avm/hassio-addons
1
0
Fork 0
mirror of https://github.com/alexbelgium/hassio-addons.git synced 2026-03-12 08:00:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

clean

Browse Source
This commit is contained in:
Alexandre
2026-03-08 07:39:51 +01:00
committed by GitHub
parent a64d707bfb
commit 62a7e8e3a4
9 changed files with 0 additions and 489 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
tor/CHANGELOG.md
View File

@@ -1,52 +0,0 @@
- The Home Assistant project has deprecated support for the armv7, armhf and i386 architectures. Support wil be fully dropped in the upcoming Home Assistant 2025.12 release
- Added support for configuring extra environment variables via the `env_vars` add-on option alongside config.yaml. See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details.
## 5.0.1-1 (2024-08-13)
- Update apparmomr profile to fix start up
## 5.0.1-2 (2024-08-13)
- Align version
## 5.0.1-3 (2024-08-13)
- Add read permission for /etc/s6-overlay/ in apparmor
## 5.0.1-4 (2024-08-14)
- Add execution permission for permission for /etc/s6-overlay/s6-overlay/s6-rc.d/init-tor/run file
## 5.0.2-1 (2025-02-13)
- HTTP tunneling
## 5.0.2-2 (2025-02-13)
- Fix snowflake build
- Lint issues
## 5.0.2-3 (2025-02-13)
- Fix network for http tunel
## 5.0.2-4 (2025-02-13)
- Init build procedure
## 5.0.2-5 (2025-02-13)
- Init build procedure
## 5.0.2-6 (2025-02-13)
- Remove excess depents
## 5.0.3-1 (2025-02-14)
- hassio-addons/base 17.1.5
## 5.0.3-2 (2025-02-16)
- hassio-addons/base 17.2.0

