diff --git a/tor/CHANGELOG.md b/tor/CHANGELOG.md deleted file mode 100644 index 1ef382d84..000000000 --- a/tor/CHANGELOG.md +++ /dev/null @@ -1,52 +0,0 @@ -- The Home Assistant project has deprecated support for the armv7, armhf and i386 architectures. Support wil be fully dropped in the upcoming Home Assistant 2025.12 release - -- Added support for configuring extra environment variables via the `env_vars` add-on option alongside config.yaml. See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details. - -## 5.0.1-1 (2024-08-13) - -- Update apparmomr profile to fix start up - -## 5.0.1-2 (2024-08-13) - -- Align version - -## 5.0.1-3 (2024-08-13) - -- Add read permission for /etc/s6-overlay/ in apparmor - -## 5.0.1-4 (2024-08-14) - -- Add execution permission for permission for /etc/s6-overlay/s6-overlay/s6-rc.d/init-tor/run file - -## 5.0.2-1 (2025-02-13) - -- HTTP tunneling - -## 5.0.2-2 (2025-02-13) - -- Fix snowflake build -- Lint issues - -## 5.0.2-3 (2025-02-13) - -- Fix network for http tunel - -## 5.0.2-4 (2025-02-13) - -- Init build procedure - -## 5.0.2-5 (2025-02-13) - -- Init build procedure - -## 5.0.2-6 (2025-02-13) - -- Remove excess depents - -## 5.0.3-1 (2025-02-14) - -- hassio-addons/base 17.1.5 - -## 5.0.3-2 (2025-02-16) - -- hassio-addons/base 17.2.0 diff --git a/tor/README.md b/tor/README.md deleted file mode 100644 index 75e15981e..000000000 --- a/tor/README.md +++ /dev/null @@ -1,139 +0,0 @@ -## ⚠ Open Request : [✨ [REQUEST] Tandoor - Connectors (opened 2025-10-08)](https://github.com/alexbelgium/hassio-addons/issues/2135) by [@blowk](https://github.com/blowk) -## ⚠ Open Issue : [🐛 [LINKWARDEN] Never use STORAGE_FOLDER (opened 2025-10-11)](https://github.com/alexbelgium/hassio-addons/issues/2137) by [@guimex22](https://github.com/guimex22) -# Hass.io Add-ons: Tor with bridges - - -I maintain this and other Home Assistant add-ons in my free time: keeping up with upstream changes, HA changes, and testing on real hardware takes a lot of time (and some money). I use around 5-10 of my >110 addons so regularly I install test machines (and purchase some test services such as vpn) that I don't use myself to troubleshoot and improve the addons - -If this add-on saves you time or makes your setup easier, I would be very grateful for your support! - -[![Buy me a coffee][donation-badge]](https://www.buymeacoffee.com/alexbelgium) -[![Donate via PayPal][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA) - -## Addon informations - -![Version](https://img.shields.io/badge/dynamic/yaml?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.yaml) -![Ingress](https://img.shields.io/badge/dynamic/yaml?label=Ingress&query=%24.ingress&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.yaml) -![Arch](https://img.shields.io/badge/dynamic/yaml?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.yaml) - -[![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard?utm_source=github.com&utm_medium=referral&utm_content=alexbelgium/hassio-addons&utm_campaign=Badge_Grade) -[![GitHub Super-Linter](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/weekly-supelinter.yaml?label=Lint%20code%20base)](https://github.com/alexbelgium/hassio-addons/actions/workflows/weekly-supelinter.yaml) -[![Builder](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/onpush_builder.yaml?label=Builder)](https://github.com/alexbelgium/hassio-addons/actions/workflows/onpush_builder.yaml) - -[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white -[paypal-badge]: https://img.shields.io/badge/Donate%20via%20PayPal-0070BA?logo=paypal&style=flat&logoColor=white - -_Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_ - -[![Stargazers repo roster for @alexbelgium/hassio-addons](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.github/stars2.svg)](https://github.com/alexbelgium/hassio-addons/stargazers) - -![downloads evolution](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/tor/stats.png) - -## About - -Extended version of the [Tor addon from Home Assistant Community repository](https://github.com/hassio-addons/addon-tor) by supporting multiples bridges protocols WebTunnel, Snowflake and OBFS. - -## Installation - -The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on. - -1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA) - [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) -1. Install