
+            snapshot = api.hf_hub_download(
+                repo_id=dataset_id, repo_type="dataset",
+                filename="snapshots/latest.tar.gz", local_dir=temp_dir,
+                local_dir_use_symlinks=False,
+            )
+        except (RepositoryNotFoundError, EntryNotFoundError):
+            logger.info(f"No backup yet in {dataset_id} — fresh instance")
+            return None
+
+        with tarfile.open(snapshot, "r:gz") as tar:
+            tar.extractall(temp_dir, filter="data")
+
+        sql = Path(temp_dir) / "postiz.sql"
+        if not sql.exists():
+            logger.error("postiz.sql not found in backup tarball")
+            return False
+
+        # Restore secrets FIRST so DB password matches what's about to be
+        # used during the restore (otherwise psql auth fails).
+        secrets_src = Path(temp_dir) / ".secrets"
+        if secrets_src.exists():
+            SECRETS_DIR.mkdir(parents=True, exist_ok=True)
+            for item in secrets_src.iterdir():
+                target = SECRETS_DIR / item.name
+                try:
+                    if target.exists():
+                        target.unlink()
+                    shutil.copy2(item, target)
+                    target.chmod(0o600)
+                except Exception as e:
+                    logger.warning(f"Failed to restore secret {item.name}: {e}")
+
+        # Restore uploads
+        uploads_src = Path(temp_dir) / "uploads"
+        if uploads_src.exists():
+            UPLOADS_DIR.mkdir(parents=True, exist_ok=True)
+            for item in uploads_src.iterdir():
+                target = UPLOADS_DIR / item.name
+                try:
+                    if target.exists():
+                        if target.is_dir():
+                            shutil.rmtree(target)
+                        else:
+                            target.unlink()
+                    if item.is_dir():
+                        shutil.copytree(item, target)
+                    else:
+                        shutil.copy2(item, target)
+                except Exception as e:
+                    logger.warning(f"Failed to restore upload {item.name}: {e}")
+
+        return restore_database(str(sql))
+    except Exception as e:
+        logger.error(f"Restore from HF failed: {e}")
+        return False
+
+
+# ── Public CLI ───────────────────────────────────────────────────────────────
+def cmd_sync() -> bool:
+    logger.info("Syncing backup to HF Dataset...")
+    status = read_status()
+    try:
+        dump, ok = backup_database()
+        if not ok:
+            status.update({"last_error": "pg_dump failed", "db_status": "error"})
+            write_status(status); return False
+        tarball, ok = create_backup_tarball(dump)
+        if not ok:
+            status.update({"last_error": "tarball creation failed", "db_status": "error"})
+            write_status(status); return False
+        ok = upload_to_hf(tarball)
+        status["last_sync_time"] = datetime.now(timezone.utc).isoformat().replace("+00:00", "Z")
+        status["db_status"] = "connected" if ok else "error"
+        status["last_error"] = None if ok else "Upload failed"
+        status["sync_count"] = status.get("sync_count", 0) + 1
+        write_status(status)
+        logger.info("Backup synced OK" if ok else "Backup sync failed")
+        return ok
+    except Exception as e:
+        logger.error(f"Backup operation failed: {e}")
+        status.update({"last_error": str(e), "db_status": "error"})
+        write_status(status)
+        return False
+
+
+def cmd_restore() -> bool:
+    logger.info("Restoring from HF Dataset...")
+    status = read_status()
+    try:
+        result = download_and_restore()
+        if result is None:
+            status.update({"db_status": "connected", "last_error": None})
+            write_status(status)
+            logger.info("No prior backup — fresh instance")
+            return True
+        if result:
+            status.update({"db_status": "connected", "last_error": None})
+            write_status(status)
+            logger.info("Restore OK")
+            return True
+        status.update({"db_status": "error", "last_error": "Restore failed"})
+        write_status(status)
+        return False
+    except Exception as e:
+        logger.error(f"Restore operation failed: {e}")
+        status.update({"last_error": str(e), "db_status": "error"})
+        write_status(status)
+        return False
+
+
+def main():
+    if len(sys.argv) < 2:
+        print("Usage: postiz-sync.py {sync|restore}")
+        sys.exit(1)
+    cmd = sys.argv[1]
+    if cmd == "sync":
+        sys.exit(0 if cmd_sync() else 1)
+    if cmd == "restore":
+        sys.exit(0 if cmd_restore() else 1)
+    print(f"Unknown command: {cmd}")
+    sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()

setup-uptimerobot.sh

@@ -0,0 +1,84 @@
+#!/bin/bash
+set -euo pipefail
+
+# Create or update a UptimeRobot monitor for this Hugging Face Space.
