diff --git a/.github/paths-filter.yml b/.github/paths-filter.yml index a469c951b..4813f3b0b 100644 --- a/.github/paths-filter.yml +++ b/.github/paths-filter.yml @@ -90,6 +90,7 @@ spotweb: spotweb/config.* # Image : yes tandoor_recipes: tandoor_recipes/config.* # Image : yes tdarr: tdarr/config.* # Image : yes teamspeak: teamspeak/config.* # Image : yes +tor: tor/config.* # Image : yes transmission: transmission/config.* # Image : yes transmission_openvpn: transmission_openvpn/config.* # Image : yes ubooquity: ubooquity/config.* # Image : yes diff --git a/README.md b/README.md index db61123ee..693da365b 100644 --- a/README.md +++ b/README.md @@ -794,6 +794,13 @@ If you want to do add the repository manually, please follow the procedure highl ![amd64][amd64-badge] ![armv7][armv7-badge] +✓ [Tor with bridges](tor/) : Copy of official comunity addon with additional bridges supporting + +  ![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json) +![aarch64][aarch64-badge] +![amd64][amd64-badge] +![armv7][armv7-badge] + ✓ ![image](https://api.iconify.design/mdi/transmission-tower.svg) [Transmission](transmission/) : Bittorrent client based on linuxserver image   ![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftransmission%2Fconfig.json) diff --git a/tor/Dockerfile b/tor/Dockerfile new file mode 100644 index 000000000..2510ec5c6 --- /dev/null +++ b/tor/Dockerfile @@ -0,0 +1,92 @@ +ARG BUILD_FROM=ghcr.io/hassio-addons/base:16.2.0 +# hadolint ignore=DL3006 +FROM ${BUILD_FROM} + +# Set shell +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Copy root filesystem +COPY rootfs / + +# Setup base +RUN \ + apk add --no-cache \ + coreutils=9.5-r1 \ + openssl=3.3.1-r3 \ + tor=0.4.8.12-r0 \ + go=1.22.5-r0 \ + git=2.45.2-r0 \ + ca-certificates=20240705-r0 \ + libcap=2.70-r0 + +# Download pluggable-transports sources +WORKDIR /go +ARG OBFS_VERSION=obfs4proxy-0.0.14 +ARG SNOWFLAKE_VERSION=v2.9.2 +ARG WEBTUNNEL_VERSION=e64b1b3562f3ab50d06141ecd513a21ec74fe8c6 +RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \ + && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ + && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git + +# Build obfs4proxy +WORKDIR /go/obfs4 +RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy + +# Build snowflake +WORKDIR /go/snowflake/client +RUN go get \ + && go build -o /usr/local/bin/snowflake + +# Build webtunnel +WORKDIR /go/webtunnel/main/client +RUN git reset --hard ${WEBTUNNEL_VERSION} \ + && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel + +# Clean up after build +WORKDIR / +RUN rm -rf /go + +# Give transports clients the capability to bind privileged port. +RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ + && setcap 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ + && setcap 'cap_net_bind_service=+ep' /usr/local/bin/webtunnel + +HEALTHCHECK \ + --start-period=60m \ + --interval=60s \ + --timeout=30s \ + CMD curl \ + --silent \ + --location \ + --socks5-hostname localhost:9050 \ + https://check.torproject.org/?lang=en_US \ + | grep -qm1 Congratulations + +# Build arguments +ARG BUILD_ARCH +ARG BUILD_DATE +ARG BUILD_DESCRIPTION +ARG BUILD_NAME +ARG BUILD_REF +ARG BUILD_REPOSITORY +ARG BUILD_VERSION + +# Labels +LABEL \ + io.hass.name="${BUILD_NAME}" \ + io.hass.description="${BUILD_DESCRIPTION}" \ + io.hass.arch="${BUILD_ARCH}" \ + io.hass.type="addon" \ + io.hass.version=${BUILD_VERSION} \ + maintainer="Franck Nijhof " \ + org.opencontainers.image.title="${BUILD_NAME}" \ + org.opencontainers.image.description="${BUILD_DESCRIPTION}" \ + org.opencontainers.image.vendor="Home Assistant Community Add-ons" \ + org.opencontainers.image.authors="Franck Nijhof " \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.url="https://addons.community" \ + org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \ + org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.revision=${BUILD_REF} \ + org.opencontainers.image.version=${BUILD_VERSION} diff --git a/tor/README.md b/tor/README.md new file mode 100644 index 000000000..a735be490 --- /dev/null +++ b/tor/README.md @@ -0,0 +1,107 @@ +# Hass.io Add-ons: Tor with bridges + +[![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium) +[![Donate][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA) + +![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json) +![Ingress](https://img.shields.io/badge/dynamic/json?label=Ingress&query=%24.ingress&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json) +![Arch](https://img.shields.io/badge/dynamic/json?