139
tor/README.md
View File

@@ -1,139 +0,0 @@
## ⚠ Open Request : [✨ [REQUEST] Tandoor - Connectors (opened 2025-10-08)](https://github.com/alexbelgium/hassio-addons/issues/2135) by [@blowk](https://github.com/blowk)
## ⚠ Open Issue : [🐛 [LINKWARDEN] Never use STORAGE_FOLDER (opened 2025-10-11)](https://github.com/alexbelgium/hassio-addons/issues/2137) by [@guimex22](https://github.com/guimex22)
# Hass.io Add-ons: Tor with bridges
I maintain this and other Home Assistant add-ons in my free time: keeping up with upstream changes, HA changes, and testing on real hardware takes a lot of time (and some money). I use around 5-10 of my >110 addons so regularly I install test machines (and purchase some test services such as vpn) that I don't use myself to troubleshoot and improve the addons
If this add-on saves you time or makes your setup easier, I would be very grateful for your support!
[![Buy me a coffee][donation-badge]](https://www.buymeacoffee.com/alexbelgium)
[![Donate via PayPal][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA)
## Addon informations
![Version](https://img.shields.io/badge/dynamic/yaml?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.yaml)
![Ingress](https://img.shields.io/badge/dynamic/yaml?label=Ingress&query=%24.ingress&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.yaml)
![Arch](https://img.shields.io/badge/dynamic/yaml?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.yaml)
[![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard?utm_source=github.com&utm_medium=referral&utm_content=alexbelgium/hassio-addons&utm_campaign=Badge_Grade)
[![GitHub Super-Linter](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/weekly-supelinter.yaml?label=Lint%20code%20base)](https://github.com/alexbelgium/hassio-addons/actions/workflows/weekly-supelinter.yaml)
[![Builder](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/onpush_builder.yaml?label=Builder)](https://github.com/alexbelgium/hassio-addons/actions/workflows/onpush_builder.yaml)
[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white
[paypal-badge]: https://img.shields.io/badge/Donate%20via%20PayPal-0070BA?logo=paypal&style=flat&logoColor=white
_Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_
[![Stargazers repo roster for @alexbelgium/hassio-addons](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.github/stars2.svg)](https://github.com/alexbelgium/hassio-addons/stargazers)
![downloads evolution](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/tor/stats.png)
## About
Extended version of the [Tor addon from Home Assistant Community repository](https://github.com/hassio-addons/addon-tor) by supporting multiples bridges protocols WebTunnel, Snowflake and OBFS.
## Installation
The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on.
1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA)
[![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons)
1. Install this add-on.
1. Click the `Save` button to store your configuration.
1. Set the add-on options to your preferences
1. Start the add-on.
1. Check the logs of the add-on to see if everything went well.
1. Open the webUI and adapt the software options
## Configuration
Use the add-on `env_vars` option to pass extra environment variables (uppercase or lowercase names). See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details.
Configurations can be done through the app webUI, except for the following options.
### Options
| Option | Type | Default | Description |
|--------|------|---------|-------------|
| `hidden_services` | bool | `true` | Enable Tor hidden services |
| `http_tunnel` | bool | `false` | Enable HTTP tunnel on port 9080 |
| `socks` | bool | `false` | Enable SOCKS proxy |
| `stealth` | bool | `false` | Enable stealth mode |
| `bridges` | list | `[]` | List of bridge configurations |
| `client_names` | list | `[]` | Client names for stealth authentication |
| `ports` | list | `["8123", "8123:80"]` | Ports to expose via Tor |
| `log_level` | list | | Log level (trace/debug/info/notice/warning/error/fatal) |
You should follow the initial guide for configuring base addon options. Here are the extra options specific to this extended version:
### Option: `http_tunnel`
Setting this option to true opens port 9080 to listen for connections from HTTP-speaking applications. Enabling this feature allows you to use other applications on your network to use the Tor network via http proxy.
### Option: `bridges`
> Ensure the option value is clear to avoid unintended use of transport plugins and bridges.
Bridges are Tor relays that help you circumvent censorship.
Access to bridges is provided by supported transport plugins:
#### OBFS
Because bridge addresses are not public, you will need to request them yourself. You have a few options:
- Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or
- Email `bridges@torproject.org` from a Gmail, or Riseup email address
- Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat.
For example:
```yaml
bridges:
- >-
obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4
cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA
iat-mode=0
```
#### Webtunnel
Visit [Tor][tor-bridges-webtunnel] project and follow the instructions
For example:
```yaml
bridges:
- >-
webtunnel 192.0.2.3:1
DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
ver=0.0.1
```
#### Snowflake
What is [snowflake][what-is-snowflake], example:
```yaml
bridges:
- >-
snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72
fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72
url=https://snowflake-broker.torproject.net/
ampcache=https://cdn.ampproject.org/
front=www.google.com
ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
utls-imitate=hellorandomizedalpn
```
## Support
If you have in issue with your installation, please be sure to checkout github.
[tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en
[tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4
[tor-bridges-webtunnel]: https://bridges.torproject.org/bridges/?transport=webtunnel
[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/

6
tor/build.json
View File

@@ -1,6 +0,0 @@
{
"build_from": {
"aarch64": "ghcr.io/hassio-addons/base:17.2.0",
"amd64": "ghcr.io/hassio-addons/base:17.2.0"
}
}

45
tor/config.yaml
View File

@@ -1,45 +0,0 @@
arch:
- aarch64
- amd64
description: Protect your privacy and access Home Assistant via Tor
image: ghcr.io/alexbelgium/tor-{arch}
init: false
map:
- ssl:rw
name: Tor with bridges
options:
env_vars: []
bridges: []
client_names: []
hidden_services: true
http_tunnel: false
ports:
- "8123"
- 8123:80
socks: false
stealth: false
ports:
9050/tcp: 9050
9080/tcp: 9080
ports_description:
9050/tcp: Tor SOCKS proxy port
9080/tcp: Tor HTTP tunnel port
schema:
env_vars:
- name: match(^[A-Za-z0-9_]+$)
value: str?
bridges:
- str
client_names:
- match(^[A-Za-z0-9+-_]{1,16}$)
hidden_services: bool
http_tunnel: bool
log_level: list(trace|debug|info|notice|warning|error|fatal)?
ports:
- match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$)
socks: bool
stealth: bool
slug: tor
startup: services
url: https://github.com/alexbelgium/hassio-addons
version: 5.0.3-2