+#
+# Requirements:
+# - UPTIMEROBOT_API_KEY: Main API key from UptimeRobot
+# - SPACE_HOST or first CLI arg: your HF Space host, e.g. "user-space.hf.space"
+#
+# Optional:
+# - UPTIMEROBOT_MONITOR_NAME: friendly name for the monitor
+# - UPTIMEROBOT_ALERT_CONTACTS: dash-separated alert contact IDs, e.g. "123456-789012"
+# - UPTIMEROBOT_INTERVAL: monitoring interval in minutes (subject to account limits)
+
+API_URL="https://api.uptimerobot.com/v2"
+API_KEY="${UPTIMEROBOT_API_KEY:-}"
+SPACE_HOST_INPUT="${1:-${SPACE_HOST:-}}"
+
+if [ -z "$API_KEY" ]; then
+  echo "Missing UPTIMEROBOT_API_KEY."
+  echo "Use the Main API key from UptimeRobot -> Integrations."
+  echo "Do not use the Read-only API key or a Monitor-specific API key."
+  exit 1
+fi
+
+if [ -z "$SPACE_HOST_INPUT" ]; then
+  echo "Missing Space host."
+  echo "Usage: UPTIMEROBOT_API_KEY=... ./setup-uptimerobot.sh your-space.hf.space"
+  exit 1
+fi
+
+SPACE_HOST_CLEAN="${SPACE_HOST_INPUT#https://}"
+SPACE_HOST_CLEAN="${SPACE_HOST_CLEAN#http://}"
+SPACE_HOST_CLEAN="${SPACE_HOST_CLEAN%%/*}"
+
+MONITOR_URL="https://${SPACE_HOST_CLEAN}/health"
+MONITOR_NAME="${UPTIMEROBOT_MONITOR_NAME:-HuggingPost ${SPACE_HOST_CLEAN}}"
+INTERVAL="${UPTIMEROBOT_INTERVAL:-5}"
+
+echo "Checking existing UptimeRobot monitors for ${MONITOR_URL}..."
+MONITORS_RESPONSE=$(curl -sS -X POST "${API_URL}/getMonitors" \
+  -d "api_key=${API_KEY}" \
+  -d "format=json" \
+  -d "logs=0" \
+  -d "response_times=0" \
+  -d "response_times_limit=1")
+
+MONITOR_ID=$(printf '%s' "$MONITORS_RESPONSE" | jq -r --arg url "$MONITOR_URL" '
+  (.monitors // []) | map(select(.url == $url)) | first | .id // empty
+')
+
+if [ -n "$MONITOR_ID" ]; then
+  echo "Monitor already exists (id=${MONITOR_ID}) for ${MONITOR_URL}"
+  exit 0
+fi
+
+echo "Creating new UptimeRobot monitor for ${MONITOR_URL}..."
+
+CURL_ARGS=(
+  -sS
+  -X POST "${API_URL}/newMonitor"
+  -d "api_key=${API_KEY}"
+  -d "format=json"
+  -d "type=1"
+  -d "friendly_name=${MONITOR_NAME}"
+  -d "url=${MONITOR_URL}"
+  -d "interval=${INTERVAL}"
+)
+
+if [ -n "${UPTIMEROBOT_ALERT_CONTACTS:-}" ]; then
+  CURL_ARGS+=(-d "alert_contacts=${UPTIMEROBOT_ALERT_CONTACTS}")
+fi
+
+CREATE_RESPONSE=$(curl "${CURL_ARGS[@]}")
+CREATE_STATUS=$(printf '%s' "$CREATE_RESPONSE" | jq -r '.stat // "fail"')
+
+if [ "$CREATE_STATUS" != "ok" ]; then
+  echo "Failed to create monitor."