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json) + +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard?utm_source=github.com&utm_medium=referral&utm_content=alexbelgium/hassio-addons&utm_campaign=Badge_Grade) +[![GitHub Super-Linter](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/weekly-supelinter.yaml?label=Lint%20code%20base)](https://github.com/alexbelgium/hassio-addons/actions/workflows/weekly-supelinter.yaml) +[![Builder](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/onpush_builder.yaml?label=Builder)](https://github.com/alexbelgium/hassio-addons/actions/workflows/onpush_builder.yaml) + +[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20(no%20paypal)-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white +[paypal-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20with%20Paypal-0070BA?logo=paypal&style=flat&logoColor=white + +_Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_ + +[![Stargazers repo roster for @alexbelgium/hassio-addons](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.github/stars2.svg)](https://github.com/alexbelgium/hassio-addons/stargazers) + +![downloads evolution](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/tor/stats.png) + +## About + +Extended version of the [Tor addon from Home Assistant Community repository](https://github.com/hassio-addons/addon-tor) by supporting multiples bridges protocols WebTunnel, Snowflake and OBFS. + +## Installation + +The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on. + +1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA) + [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) +1. Install this add-on. +1. Click the `Save` button to store your configuration. +1. Set the add-on options to your preferences +1. Start the add-on. +1. Check the logs of the add-on to see if everything went well. +1. Open the webUI and adapt the software options + +## Configuration + +You should follow to the initial guide for configuring base addon options. Here will described only extra options in comparisons with base: + +### Option: `bridges` + +> Ensure the option value is clear to avoid unintended use of transport plugins and bridges. + +Bridges are Tor relays that help you circumvent censorship. +Access to bridges is provided by supported transport plugins: + +#### OBFS + +Because bridge addresses are not public, you will need to request them yourself. You have a few options: + +- Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or +- Email `bridges@torproject.org` from a Gmail, or Riseup email address +- Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat. + +For example: + +```yaml +bridges: + - >- + obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4 + cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA + iat-mode=0 +``` + +#### Webtunnel + +Visit [Tor][tor-bridges-webtunnel] project and follow the instructions + +For example: + +```yaml +bridges: + - >- + webtunnel 192.0.2.3:1 + DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF + url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0 + ver=0.0.1 +``` + +#### Snowflake + +What is [snowflake][what-is-snowflake], example: + +```yaml +bridges: + - >- + snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 + fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 + url=https://snowflake-broker.torproject.net/ + ampcache=https://cdn.ampproject.org/ + front=www.google.com + ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 + utls-imitate=hellorandomizedalpn +``` + +## Support + +If you have in issue with your installation, please be sure to checkout github. + +[tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en +[tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4 +[tor-bridges-webtunnel]: https://bridges.torproject.org/bridges/?transport=webtunnel +[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/ diff --git a/tor/apparmor.txt b/tor/apparmor.txt new file mode 100644 index 000000000..3b1b9303f --- /dev/null +++ b/tor/apparmor.txt @@ -0,0 +1,66 @@ +#include + +profile tor_addon flags=(attach_disconnected,mediate_deleted) { + #include + + capability, + file, + signal, + mount, + umount, + remount, + network udp, + network tcp, + network dgram, + network stream, + network inet, + network inet6, + network netlink raw, + network unix dgram, + + capability setgid, + capability setuid, + capability sys_admin, + capability dac_read_search, + # capability dac_override, + # capability sys_rawio, + +# S6-Overlay + /init ix, + /run/{s6,s6-rc*,service}/** ix, + /package/** ix, + /command/** ix, + /run/{,**} rwk, + /dev/tty rw, + /bin/** ix, + /usr/bin/** ix, + /usr/lib/bashio/** ix, + /etc/s6/** rix, + /run/s6/** rix, + /etc/services.d/** rwix, + /etc/cont-init.d/** rwix, + /etc/cont-finish.d/** rwix, + /init rix, + /var/run/** mrwkl, + /var/run/ mrwkl, + /dev/i2c-1 mrwkl, + # Files required + /dev/fuse mrwkl, + /dev/sda1 mrwkl, + /dev/sdb1 mrwkl, + /dev/nvme0 mrwkl, + /dev/nvme1 mrwkl, + /dev/mmcblk0p1 mrwkl, + /dev/* mrwkl, + /tmp/** mrkwl, + + # Data access + /data/** rw, + + # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container + ptrace (trace,read) peer=docker-default, + + # docker daemon confinement requires explict allow rule for signal + signal (receive) set=(kill,term) peer=/usr/bin/docker, + +} diff --git a/tor/build.json b/tor/build.json new file mode 100644 index 000000000..1069f2a36 --- /dev/null +++ b/tor/build.json @@ -0,0 +1,11 @@ +{ + "build_from": { + "aarch64": "ghcr.io/hassio-addons/base:16.2.0", + "amd64": "ghcr.io/hassio-addons/base:16.2.0", + "armv7": "ghcr.io/hassio-addons/base:16.2.0" + }, + "codenotary": { + "base_image": "codenotary@frenck.dev", + "signer": "codenotary@frenck.dev" + } +} diff --git a/tor/config.json b/tor/config.json new file mode 100644 index 000000000..256fc9373 --- /dev/null +++ b/tor/config.json @@ -0,0 +1,50 @@ +{ + "arch": [ + "aarch64", + "amd64", + "armv7" + ], + "codenotary": "alexandrep.github@gmail.com", + "description": "Protect your privacy and access Home Assistant via Tor", + "init": false, + "map": [ + "ssl:rw" + ], + "name": "Tor with bridges", + "ports": { + "9050/tcp": 9050 + }, + "ports_description": { + "9050/tcp": "Tor SOCKS proxy port" + }, + "slug": "tor", + "url": "https://github.com/alexbelgium/hassio-addons", + "version": "dev", + "startup": "services", + "options": { + "socks": false, + "hidden_services": true, + "stealth": false, + "client_names": [], + "ports": [ + "8123", + "8123:80" + ], + "bridges": [] + }, + "schema": { + "log_level": "list(trace|debug|info|notice|warning|error|fatal)?", + "socks": "bool", + "hidden_services": "bool", + "stealth": "bool", + "client_names": [ + "match(^[A-Za-z0-9+-_]{1,16}$)" + ], + "ports": [ + "match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$)" + ], + "bridges":[ + "str" + ] + } +} diff --git a/tor/icon.png b/tor/icon.png new file mode 100644 index 000000000..444f31bfd Binary files /dev/null and b/tor/icon.png differ diff --git a/tor/logo.png b/tor/logo.png new file mode 100644 index 000000000..148007ecd Binary files /dev/null and b/tor/logo.png differ diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/dependencies.d/base b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/dependencies.d/base new file mode 100644 index 000000000..e69de29bb diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run new file mode 100644 index 000000000..e8c21ab7c --- /dev/null +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run @@ -0,0 +1,236 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Community Add-on: Tor +# Prepares the add-on for startup +# ============================================================================== +declare address +declare clientname +declare host +declare key +declare log_level +declare port +declare private_key +declare public_key +declare target_port +declare virtual_port + +readonly torrc='/etc/tor/torrc' +readonly hidden_service_dir='/ssl/tor/hidden_service' +readonly authorized_clients_dir="${hidden_service_dir}/authorized_clients" +readonly clients_dir="${hidden_service_dir}/clients" +readonly hostname_file="${hidden_service_dir}/hostname" + +# A hidden service without any ports is kinda useless +if bashio::config.true 'hidden_services' \ + && ! bashio::config.has_value 'ports'; then + bashio::log.fatal + bashio::log.fatal 'Add-on configuration is incomplete.' + bashio::log.fatal + bashio::log.fatal 'Hidden services where enabled, using the' + bashio::log.fatal '"hidden_services" add-on configuration option,' + bashio::log.fatal 'But the "port" option does not contain any values!' + bashio::log.fatal + bashio::log.fatal 'Please configure the "ports" option.' + bashio::exit.nok +fi + +# Checks if client names where configured when using stealth mode +if bashio::config.true 'hidden_services' \ + && bashio::config.true 'stealth' \ + && ! bashio::config.has_value 'client_names'; +then + bashio::log.fatal + bashio::log.fatal 'Add-on configuration is incomplete.' + bashio::log.fatal + bashio::log.fatal 'Stealth mode is enabled, using the "stealth" add-on' + bashio::log.fatal 'configuration option, but there are no client names' + bashio::log.fatal 'configured in the "client_names" add-on option.' + bashio::log.fatal + bashio::log.fatal 'Please configure the "client_names" option.' + bashio::exit.nok +fi + +# Created needed directories +mkdir -p \ + "${authorized_clients_dir}" \ + "${clients_dir}" \ + "${hidden_service_dir}" \ + || bashio::exit.nok 'Could not create tor data directories' +chmod -R 0700 /ssl/tor + +# Find the matching Tor log level +if bashio::config.has_value 'log_level'; then + case "$(bashio::string.lower "$(bashio::config 'log_level')")" in + all|trace) + log_level="debug" + ;; + debug) + log_level="info" + ;; + info|notice) + log_level="notice" + ;; + warning) + log_level="warn" + ;; + error|fatal|off) + log_level="err" + ;; + esac + + echo "Log ${log_level} stdout" >> "${torrc}" +fi + +# Configure Socks proxy +if bashio::config.true 'socks'; then + echo 'SOCKSPort 0.0.0.0:9050' >> "${torrc}" +else + echo 'SOCKSPort 127.0.0.1:9050' >> "${torrc}" +fi + +# Configure hidden services +if bashio::config.true 'hidden_services'; then + echo "HiddenServiceDir ${hidden_service_dir}" >> "${torrc}" + + for port in $(bashio::config 'ports'); do + count=$(echo "${port}" | sed 's/[^:]//g'| awk '{ print length }') + if [[ "${count}" == 0 ]]; then + host='homeassistant' + virtual_port="${port}" + target_port="${port}" + elif [[ "${count}" == 1 ]]; then + # Check if format is hostname/ip:port or port:port + first=$(echo "${port}" | cut -f1 -d:) + if [[ "${first}" =~ ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]) ]]; then + host='homeassistant' + virtual_port=$(echo "${port}" | cut -f1 -d:) + target_port=$(echo "${port}" | cut -f2 -d:) + else + host=$(echo "${port}" | cut -f1 -d:) + virtual_port=$(echo "${port}" | cut -f2 -d:) + target_port=$(echo "${port}" | cut -f2 -d:) + fi + elif [[ "${count}" == 2 ]]; then + host=$(echo "${port}" | cut -f1 -d:) + virtual_port=$(echo "${port}" | cut -f2 -d:) + target_port=$(echo "${port}" | cut -f3 -d:) + else + bashio::log.warning "$port Are not correct format, skipping..." + fi + if [[ "${count}" -le 2 ]]; then + echo "HiddenServicePort ${target_port} ${host}:${virtual_port}" \ + >> "${torrc}" + fi + done +fi + +# Configure bridges +if bashio::config.exists 'bridges' \ + && ! bashio::config.is_empty 'bridges'; +then + bashio::log.info 'Use bridges:' + echo "UseBridges 1" >> "${torrc}" + + # Add client for OBFS transport + echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}" + + # Add client for Snowflake transport + echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}" + + # Add client for WebTunnel transport + echo "ClientTransportPlugin webtunnel exec /usr/local/bin/webtunnel" >> "${torrc}" + + # Add bridges + while read -r bridge; do + bashio::log.info "Bridge ${bridge}" + echo "Bridge ${bridge}" >> "${torrc}" + done <<< "$(bashio::config 'bridges')" +fi + +# Figure out the address +if bashio::config.true 'hidden_services'; then + bashio::log.info 'Starting Tor temporarly...' + + exec 3< <(tor) + + until bashio::fs.file_exists "${hostname_file}"; do + bashio::log.info "Waiting for service to start..." + sleep 1 + done + + address=$(<"${hostname_file}") + grep -m 1 "Bootstrapped 100% (done): Done" <&3 >/dev/null 2>&1 + + kill "$(pgrep tor)" >/dev/null 2>&1 + + bashio::log.info '---------------------------------------------------------' + bashio::log.info 'Your Home Assistant instance is available on Tor!' + bashio::log.info "Address: ${address}" + bashio::log.info '---------------------------------------------------------' +fi + +# Configure stealth mode +if bashio::config.true 'hidden_services' && bashio::config.true 'stealth'; +then + # Following the documentation at: + # https://community.torproject.org/onion-services/advanced/client-auth/ + while read -r clientname; do + # Generate key is they do not exist yet + if ! bashio::fs.file_exists "${authorized_clients_dir}/${clientname}.auth" + then + key=$(openssl genpkey -algorithm x25519) + + private_key=$( + sed \ + -e '/----.