[TOR] init new addon

from https://github.com/akrigator/addon-tor

.github/paths-filter.yml

@@ -90,6 +90,7 @@ spotweb: spotweb/config.* # Image : yes
 tandoor_recipes: tandoor_recipes/config.* # Image : yes
 tdarr: tdarr/config.* # Image : yes
 teamspeak: teamspeak/config.* # Image : yes
+tor: tor/config.* # Image : yes
 transmission: transmission/config.* # Image : yes
 transmission_openvpn: transmission_openvpn/config.* # Image : yes
 ubooquity: ubooquity/config.* # Image : yes

README.md

@@ -793,6 +793,13 @@ If you want to do add the repository manually, please follow the procedure highl
 ![amd64][amd64-badge]
 ![armv7][armv7-badge]
 
+✓ [Tor with bridges](tor/) : Copy of official comunity addon with additional bridges supporting
+
+  ![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
+![aarch64][aarch64-badge]
+![amd64][amd64-badge]
+![armv7][armv7-badge]
+
 ✓ ![image](https://api.iconify.design/mdi/transmission-tower.svg) [Transmission](transmission/) : Bittorrent client based on linuxserver image
 
   ![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftransmission%2Fconfig.json)

tor/Dockerfile

@@ -0,0 +1,92 @@
+ARG BUILD_FROM=ghcr.io/hassio-addons/base:16.2.0
+# hadolint ignore=DL3006
+FROM ${BUILD_FROM}
+
+# Set shell
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Copy root filesystem
+COPY rootfs /
+
+# Setup base
+RUN \
+    apk add --no-cache \
+        coreutils=9.5-r1 \
+        openssl=3.3.1-r3 \
+        tor=0.4.8.12-r0 \
+        go=1.22.5-r0 \
+        git=2.45.2-r0 \
+        ca-certificates=20240705-r0 \
+        libcap=2.70-r0
+
+# Download pluggable-transports sources
+WORKDIR /go
+ARG OBFS_VERSION=obfs4proxy-0.0.14
+ARG SNOWFLAKE_VERSION=v2.9.2
+ARG WEBTUNNEL_VERSION=e64b1b3562f3ab50d06141ecd513a21ec74fe8c6
+RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \
+    && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \
+    && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
+
+# Build obfs4proxy
+WORKDIR /go/obfs4
+RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy
+
+# Build snowflake
+WORKDIR /go/snowflake/client
+RUN go get \
+    && go build -o /usr/local/bin/snowflake
+
+# Build webtunnel
+WORKDIR /go/webtunnel/main/client
+RUN git reset --hard ${WEBTUNNEL_VERSION} \
+    && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel
+
+# Clean up after build
+WORKDIR /
+RUN rm -rf /go
+
+# Give transports clients the capability to bind privileged port.
+RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \
+    && setcap 'cap_net_bind_service=+ep'  /usr/local/bin/snowflake \
+    && setcap 'cap_net_bind_service=+ep'  /usr/local/bin/webtunnel
+
+HEALTHCHECK \
+    --start-period=60m \
+    --interval=60s \
+    --timeout=30s \
+    CMD curl \
+        --silent \
+        --location \
+        --socks5-hostname localhost:9050 \
+        https://check.torproject.org/?lang=en_US \
+        | grep -qm1 Congratulations
+
+# Build arguments
+ARG BUILD_ARCH
+ARG BUILD_DATE
+ARG BUILD_DESCRIPTION
+ARG BUILD_NAME
+ARG BUILD_REF
+ARG BUILD_REPOSITORY
+ARG BUILD_VERSION
+
+# Labels
+LABEL \
+    io.hass.name="${BUILD_NAME}" \
+    io.hass.description="${BUILD_DESCRIPTION}" \
+    io.hass.arch="${BUILD_ARCH}" \
+    io.hass.type="addon" \
+    io.hass.version=${BUILD_VERSION} \
+    maintainer="Franck Nijhof <frenck@addons.community>" \
+    org.opencontainers.image.title="${BUILD_NAME}" \
+    org.opencontainers.image.description="${BUILD_DESCRIPTION}" \
+    org.opencontainers.image.vendor="Home Assistant Community Add-ons" \
+    org.opencontainers.image.authors="Franck Nijhof <frenck@addons.community>" \
+    org.opencontainers.image.licenses="MIT" \
+    org.opencontainers.image.url="https://addons.community" \
+    org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \
+    org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \
+    org.opencontainers.image.created=${BUILD_DATE} \
+    org.opencontainers.image.revision=${BUILD_REF} \
+    org.opencontainers.image.version=${BUILD_VERSION}