BIN
tor/icon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.1 KiB

BIN
tor/logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 12 KiB

237
tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run
View File

@@ -1,237 +0,0 @@
#!/command/with-contenv bashio
# shellcheck shell=bash
# ==============================================================================
# Home Assistant Community Add-on: Tor
# Prepares the add-on for startup
# ==============================================================================
declare address
declare clientname
declare host
declare key
declare log_level
declare port
declare private_key
declare public_key
declare target_port
declare virtual_port
readonly torrc='/etc/tor/torrc'
readonly hidden_service_dir='/ssl/tor/hidden_service'
readonly authorized_clients_dir="${hidden_service_dir}/authorized_clients"
readonly clients_dir="${hidden_service_dir}/clients"
readonly hostname_file="${hidden_service_dir}/hostname"
# A hidden service without any ports is kinda useless
if bashio::config.true 'hidden_services' \
&& ! bashio::config.has_value 'ports'; then
bashio::log.fatal
bashio::log.fatal 'Add-on configuration is incomplete.'
bashio::log.fatal
bashio::log.fatal 'Hidden services where enabled, using the'
bashio::log.fatal '"hidden_services" add-on configuration option,'
bashio::log.fatal 'But the "port" option does not contain any values!'
bashio::log.fatal
bashio::log.fatal 'Please configure the "ports" option.'
bashio::exit.nok
fi
# Checks if client names where configured when using stealth mode
if bashio::config.true 'hidden_services' \
&& bashio::config.true 'stealth' \
&& ! bashio::config.has_value 'client_names'; then
bashio::log.fatal
bashio::log.fatal 'Add-on configuration is incomplete.'
bashio::log.fatal
bashio::log.fatal 'Stealth mode is enabled, using the "stealth" add-on'
bashio::log.fatal 'configuration option, but there are no client names'
bashio::log.fatal 'configured in the "client_names" add-on option.'
bashio::log.fatal
bashio::log.fatal 'Please configure the "client_names" option.'
bashio::exit.nok
fi
# Created needed directories
mkdir -p \
"${authorized_clients_dir}" \
"${clients_dir}" \
"${hidden_service_dir}" \
|| bashio::exit.nok 'Could not create tor data directories'
chmod -R 0700 /ssl/tor
# Find the matching Tor log level
if bashio::config.has_value 'log_level'; then
case "$(bashio::string.lower "$(bashio::config 'log_level')")" in
all | trace)
log_level="debug"
;;
debug)
log_level="info"
;;
info | notice)
log_level="notice"
;;
warning)
log_level="warn"
;;
error | fatal | off)
log_level="err"
;;
esac
echo "Log ${log_level} stdout" >> "${torrc}"
fi
# Configure Socks proxy
if bashio::config.true 'socks'; then
echo 'SOCKSPort 0.0.0.0:9050' >> "${torrc}"
else
echo 'SOCKSPort 127.0.0.1:9050' >> "${torrc}"
fi
# Configure Http tunnel port
if bashio::config.true 'http_tunnel'; then
echo 'HTTPTunnelPort 0.0.0.0:9080' >> "${torrc}"
fi
# Configure hidden services
if bashio::config.true 'hidden_services'; then
echo "HiddenServiceDir ${hidden_service_dir}" >> "${torrc}"
for port in $(bashio::config 'ports'); do
count=$(echo "${port}" | sed 's/[^:]//g' | awk '{ print length }')
if [[ "${count}" == 0 ]]; then
host='homeassistant'
virtual_port="${port}"
target_port="${port}"
elif [[ "${count}" == 1 ]]; then
# Check if format is hostname/ip:port or port:port
first=$(echo "${port}" | cut -f1 -d:)
if [[ "${first}" =~ ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]) ]]; then
host='homeassistant'
virtual_port=$(echo "${port}" | cut -f1 -d:)
target_port=$(echo "${port}" | cut -f2 -d:)
else
host=$(echo "${port}" | cut -f1 -d:)
virtual_port=$(echo "${port}" | cut -f2 -d:)
target_port=$(echo "${port}" | cut -f2 -d:)
fi
elif [[ "${count}" == 2 ]]; then