*PRIVATE KEY----\|^[[:space:]]*$/d' \ + <<< "${key}" \ + | base64 -d \ + | tail -c 32 \ + | base32 \ + | sed 's/=//g' + ) + + public_key=$( + openssl pkey -pubout \ + <<< "${key}" \ + | sed -e '/----.*PUBLIC KEY----\|^[[:space:]]*$/d' \ + | base64 -d \ + | tail -c 32 \ + | base32 \ + | sed 's/=//g' + ) + + # Create authorized client file + echo "descriptor:x25519:${public_key}" \ + > "${clients_dir}/${clientname}.auth" + echo "descriptor:x25519:${public_key}" \ + > "${authorized_clients_dir}/${clientname}.auth" + + # Create private key file + echo "${private_key}" \ + > "${clients_dir}/${clientname}.key.txt" + echo "${address%.onion}:descriptor:x25519:${private_key}" \ + > "${clients_dir}/${clientname}.auth_private" + + bashio::log.red + bashio::log.red + bashio::log.red "Created keys for ${clientname}!" + bashio::log.red + bashio::log.red "Keys are stored in:" + bashio::log.red "${clients_dir}" + bashio::log.red + bashio::log.red "Public key": + bashio::log.red "${public_key}" + bashio::log.red + bashio::log.red "Private key:" + bashio::log.red "${private_key}" + bashio::log.red + bashio::log.red + else + bashio::log.info "Keys for ${clientname} already exists; skipping..." + fi + done <<< "$(bashio::config 'client_names')" + + echo 'HiddenServiceAllowUnknownPorts 0' >> "${torrc}" +fi diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type new file mode 100644 index 000000000..bdd22a185 --- /dev/null +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type @@ -0,0 +1 @@ +oneshot diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up new file mode 100644 index 000000000..49d18ae5c --- /dev/null +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-tor/run diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/dependencies.d/init-tor b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/dependencies.d/init-tor new file mode 100644 index 000000000..e69de29bb diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish new file mode 100644 index 000000000..f7b99aa78 --- /dev/null +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish @@ -0,0 +1,27 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Community Add-on: Tor +# Take down the S6 supervision tree when the Tor daemon fails +# ============================================================================== +declare exit_code +readonly exit_code_container=$( /run/s6-linux-init-container-results/exitcode + fi + [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt +elif [[ "${exit_code_service}" -ne 0 ]]; then + if [[ "${exit_code_container}" -eq 0 ]]; then + echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode + fi + exec /run/s6/basedir/bin/halt +fi diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run new file mode 100644 index 000000000..a82250d13 --- /dev/null +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run @@ -0,0 +1,10 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Community Add-on: Tor +# Runs the Tor daemon +# ============================================================================== +bashio::log.info "Starting Tor..." + +# Run the Tor daemon +exec tor diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type new file mode 100644 index 000000000..5883cff0c --- /dev/null +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type @@ -0,0 +1 @@ +longrun diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-tor b/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-tor new file mode 100644 index 000000000..e69de29bb diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/tor b/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/tor new file mode 100644 index 000000000..e69de29bb diff --git a/tor/rootfs/etc/tor/torrc b/tor/rootfs/etc/tor/torrc new file mode 100644 index 000000000..f05e77b62 --- /dev/null +++ b/tor/rootfs/etc/tor/torrc @@ -0,0 +1,3 @@ +RunAsDaemon 0 +DataDirectory /data +AvoidDiskWrites 1