tor/README.md

@@ -0,0 +1,107 @@
+# Hass.io Add-ons: Tor with bridges
+
+[![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium)
+[![Donate][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA)
+
+![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
+![Ingress](https://img.shields.io/badge/dynamic/json?label=Ingress&query=%24.ingress&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
+![Arch](https://img.shields.io/badge/dynamic/json?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
+
+[![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard?utm_source=github.com&utm_medium=referral&utm_content=alexbelgium/hassio-addons&utm_campaign=Badge_Grade)
+[![GitHub Super-Linter](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/weekly-supelinter.yaml?label=Lint%20code%20base)](https://github.com/alexbelgium/hassio-addons/actions/workflows/weekly-supelinter.yaml)
+[![Builder](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/onpush_builder.yaml?label=Builder)](https://github.com/alexbelgium/hassio-addons/actions/workflows/onpush_builder.yaml)
+
+[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20(no%20paypal)-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white
+[paypal-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20with%20Paypal-0070BA?logo=paypal&style=flat&logoColor=white
+
+_Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_
+
+[![Stargazers repo roster for @alexbelgium/hassio-addons](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.github/stars2.svg)](https://github.com/alexbelgium/hassio-addons/stargazers)
+
+![downloads evolution](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/tor/stats.png)
+
+## About
+
+Extended version of the [Tor addon from Home Assistant Community repository](https://github.com/hassio-addons/addon-tor) by supporting multiples bridges protocols WebTunnel, Snowflake and OBFS.
+
+## Installation
+
+The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on.
+
+1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA)
+   [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons)
+1. Install this add-on.
+1. Click the `Save` button to store your configuration.
+1. Set the add-on options to your preferences
+1. Start the add-on.
+1. Check the logs of the add-on to see if everything went well.
+1. Open the webUI and adapt the software options
+
+## Configuration
+
+You should follow to the initial guide for configuring base addon options. Here will described only extra options in comparisons with base:
+
+### Option: `bridges`
+
+> Ensure the option value is clear to avoid unintended use of transport plugins and bridges.
+
+Bridges are Tor relays that help you circumvent censorship.
+Access to bridges is provided by supported transport plugins:
+
+#### OBFS
+
+Because bridge addresses are not public, you will need to request them yourself. You have a few options:
+
+- Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or
+- Email `bridges@torproject.org` from a Gmail, or Riseup email address
+- Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat.
+
+For example:
+
+```yaml
+bridges:
+  - >-
+    obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4
+    cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA
+    iat-mode=0
+```
+
+#### Webtunnel
+
+Visit [Tor][tor-bridges-webtunnel] project and follow the instructions
+
+For example:
+
+```yaml
+bridges:
+  - >-
+    webtunnel 192.0.2.3:1
+    DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
+    url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
+    ver=0.0.1
+```
+
+#### Snowflake
+
+What is [snowflake][what-is-snowflake], example:
+
+```yaml
+bridges:
+  - >-
+    snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72
+    fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72
+    url=https://snowflake-broker.torproject.net/
+    ampcache=https://cdn.ampproject.org/
+    front=www.google.com
+    ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
+    utls-imitate=hellorandomizedalpn
+```
+
+## Support
+
+If you have in issue with your installation, please be sure to checkout github.
+
+[tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en
+[tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4
+[tor-bridges-webtunnel]: https://bridges.torproject.org/bridges/?transport=webtunnel
+[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/