+  printf '%s\n' "$CREATE_RESPONSE"
+  exit 1
+fi
+
+NEW_ID=$(printf '%s' "$CREATE_RESPONSE" | jq -r '.monitor.id // empty')
+echo "Created UptimeRobot monitor ${NEW_ID:-"(id unavailable)"} for ${MONITOR_URL}"

start.sh

@@ -0,0 +1,244 @@
+#!/bin/bash
+# ============================================================================
+# HuggingPost orchestrator
+#
+# Boot order:
+#   1. Compute env (DB_URL, REDIS_URL, FRONTEND_URL, basePath-aware backend URL)
+#   2. Persist or generate JWT_SECRET, DB password
+#   3. Init Postgres data dir if empty, start postgres, create user + DB
+#   4. Start Redis
+#   5. Restore DB + uploads + secrets from HF Dataset (if HF_TOKEN set)
+#   6. Background: HF Dataset sync loop
+#   7. Background: nginx + PM2 (the 4 Postiz procs — same CMD as upstream)
+#   8. Foreground: health-server.js on port 7860
+#   9. SIGTERM → final sync → graceful exit
+# ============================================================================
+
+set -euo pipefail
+umask 0077
+
+# ── Paths ────────────────────────────────────────────────────────────────────
+POSTIZ_HOME="/postiz"
+POSTIZ_DIR="/app"
+PGDATA="${POSTIZ_HOME}/pgdata"
+SECRETS_DIR="${POSTIZ_HOME}/.secrets"
+JWT_SECRET_FILE="${SECRETS_DIR}/jwt-secret"
+DB_PASSWORD_FILE="${SECRETS_DIR}/db-password"
+mkdir -p "${POSTIZ_HOME}/uploads" "${POSTIZ_HOME}/redis" "${SECRETS_DIR}"
+
+# ── Public URL ───────────────────────────────────────────────────────────────
+if [ -n "${SPACE_HOST:-}" ]; then
+    PUBLIC_URL="https://${SPACE_HOST}"
+else
+    PUBLIC_URL="${PUBLIC_URL:-http://localhost:7860}"
+fi
+
+# ── JWT_SECRET (persist across restarts) ─────────────────────────────────────
+if [ -z "${JWT_SECRET:-}" ]; then
+    if [ -f "${JWT_SECRET_FILE}" ]; then
+        JWT_SECRET=$(cat "${JWT_SECRET_FILE}")
+    else
+        JWT_SECRET=$(openssl rand -base64 48 | tr -d '\n')
+        printf '%s' "${JWT_SECRET}" > "${JWT_SECRET_FILE}"
+        chmod 600 "${JWT_SECRET_FILE}"
+    fi
+    export JWT_SECRET
+fi
+
+# ── DB password (random hex, persisted) ──────────────────────────────────────
+if [ -f "${DB_PASSWORD_FILE}" ]; then
+    DB_PASSWORD=$(cat "${DB_PASSWORD_FILE}")
+else
+    DB_PASSWORD=$(openssl rand -hex 24)
+    printf '%s' "${DB_PASSWORD}" > "${DB_PASSWORD_FILE}"
+    chmod 600 "${DB_PASSWORD_FILE}"
+fi
+export PGPASSWORD="${DB_PASSWORD}"
+
+# ── Postiz env (UI mounted at /app, API at /app/api) ────────────────────────
+# basePath="/app" was patched into apps/frontend/next.config.js at build time,
+# so Next.js generates URLs prefixed with /app. NEXT_PUBLIC_BACKEND_URL must
+# include /app/api so frontend code calls the right path; health-server
+# strips /app before passing to nginx :5000, which then routes /api → backend
+# (port 3000) and /uploads → file system.