host=$(echo "${port}" | cut -f1 -d:)
virtual_port=$(echo "${port}" | cut -f2 -d:)
target_port=$(echo "${port}" | cut -f3 -d:)
else
bashio::log.warning "$port Are not correct format, skipping..."
fi
if [[ "${count}" -le 2 ]]; then
echo "HiddenServicePort ${target_port} ${host}:${virtual_port}" \
>> "${torrc}"
fi
done
fi
# Configure bridges
if bashio::config.exists 'bridges' \
&& ! bashio::config.is_empty 'bridges'; then
bashio::log.info 'Use bridges:'
echo "UseBridges 1" >> "${torrc}"
# Add client for OBFS transport
echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}"
# Add client for Snowflake transport
echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}"
# Add client for WebTunnel transport
echo "ClientTransportPlugin webtunnel exec /usr/local/bin/webtunnel" >> "${torrc}"
# Add bridges
while read -r bridge; do
bashio::log.info "Bridge ${bridge}"
echo "Bridge ${bridge}" >> "${torrc}"
done <<< "$(bashio::config 'bridges')"
fi
# Figure out the address
if bashio::config.true 'hidden_services'; then
bashio::log.info 'Starting Tor temporarly...'
exec 3< <(tor)
until bashio::fs.file_exists "${hostname_file}"; do
bashio::log.info "Waiting for service to start..."
sleep 1
done
address=$(< "${hostname_file}")
grep -m 1 "Bootstrapped 100% (done): Done" <&3 > /dev/null 2>&1
kill "$(pgrep tor)" > /dev/null 2>&1
bashio::log.info '---------------------------------------------------------'
bashio::log.info 'Your Home Assistant instance is available on Tor!'
bashio::log.info "Address: ${address}"
bashio::log.info '---------------------------------------------------------'
fi
# Configure stealth mode
if bashio::config.true 'hidden_services' && bashio::config.true 'stealth'; then
# Following the documentation at:
# https://community.torproject.org/onion-services/advanced/client-auth/
while read -r clientname; do
# Generate key is they do not exist yet
if ! bashio::fs.file_exists "${authorized_clients_dir}/${clientname}.auth"; then
key=$(openssl genpkey -algorithm x25519)
private_key=$(
sed \
-e '/----.*PRIVATE KEY----\|^[[:space:]]*$/d' \
<<< "${key}" \
| base64 -d \
| tail -c 32 \
| base32 \
| sed 's/=//g'
)
public_key=$(
openssl pkey -pubout \
<<< "${key}" \
| sed -e '/----.*PUBLIC KEY----\|^[[:space:]]*$/d' \
| base64 -d \
| tail -c 32 \
| base32 \
| sed 's/=//g'
)
# Create authorized client file
echo "descriptor:x25519:${public_key}" \
> "${clients_dir}/${clientname}.auth"
echo "descriptor:x25519:${public_key}" \
> "${authorized_clients_dir}/${clientname}.auth"
# Create private key file
echo "${private_key}" \
> "${clients_dir}/${clientname}.key.txt"
echo "${address%.onion}:descriptor:x25519:${private_key}" \
> "${clients_dir}/${clientname}.auth_private"
bashio::log.red
bashio::log.red
bashio::log.red "Created keys for ${clientname}!"
bashio::log.red
bashio::log.red "Keys are stored in:"
bashio::log.red "${clients_dir}"
bashio::log.red
bashio::log.red "Public key":
bashio::log.red "${public_key}"
bashio::log.red
bashio::log.red "Private key:"
bashio::log.red "${private_key}"
bashio::log.red
bashio::log.red
else
bashio::log.info "Keys for ${clientname} already exists; skipping..."
fi
done <<< "$(bashio::config 'client_names')"
echo 'HiddenServiceAllowUnknownPorts 0' >> "${torrc}"
fi

10
tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run
View File

@@ -1,10 +0,0 @@
#!/command/with-contenv bashio
# shellcheck shell=bash
# ==============================================================================
# Home Assistant Community Add-on: Tor
# Runs the Tor daemon
# ==============================================================================
bashio::log.info "Starting Tor..."
# Run the Tor daemon
exec tor

BIN
tor/stats.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.7 KiB