tor/apparmor.txt

@@ -0,0 +1,66 @@
+#include <tunables/global>
+
+profile tor_addon flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+
+  capability,
+  file,
+  signal,
+  mount,
+  umount,
+  remount,
+  network udp,
+  network tcp,
+  network dgram,
+  network stream,
+  network inet,
+  network inet6,
+  network netlink raw,
+  network unix dgram,
+
+  capability setgid,
+  capability setuid,
+  capability sys_admin,
+  capability dac_read_search,
+  # capability dac_override,
+  # capability sys_rawio,
+
+# S6-Overlay
+  /init ix,
+  /run/{s6,s6-rc*,service}/** ix,
+  /package/** ix,
+  /command/** ix,
+  /run/{,**} rwk,
+  /dev/tty rw,
+  /bin/** ix,
+  /usr/bin/** ix,
+  /usr/lib/bashio/** ix,
+  /etc/s6/** rix,
+  /run/s6/** rix,
+  /etc/services.d/** rwix,
+  /etc/cont-init.d/** rwix,
+  /etc/cont-finish.d/** rwix,
+  /init rix,
+  /var/run/** mrwkl,
+  /var/run/ mrwkl,
+  /dev/i2c-1 mrwkl,
+  # Files required
+  /dev/fuse mrwkl,
+  /dev/sda1 mrwkl,
+  /dev/sdb1 mrwkl,
+  /dev/nvme0 mrwkl,
+  /dev/nvme1 mrwkl,
+  /dev/mmcblk0p1 mrwkl,
+  /dev/* mrwkl,
+  /tmp/** mrkwl,
+
+  # Data access
+  /data/** rw,
+
+  # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
+  ptrace (trace,read) peer=docker-default,
+
+  # docker daemon confinement requires explict allow rule for signal
+  signal (receive) set=(kill,term) peer=/usr/bin/docker,
+
+}

tor/build.json

@@ -0,0 +1,11 @@
+{
+  "build_from": {
+    "aarch64": "ghcr.io/hassio-addons/base:16.2.0",
+    "amd64": "ghcr.io/hassio-addons/base:16.2.0",
+    "armv7": "ghcr.io/hassio-addons/base:16.2.0"
+  },
+  "codenotary": {
+    "base_image": "codenotary@frenck.dev",
+    "signer": "codenotary@frenck.dev"
+  }
+}

tor/config.json

@@ -0,0 +1,50 @@
+{
+  "arch": [
+    "aarch64",
+    "amd64",
+    "armv7"
+  ],
+  "codenotary": "alexandrep.github@gmail.com",
+  "description": "Protect your privacy and access Home Assistant via Tor",
+  "init": false,
+  "map": [
+    "ssl:rw"
+  ],
+  "name": "Tor with bridges",
+  "ports": {
+    "9050/tcp": 9050
+  },
+  "ports_description": {
+    "9050/tcp": "Tor SOCKS proxy port"
+  },
+  "slug": "tor",
+  "url": "https://github.com/alexbelgium/hassio-addons",
+  "version": "dev",
+  "startup": "service",
+  "options": {
+    "socks": false,
+    "hidden_services": true,
+    "stealth": false,
+    "client_names": [],
+    "ports": [
+      "8123",
+      "8123:80"
+    ],
+    "bridges": []
+  },
+  "schema": {
+    "log_level": "list(trace|debug|info|notice|warning|error|fatal)?",
+    "socks": "bool",
+    "hidden_services": "bool",
+    "stealth": "bool",
+    "client_names": [
+      "match(^[A-Za-z0-9+-_]{1,16}$)"
+    ],
+    "ports": [
+      "match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$)"
+    ],
+    "bridges":[
+      "str"
+    ]
+  }
+}

tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run

@@ -0,0 +1,236 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Home Assistant Community Add-on: Tor
+# Prepares the add-on for startup
+# ==============================================================================
+declare address
+declare clientname
+declare host
+declare key
+declare log_level
+declare port
+declare private_key
+declare public_key
+declare target_port
+declare virtual_port
+
+readonly torrc='/etc/tor/torrc'
+readonly hidden_service_dir='/ssl/tor/hidden_service'
+readonly authorized_clients_dir="${hidden_service_dir}/authorized_clients"
+readonly clients_dir="${hidden_service_dir}/clients"
+readonly hostname_file="${hidden_service_dir}/hostname"
+
+# A hidden service without any ports is kinda useless
+if bashio::config.true 'hidden_services' \
+    && ! bashio::config.has_value 'ports'; then
+    bashio::log.fatal
+    bashio::log.fatal 'Add-on configuration is incomplete.'
+    bashio::log.fatal
+    bashio::log.fatal 'Hidden services where enabled, using the'
+    bashio::log.fatal '"hidden_services" add-on configuration option,'
+    bashio::log.fatal 'But the "port" option does not contain any values!'
+    bashio::log.fatal
+    bashio::log.fatal 'Please configure the "ports" option.'
+    bashio::exit.nok
+fi
+
+# Checks if client names where configured when using stealth mode
+if bashio::config.true 'hidden_services' \
+    && bashio::config.true 'stealth' \
+    && ! bashio::config.has_value 'client_names';
+then
+    bashio::log.fatal
+    bashio::log.fatal 'Add-on configuration is incomplete.'
+    bashio::log.fatal
+    bashio::log.fatal 'Stealth mode is enabled, using the "stealth" add-on'
+    bashio::log.fatal 'configuration option, but there are no client names'
+    bashio::log.fatal 'configured in the "client_names" add-on option.'
+    bashio::log.fatal
+    bashio::log.fatal 'Please configure the "client_names" option.'
+    bashio::exit.nok
+fi
+
+# Created needed directories
+mkdir -p \
+    "${authorized_clients_dir}" \
+    "${clients_dir}" \
+    "${hidden_service_dir}" \
+    || bashio::exit.nok 'Could not create tor data directories'
+chmod -R 0700 /ssl/tor
+
+# Find the matching Tor log level
+if bashio::config.has_value 'log_level'; then
+    case "$(bashio::string.lower "$(bashio::config 'log_level')")" in
+        all|trace)
+            log_level="debug"
+            ;;
+        debug)
+            log_level="info"
+            ;;
+        info|notice)
+            log_level="notice"
+            ;;
+        warning)
+            log_level="warn"
+            ;;
+        error|fatal|off)
+            log_level="err"
+            ;;
+    esac
+
+    echo "Log ${log_level} stdout" >> "${torrc}"
+fi
+
+# Configure Socks proxy
+if bashio::config.true 'socks'; then
+    echo 'SOCKSPort 0.0.0.0:9050' >> "${torrc}"
+else
+    echo 'SOCKSPort 127.0.0.1:9050' >> "${torrc}"
+fi
+
+# Configure hidden services
+if bashio::config.true 'hidden_services'; then
+    echo "HiddenServiceDir ${hidden_service_dir}" >> "${torrc}"
+    
+    for port in $(bashio::config 'ports'); do
+        count=$(echo "${port}" | sed 's/[^:]//g'| awk '{ print length }')
+        if [[ "${count}" == 0 ]]; then
+            host='homeassistant'
+            virtual_port="${port}"
+            target_port="${port}"
+        elif [[ "${count}" == 1 ]]; then
+            # Check if format is hostname/ip:port or port:port
+            first=$(echo "${port}" | cut -f1 -d:)
+            if [[ "${first}" =~ ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]) ]]; then
+                host='homeassistant'
+                virtual_port=$(echo "${port}" | cut -f1 -d:)
+                target_port=$(echo "${port}" | cut -f2 -d:)
+            else
+                host=$(echo "${port}" | cut -f1 -d:)
+                virtual_port=$(echo "${port}" | cut -f2 -d:)
+                target_port=$(echo "${port}" | cut -f2 -d:)
+            fi
+        elif [[ "${count}" == 2 ]]; then
+            host=$(echo "${port}" | cut -f1 -d:)
+            virtual_port=$(echo "${port}" | cut -f2 -d:)
+            target_port=$(echo "${port}" | cut -f3 -d:)
+        else
+            bashio::log.warning "$port Are not correct format, skipping..."
+        fi
+        if [[ "${count}" -le 2 ]]; then
+            echo "HiddenServicePort ${target_port} ${host}:${virtual_port}" \
+                >> "${torrc}"
+        fi
+    done
+fi
+
+# Configure bridges
+if bashio::config.exists 'bridges' \
+    && ! bashio::config.is_empty 'bridges';
+then
+    bashio::log.info 'Use bridges:'
+    echo "UseBridges 1" >> "${torrc}"
+
+    # Add client for OBFS transport
+    echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}"
+    