+export DATABASE_URL="${DATABASE_URL:-postgresql://postiz:${DB_PASSWORD}@localhost:5432/postiz}"
+export REDIS_URL="${REDIS_URL:-redis://localhost:6379}"
+export FRONTEND_URL="${FRONTEND_URL:-${PUBLIC_URL}/app}"
+export NEXT_PUBLIC_BACKEND_URL="${NEXT_PUBLIC_BACKEND_URL:-${PUBLIC_URL}/app/api}"
+export BACKEND_INTERNAL_URL="${BACKEND_INTERNAL_URL:-http://localhost:3000}"
+export STORAGE_PROVIDER="${STORAGE_PROVIDER:-local}"
+export UPLOAD_DIRECTORY="${UPLOAD_DIRECTORY:-${POSTIZ_HOME}/uploads}"
+export NEXT_PUBLIC_UPLOAD_STATIC_DIRECTORY="${NEXT_PUBLIC_UPLOAD_STATIC_DIRECTORY:-/app/uploads}"
+export IS_GENERAL="${IS_GENERAL:-true}"
+export NX_ADD_PLUGINS="${NX_ADD_PLUGINS:-false}"
+export NODE_ENV="${NODE_ENV:-production}"
+
+# Sync config
+export SYNC_INTERVAL="${SYNC_INTERVAL:-300}"
+export SYNC_MAX_FILE_BYTES="${SYNC_MAX_FILE_BYTES:-104857600}"
+export BACKUP_DATASET_NAME="${BACKUP_DATASET_NAME:-huggingpost-backup}"
+
+# ── Banner ───────────────────────────────────────────────────────────────────
+echo ""
+echo "  ╔════════════════════════════════════╗"
+echo "  ║          HuggingPost               ║"
+echo "  ║  Postiz on Hugging Face Spaces     ║"
+echo "  ╚════════════════════════════════════╝"
+echo ""
+echo "Public host  : ${SPACE_HOST:-not detected}"
+echo "Dashboard    : ${PUBLIC_URL}/"
+echo "Postiz UI    : ${PUBLIC_URL}/app/"
+echo "Postiz API   : ${PUBLIC_URL}/app/api/"
+echo "Sync every   : ${SYNC_INTERVAL}s"
+echo "HF backup    : ${HF_TOKEN:+enabled}${HF_TOKEN:-disabled (no HF_TOKEN)}"
+echo ""
+
+# ── Postgres ─────────────────────────────────────────────────────────────────
+PG_BIN="/usr/libexec/postgresql16"
+[ -x "${PG_BIN}/postgres" ] || PG_BIN="/usr/bin"
+
+if [ ! -f "${PGDATA}/PG_VERSION" ]; then
+    echo "Initializing Postgres cluster at ${PGDATA}..."
+    chown -R postgres:postgres "${PGDATA}"
+    su-exec postgres "${PG_BIN}/initdb" -D "${PGDATA}" --locale=C.UTF-8 --encoding=UTF8 >/dev/null
+    echo "host all all 127.0.0.1/32 scram-sha-256" >> "${PGDATA}/pg_hba.conf"
+fi
+
+chown -R postgres:postgres "${PGDATA}"
+
+if ! su-exec postgres "${PG_BIN}/pg_ctl" -D "${PGDATA}" status >/dev/null 2>&1; then
+    echo "Starting Postgres..."
+    su-exec postgres "${PG_BIN}/pg_ctl" -D "${PGDATA}" \
+        -l "${POSTIZ_HOME}/pg.log" \
+        -o "-c listen_addresses='127.0.0.1' -c unix_socket_directories='/var/run/postgresql'" \
+        start >/dev/null
+fi
+
+for _ in $(seq 1 30); do
+    su-exec postgres pg_isready -h 127.0.0.1 >/dev/null 2>&1 && break
+    sleep 1
+done
+
+su-exec postgres psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='postiz'" | grep -q 1 \
+    || su-exec postgres psql -c "CREATE ROLE postiz WITH LOGIN PASSWORD '${DB_PASSWORD}';" >/dev/null
+su-exec postgres psql -c "ALTER ROLE postiz WITH PASSWORD '${DB_PASSWORD}';" >/dev/null
+su-exec postgres psql -tAc "SELECT 1 FROM pg_database WHERE datname='postiz'" | grep -q 1 \
+    || su-exec postgres psql -c "CREATE DATABASE postiz OWNER postiz;" >/dev/null
+
+echo "Postgres ready"
+
+# ── Redis ────────────────────────────────────────────────────────────────────
+echo "Starting Redis..."
+redis-server --daemonize yes \
+    --bind 127.0.0.1 \
+    --port 6379 \
+    --appendonly yes \
+    --dir "${POSTIZ_HOME}/redis" \
+    --logfile /tmp/redis.log
+
+for _ in $(seq 1 10); do
+    redis-cli -h 127.0.0.1 -p 6379 ping 2>/dev/null | grep -q PONG && break
+    sleep 1
+done
+echo "Redis ready"
+
+# ── Restore from HF Dataset ──────────────────────────────────────────────────
+if [ -n "${HF_TOKEN:-}" ]; then
+    echo "Restoring persisted data from HF Dataset..."