this add-on. -1. Click the `Save` button to store your configuration. -1. Set the add-on options to your preferences -1. Start the add-on. -1. Check the logs of the add-on to see if everything went well. -1. Open the webUI and adapt the software options - -## Configuration - -Use the add-on `env_vars` option to pass extra environment variables (uppercase or lowercase names). See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details. - -Configurations can be done through the app webUI, except for the following options. - -### Options - -| Option | Type | Default | Description | -|--------|------|---------|-------------| -| `hidden_services` | bool | `true` | Enable Tor hidden services | -| `http_tunnel` | bool | `false` | Enable HTTP tunnel on port 9080 | -| `socks` | bool | `false` | Enable SOCKS proxy | -| `stealth` | bool | `false` | Enable stealth mode | -| `bridges` | list | `[]` | List of bridge configurations | -| `client_names` | list | `[]` | Client names for stealth authentication | -| `ports` | list | `["8123", "8123:80"]` | Ports to expose via Tor | -| `log_level` | list | | Log level (trace/debug/info/notice/warning/error/fatal) | - -You should follow the initial guide for configuring base addon options. Here are the extra options specific to this extended version: - -### Option: `http_tunnel` - -Setting this option to true opens port 9080 to listen for connections from HTTP-speaking applications. Enabling this feature allows you to use other applications on your network to use the Tor network via http proxy. - -### Option: `bridges` - -> Ensure the option value is clear to avoid unintended use of transport plugins and bridges. - -Bridges are Tor relays that help you circumvent censorship. -Access to bridges is provided by supported transport plugins: - -#### OBFS - -Because bridge addresses are not public, you will need to request them yourself. You have a few options: - -- Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or -- Email `bridges@torproject.org` from a Gmail, or Riseup email address -- Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat. - -For example: - -```yaml -bridges: - - >- - obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4 - cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA - iat-mode=0 -``` - -#### Webtunnel - -Visit [Tor][tor-bridges-webtunnel] project and follow the instructions - -For example: - -```yaml -bridges: - - >- - webtunnel 192.0.2.3:1 - DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF - url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0 - ver=0.0.1 -``` - -#### Snowflake - -What is [snowflake][what-is-snowflake], example: - -```yaml -bridges: - - >- - snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 - fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 - url=https://snowflake-broker.torproject.net/ - ampcache=https://cdn.ampproject.org/ - front=www.google.com - ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 - utls-imitate=hellorandomizedalpn -``` - -## Support - -If you have in issue with your installation, please be sure to checkout github. - -[tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en -[tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4 -[tor-bridges-webtunnel]: https://bridges.torproject.org/bridges/?transport=webtunnel -[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/ - - diff --git a/tor/build.json b/tor/build.json deleted file mode 100644 index b9f7a012e..000000000 --- a/tor/build.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "build_from": { - "aarch64": "ghcr.io/hassio-addons/base:17.2.0", - "amd64": "ghcr.io/hassio-addons/base:17.2.0" - } -} diff --git a/tor/config.yaml b/tor/config.yaml deleted file mode 100644 index 44a44afd8..000000000 --- a/tor/config.yaml +++ /dev/null @@ -1,45 +0,0 @@ -arch: - - aarch64 - - amd64 -description: Protect your privacy and access Home Assistant via Tor -image: ghcr.io/alexbelgium/tor-{arch} -init: false -map: - - ssl:rw -name: Tor with bridges -options: - env_vars: [] - bridges: [] - client_names: [] - hidden_services: true - http_tunnel: false - ports: - - "8123" - - 8123:80 - socks: false - stealth: false -ports: - 9050/tcp: 9050 - 9080/tcp: 9080 -ports_description: - 9050/tcp: Tor SOCKS proxy port - 9080/tcp: Tor HTTP tunnel port -schema: - env_vars: - - name: match(^[A-Za-z0-9_]+$) - value: str? - bridges: - - str - client_names: - - match(^[A-Za-z0-9+-_]{1,16}$) - hidden_services: bool - http_tunnel: bool - log_level: list(trace|debug|info|notice|warning|error|fatal)? - ports: - - match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$) - socks: bool - stealth: bool -slug: tor -startup: services -url: https://github.com/alexbelgium/hassio-addons -version: 5.0.3-2 diff --git a/tor/icon.png b/tor/icon.png deleted file mode 100644 index 0574e582b..000000000 Binary files a/tor/icon.png and /dev/null differ diff --git a/tor/logo.png b/tor/logo.png deleted file mode 100644 index 26553d546..000000000 Binary files a/tor/logo.png and /dev/null differ diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run deleted file mode 100755 index 0dba87d38..000000000 --- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run +++ /dev/null @@ -1,237 +0,0 @@ -#!/command/with-contenv bashio -# shellcheck shell=bash -# ============================================================================== -# Home Assistant Community Add-on: Tor -# Prepares the add-on for startup -# ============================================================================== -declare address -declare clientname -declare host -declare key -declare log_level -declare port -declare private_key -declare public_key -declare target_port -declare virtual_port - -readonly torrc='/etc/tor/torrc' -readonly hidden_service_dir='/ssl/tor/hidden_service' -readonly authorized_clients_dir="${hidden_service_dir}/authorized_clients" -readonly clients_dir="${hidden_service_dir}/clients" -readonly hostname_file="${hidden_service_dir}/hostname" - -# A hidden service without any ports is kinda useless -if bashio::config.true 'hidden_services' \ - && ! bashio::config.has_value 'ports'; then - bashio::log.fatal - bashio::log.fatal 'Add-on configuration is incomplete.' - bashio::log.fatal - bashio::log.fatal 'Hidden services where enabled, using the' - bashio::log.fatal '"hidden_services" add-on configuration option,' - bashio::log.fatal 'But the "port" option does not contain any values!' - bashio::log.fatal - bashio::log.fatal 'Please configure the "ports" option.' - bashio::exit.nok -fi - -# Checks if client names where configured when using stealth mode -if bashio::config.true 'hidden_services' \ - && bashio::config.true 'stealth' \ - && ! bashio::config.has_value 'client_names'; then - bashio::log.fatal - bashio::log.fatal 'Add-on configuration is incomplete.' - bashio::log.fatal - bashio::log.fatal 'Stealth mode is enabled, using the "stealth" add-on' - bashio::log.fatal 'configuration option, but there are no client names' - bashio::log.fatal 'configured in the "client_names" add-on option.' - bashio::log.fatal - bashio::log.fatal 'Please configure the "client_names" option.' - bashio::exit.nok -fi - -# Created needed directories -mkdir -p \ - "${authorized_clients_dir}" \ - "${clients_dir}" \ - "${hidden_service_dir}" \ - || bashio::exit.nok 'Could not create tor data directories' -chmod -R 0700 /ssl/tor - -# Find the matching Tor log level -if bashio::config.has_value 'log_level'; then - case "$(bashio::string.lower "$(bashio::config 'log_level')")" in - all | trace) - log_level="debug" - ;; - debug) - log_level="info" - ;; - info | notice) - log_level="notice" - ;; - warning) - log_level="warn" - ;; - error | fatal | off) - log_level="err" - ;; - esac - - echo "Log ${log_level} stdout" >> "${torrc}" -fi - -# Configure Socks proxy -if bashio::config.true 'socks'; then - echo 'SOCKSPort 0.0.0.0:9050' >> "${torrc}" -else - echo 'SOCKSPort 127.0.0.1:9050' >> "${torrc}" -fi - -# Configure Http tunnel port -if bashio::config.true 'http_tunnel'; then - echo 'HTTPTunnelPort 0.0.0.0:9080' >> "${torrc}" -fi - -# Configure hidden services -if bashio::config.true 'hidden_services'; then - echo "HiddenServiceDir ${hidden_service_dir}" >> "${torrc}" - - for port in $(bashio::config 'ports'); do - count=$(echo "${port}" | sed 's/[^:]//g' | awk '{ print length }') - if [[ "${count}" == 0 ]]; then - host='homeassistant' - virtual_port="${port}" - target_port="${port}" - elif [[ "${count}" == 1 ]]; then - # Check if format is hostname/ip:port or port:port - first=$(echo "${port}" | cut -f1 -d:) - if [[ "${first}" =~ ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]) ]]; then - host='homeassistant' - virtual_port=$(echo "${port}" | cut -f1 -d:) - target_port=$(echo "${port}" | cut -f2 -d:) - else - host=$(echo "${port}" | cut -f1 -d:) - virtual_port=$(echo "${port}" | cut -f2 -d:) - target_port=$(echo "${port}" | cut -f2 -d:) - fi - elif [[ "${count}" == 2 ]]; then - host=$(echo "${port}" | cut -f1 -d:) - virtual_port=$(echo "${port}" | cut -f2 -d:) - target_port=$(echo "${port}" | cut -f3 -d:) - else - bashio::log.warning "$port Are not correct format, skipping..." - fi - if [[ "${count}" -le 2 ]]; then - echo "HiddenServicePort ${target_port} ${host}:${virtual_port}" \ - >> "${torrc}" - fi - done -fi - -# Configure bridges -if bashio::config.exists 'bridges' \ - && ! bashio::config.is_empty 'bridges'; then - bashio::log.info 'Use bridges:' - echo "UseBridges 1" >> "${torrc}" - - # Add client for OBFS transport - echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}" - - # Add client for Snowflake transport - echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}" - - # Add client for WebTunnel transport - echo "ClientTransportPlugin webtunnel exec /usr/local/bin/webtunnel" >> "${torrc}" - - # Add bridges - while read -r bridge; do - bashio::log.info "Bridge ${bridge}" - echo "Bridge ${bridge}" >> "${torrc}" - done <<< "$(bashio::config 'bridges')" -fi - -# Figure out the address -if bashio::config.true 'hidden_services'; then - bashio::log.info 'Starting Tor temporarly...' - - exec 3< <(tor) - - until bashio::fs.file_exists "${hostname_file}"; do - bashio::log.info "Waiting for service to start..." - sleep 1 - done - - address=$(< "${hostname_file}") - grep -m 1 "Bootstrapped 100% (done): Done" <&3 > /dev/null 2>&1 - - kill "$(pgrep tor)" > /dev/null 2>&1 - - bashio::log.info '---------------------------------------------------------' - bashio::log.info 'Your Home Assistant instance is available on Tor!' - bashio::log.info "Address: ${address}" - bashio::log.info '---------------------------------------------------------' -fi - -# Configure stealth mode -if bashio::config.true 'hidden_services' && bashio::config.true 'stealth'; then - # Following the documentation at: - # https://community.torproject.org/onion-services/advanced/client-auth/ - while read -r clientname; do - # Generate key is they do not exist yet - if ! bashio::fs.file_exists "${authorized_clients_dir}/${clientname}.auth"; then - key=$(openssl genpkey -algorithm x25519) - - private_key=$( - sed \ - -e '/----.*PRIVATE KEY----\|^[[:space:]]*$/d' \ - <<< "${key}" \ - | base64 -d \ - | tail -c 32 \ - | base32 \ - | sed 's/=//g' - ) - - public_key=$( - openssl pkey -pubout \ - <<< "${key}" \ - | sed -e '/----.*PUBLIC KEY----\|^[[:space:]]*$/d' \ - | base64 -d \ - | tail -c 32 \ - | base32 \ - | sed 's/=//g' - ) - - # Create authorized client file - echo "descriptor:x25519:${public_key}" \ - > "${clients_dir}/${clientname}.auth" - echo "descriptor:x25519:${public_key}" \ - > "${authorized_clients_dir}/${clientname}.auth" - - # Create private key file - echo "${private_key}" \ - > "${clients_dir}/${clientname}.key.txt" - echo "${address%.onion}:descriptor:x25519:${private_key}" \ - > "${clients_dir}/${clientname}.auth_private" - - bashio::log.red - bashio::log.red - bashio::log.red "Created keys for ${clientname}!" - bashio::log.red - bashio::log.red "Keys are stored in:" - bashio::log.red "${clients_dir}" - bashio::log.red - bashio::log.red "Public key": - bashio::log.red "${public_key}" - bashio::log.red - bashio::log.red "Private key:" - bashio::log.red "${private_key}" - bashio::log.red - bashio::log.red - else - bashio::log.info "Keys for ${clientname} already exists; skipping..." - fi - done <<< "$(bashio::config 'client_names')" - - echo 'HiddenServiceAllowUnknownPorts 0' >> "${torrc}" -fi diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run deleted file mode 100755 index a82250d13..000000000 --- a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run +++ /dev/null @@ -1,10 +0,0 @@ -#!/command/with-contenv bashio -# shellcheck shell=bash -# ============================================================================== -# Home Assistant Community Add-on: Tor -# Runs the Tor daemon -# ============================================================================== -bashio::log.info "Starting Tor..." - -# Run the Tor daemon -exec tor diff --git a/tor/stats.png b/tor/stats.png deleted file mode 100644 index 23c5a6463..000000000 Binary files a/tor/stats.png and /dev/null differ