+    # Add client for Snowflake transport
+    echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}"
+
+    # Add client for WebTunnel transport
+    echo "ClientTransportPlugin webtunnel exec /usr/local/bin/webtunnel" >> "${torrc}"
+    
+    # Add bridges
+    while read -r bridge; do
+        bashio::log.info "Bridge ${bridge}"
+        echo "Bridge ${bridge}" >> "${torrc}"
+    done <<< "$(bashio::config 'bridges')"
+fi
+
+# Figure out the address
+if bashio::config.true 'hidden_services'; then
+    bashio::log.info 'Starting Tor temporarly...'
+
+    exec 3< <(tor)
+
+    until bashio::fs.file_exists "${hostname_file}"; do
+        bashio::log.info "Waiting for service to start..."
+        sleep 1
+    done
+
+    address=$(<"${hostname_file}")
+    grep -m 1 "Bootstrapped 100% (done): Done" <&3 >/dev/null 2>&1
+
+    kill "$(pgrep tor)" >/dev/null 2>&1
+
+    bashio::log.info '---------------------------------------------------------'
+    bashio::log.info 'Your Home Assistant instance is available on Tor!'
+    bashio::log.info "Address: ${address}"
+    bashio::log.info '---------------------------------------------------------'
+fi
+
+# Configure stealth mode
+if bashio::config.true 'hidden_services' && bashio::config.true 'stealth';
+then
+    # Following the documentation at:
+    # https://community.torproject.org/onion-services/advanced/client-auth/
+    while read -r clientname; do
+        # Generate key is they do not exist yet
+        if ! bashio::fs.file_exists "${authorized_clients_dir}/${clientname}.auth"
+        then 
+            key=$(openssl genpkey -algorithm x25519)
+
+            private_key=$(
+                sed \
+                    -e '/----.*PRIVATE KEY----\|^[[:space:]]*$/d' \
+                    <<< "${key}" \
+                    | base64 -d \
+                    | tail -c 32 \
+                    | base32 \
+                    | sed 's/=//g'
+            )
+
+            public_key=$(
+                openssl pkey -pubout \
+                <<< "${key}" \
+                | sed -e '/----.*PUBLIC KEY----\|^[[:space:]]*$/d' \
+                | base64 -d \
+                | tail -c 32 \
+                | base32 \
+                | sed 's/=//g'
+            )
+
+            # Create authorized client file
+            echo "descriptor:x25519:${public_key}" \
+                > "${clients_dir}/${clientname}.auth"
+            echo "descriptor:x25519:${public_key}" \
+                > "${authorized_clients_dir}/${clientname}.auth"
+
+            # Create private key file
+            echo "${private_key}" \
+                > "${clients_dir}/${clientname}.key.txt"
+            echo "${address%.onion}:descriptor:x25519:${private_key}" \
+                > "${clients_dir}/${clientname}.auth_private"
+
+            bashio::log.red
+            bashio::log.red
+            bashio::log.red "Created keys for ${clientname}!"
+            bashio::log.red
+            bashio::log.red "Keys are stored in:"
+            bashio::log.red "${clients_dir}"
+            bashio::log.red
+            bashio::log.red "Public key":
+            bashio::log.red "${public_key}"
+            bashio::log.red
+            bashio::log.red "Private key:"
+            bashio::log.red "${private_key}"
+            bashio::log.red
+            bashio::log.red 
+        else
+            bashio::log.info "Keys for ${clientname} already exists; skipping..."
+        fi
+    done <<< "$(bashio::config 'client_names')"
+
+    echo 'HiddenServiceAllowUnknownPorts 0' >> "${torrc}"
+fi

tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type

@@ -0,0 +1 @@
+oneshot

tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-tor/run

tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish

@@ -0,0 +1,27 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Home Assistant Community Add-on: Tor
+# Take down the S6 supervision tree when the Tor daemon fails
+# ==============================================================================
+declare exit_code
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+readonly service="Tor"
+
+bashio::log.info \
+  "Service ${service} exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + $exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi

tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run

@@ -0,0 +1,10 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Home Assistant Community Add-on: Tor
+# Runs the Tor daemon
+# ==============================================================================
+bashio::log.info "Starting Tor..."
+
+# Run the Tor daemon
+exec tor

tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type

@@ -0,0 +1 @@
+longrun

tor/rootfs/etc/tor/torrc

@@ -0,0 +1,3 @@
+RunAsDaemon 0
+DataDirectory /data
+AvoidDiskWrites 1