+    python3 /opt/postiz-sync.py restore 2>&1 || true
+    if [ -f "${DB_PASSWORD_FILE}" ]; then
+        DB_PASSWORD=$(cat "${DB_PASSWORD_FILE}")
+        export PGPASSWORD="${DB_PASSWORD}"
+        export DATABASE_URL="postgresql://postiz:${DB_PASSWORD}@localhost:5432/postiz"
+    fi
+    su-exec postgres psql -c "ALTER ROLE postiz WITH PASSWORD '${DB_PASSWORD}';" >/dev/null 2>&1 || true
+else
+    echo "HF_TOKEN not set — running without backup persistence"
+    echo "   Add HF_TOKEN as a Space secret to enable DB+uploads backup."
+fi
+
+# ── Cloudflare proxy bootstrap ───────────────────────────────────────────────
+if [ -n "${CLOUDFLARE_WORKERS_TOKEN:-}" ]; then
+    echo "Setting up Cloudflare proxy..."
+    python3 /opt/cloudflare-proxy-setup.py 2>&1 || echo "Cloudflare setup failed; continuing without proxy"
+fi
+
+_CF_ENV="/tmp/huggingpost-cloudflare-proxy.env"
+if [ -f "${_CF_ENV}" ]; then
+    # shellcheck source=/dev/null
+    . "${_CF_ENV}"
+fi
+
+if [ -n "${CLOUDFLARE_PROXY_URL:-}" ] && [ -f /opt/cloudflare-proxy.js ]; then
+    export NODE_OPTIONS="${NODE_OPTIONS:-} --require /opt/cloudflare-proxy.js"
+fi
+
+# ── Background HF sync loop ──────────────────────────────────────────────────
+SYNC_PID=""
+if [ -n "${HF_TOKEN:-}" ]; then
+    (
+        while true; do
+            sleep "$SYNC_INTERVAL"
+            python3 /opt/postiz-sync.py sync 2>&1 || true
+        done
+    ) &
+    SYNC_PID=$!
+fi
+
+# ── Health server (public port 7860) ─────────────────────────────────────────
+node /opt/healthsrv/health-server.js &
+HEALTH_PID=$!
+sleep 1
+
+# ── Postiz: nginx + PM2 (mirrors upstream CMD `nginx && pnpm run pm2`) ───────
+# pm2-run script does: pm2 delete all || true && pnpm run prisma-db-push
+#                      && pnpm run --parallel pm2 && pm2 logs
+echo "Starting nginx + Postiz PM2 procs..."
+cd "${POSTIZ_DIR}"
+( nginx && pnpm run pm2 2>&1 | sed 's/^/[postiz] /' ) &
+POSTIZ_PID=$!
+
+echo "Waiting for nginx (port 5000)..."
+for i in $(seq 1 90); do
+    if curl -sf -m 2 http://127.0.0.1:5000/ >/dev/null 2>&1; then
+        echo "Postiz ready (~$((i*2))s)"
+        break
+    fi
+    sleep 2
+done
+
+echo ""
+echo "  ┌─────────────────────────────────────────────────────┐"
+echo "  │  HuggingPost is live!                               │"
+echo "  │                                                     │"
+echo "  │  Dashboard : ${PUBLIC_URL}/"
+echo "  │  Postiz    : ${PUBLIC_URL}/app/"
+echo "  ��                                                     │"
+echo "  │  Sign up to create the first admin account.         │"
+echo "  └─────────────────────────────────────────────────────┘"
+echo ""
+
+# ── Graceful shutdown ────────────────────────────────────────────────────────
+cleanup() {
+    echo "Shutting down — running final sync..."
+    [ -n "${HEALTH_PID:-}" ] && kill "$HEALTH_PID" 2>/dev/null || true
+    [ -n "${POSTIZ_PID:-}" ] && kill "$POSTIZ_PID" 2>/dev/null || true
+    pm2 kill >/dev/null 2>&1 || true
+    nginx -s quit 2>/dev/null || true
+
+    if [ -n "${SYNC_PID:-}" ]; then
+        kill "$SYNC_PID" 2>/dev/null || true
+        wait "$SYNC_PID" 2>/dev/null || true
+    fi
+
+    if [ -n "${HF_TOKEN:-}" ]; then
+        python3 /opt/postiz-sync.py sync 2>&1 || true
+    fi
+
+    redis-cli -h 127.0.0.1 -p 6379 shutdown nosave 2>/dev/null || true
+    su-exec postgres "${PG_BIN}/pg_ctl" -D "${PGDATA}" stop -m fast 2>/dev/null || true
+    exit 0
+}
+trap cleanup SIGTERM SIGINT
+
+wait "$POSTIZ_PID"