[TOR] init new addon

from https://github.com/akrigator/addon-tor
2026-01-10 09:51:02 +01:00 · 2024-08-13 04:34:32 +00:00
parent 4427625fbc
commit 8a66b35720
20 changed files with 613 additions and 0 deletions
--- a/.github/paths-filter.yml
+++ b/.github/paths-filter.yml
@@ -90,6 +90,7 @@ spotweb: spotweb/config.* # Image : yes
 tandoor_recipes: tandoor_recipes/config.* # Image : yes
 tdarr: tdarr/config.* # Image : yes
 teamspeak: teamspeak/config.* # Image : yes
 tor: tor/config.* # Image : yes
 transmission: transmission/config.* # Image : yes
 transmission_openvpn: transmission_openvpn/config.* # Image : yes
 ubooquity: ubooquity/config.* # Image : yes
--- a/README.md
+++ b/README.md
@@ -793,6 +793,13 @@ If you want to do add the repository manually, please follow the procedure highl
 ![amd64][amd64-badge]
 ![armv7][armv7-badge]
 &#10003; [Tor with bridges](tor/) : Copy of official comunity addon with additional bridges supporting
 &emsp;&emsp;![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
 ![aarch64][aarch64-badge]
 ![amd64][amd64-badge]
 ![armv7][armv7-badge]
 &#10003; ![image](https://api.iconify.design/mdi/transmission-tower.svg) [Transmission](transmission/) : Bittorrent client based on linuxserver image
 &emsp;&emsp;![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftransmission%2Fconfig.json)
--- a/tor/Dockerfile
+++ b/tor/Dockerfile
@@ -0,0 +1,92 @@
 ARG BUILD_FROM=ghcr.io/hassio-addons/base:16.2.0
 # hadolint ignore=DL3006
 FROM ${BUILD_FROM}
 # Set shell
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # Copy root filesystem
 COPY rootfs /
 # Setup base
 RUN \
    apk add --no-cache \
        coreutils=9.5-r1 \
        openssl=3.3.1-r3 \
        tor=0.4.8.12-r0 \
        go=1.22.5-r0 \
        git=2.45.2-r0 \
        ca-certificates=20240705-r0 \
        libcap=2.70-r0
 # Download pluggable-transports sources
 WORKDIR /go
 ARG OBFS_VERSION=obfs4proxy-0.0.14
 ARG SNOWFLAKE_VERSION=v2.9.2
 ARG WEBTUNNEL_VERSION=e64b1b3562f3ab50d06141ecd513a21ec74fe8c6
 RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \
    && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \
    && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
 # Build obfs4proxy
 WORKDIR /go/obfs4
 RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy
 # Build snowflake
 WORKDIR /go/snowflake/client
 RUN go get \
    && go build -o /usr/local/bin/snowflake
 # Build webtunnel
 WORKDIR /go/webtunnel/main/client
 RUN git reset --hard ${WEBTUNNEL_VERSION} \
    && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel
 # Clean up after build
 WORKDIR /
 RUN rm -rf /go
 # Give transports clients the capability to bind privileged port.
 RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \
    && setcap 'cap_net_bind_service=+ep'  /usr/local/bin/snowflake \
    && setcap 'cap_net_bind_service=+ep'  /usr/local/bin/webtunnel
 HEALTHCHECK \
    --start-period=60m \
    --interval=60s \
    --timeout=30s \
    CMD curl \
        --silent \
        --location \
        --socks5-hostname localhost:9050 \
        https://check.torproject.org/?lang=en_US \
        | grep -qm1 Congratulations
 # Build arguments
 ARG BUILD_ARCH
 ARG BUILD_DATE
 ARG BUILD_DESCRIPTION
 ARG BUILD_NAME
 ARG BUILD_REF
 ARG BUILD_REPOSITORY
 ARG BUILD_VERSION
 # Labels
 LABEL \
    io.hass.name="${BUILD_NAME}" \
    io.hass.description="${BUILD_DESCRIPTION}" \
    io.hass.arch="${BUILD_ARCH}" \
    io.hass.type="addon" \
    io.hass.version=${BUILD_VERSION} \
    maintainer="Franck Nijhof <frenck@addons.community>" \
    org.opencontainers.image.title="${BUILD_NAME}" \
    org.opencontainers.image.description="${BUILD_DESCRIPTION}" \
    org.opencontainers.image.vendor="Home Assistant Community Add-ons" \
    org.opencontainers.image.authors="Franck Nijhof <frenck@addons.community>" \
    org.opencontainers.image.licenses="MIT" \
    org.opencontainers.image.url="https://addons.community" \
    org.opencontainers.image.source="https://github.com/${BUILD_REPOSITORY}" \
    org.opencontainers.image.documentation="https://github.com/${BUILD_REPOSITORY}/blob/main/README.md" \
    org.opencontainers.image.created=${BUILD_DATE} \
    org.opencontainers.image.revision=${BUILD_REF} \
    org.opencontainers.image.version=${BUILD_VERSION}
--- a/tor/README.md
+++ b/tor/README.md
@@ -0,0 +1,107 @@
 # Hass.io Add-ons: Tor with bridges
 [![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium)
 [![Donate][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA)
 ![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
 ![Ingress](https://img.shields.io/badge/dynamic/json?label=Ingress&query=%24.ingress&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
 ![Arch](https://img.shields.io/badge/dynamic/json?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
 [![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard?utm_source=github.com&utm_medium=referral&utm_content=alexbelgium/hassio-addons&utm_campaign=Badge_Grade)
 [![GitHub Super-Linter](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/weekly-supelinter.yaml?label=Lint%20code%20base)](https://github.com/alexbelgium/hassio-addons/actions/workflows/weekly-supelinter.yaml)
 [![Builder](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/onpush_builder.yaml?label=Builder)](https://github.com/alexbelgium/hassio-addons/actions/workflows/onpush_builder.yaml)
 [donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20(no%20paypal)-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white
 [paypal-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20with%20Paypal-0070BA?logo=paypal&style=flat&logoColor=white
 _Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_
 [![Stargazers repo roster for @alexbelgium/hassio-addons](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.github/stars2.svg)](https://github.com/alexbelgium/hassio-addons/stargazers)
 ![downloads evolution](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/tor/stats.png)
 ## About
 Extended version of the [Tor addon from Home Assistant Community repository](https://github.com/hassio-addons/addon-tor) by supporting multiples bridges protocols WebTunnel, Snowflake and OBFS.
 ## Installation
 The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on.
 1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA)
   [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons)
 1. Install this add-on.
 1. Click the `Save` button to store your configuration.
 1. Set the add-on options to your preferences
 1. Start the add-on.
 1. Check the logs of the add-on to see if everything went well.
 1. Open the webUI and adapt the software options
 ## Configuration
 You should follow to the initial guide for configuring base addon options. Here will described only extra options in comparisons with base:
 ### Option: `bridges`
 > Ensure the option value is clear to avoid unintended use of transport plugins and bridges.
 Bridges are Tor relays that help you circumvent censorship.
 Access to bridges is provided by supported transport plugins:
 #### OBFS
 Because bridge addresses are not public, you will need to request them yourself. You have a few options:
 - Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or
 - Email `bridges@torproject.org` from a Gmail, or Riseup email address
 - Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat.
 For example:
 ```yaml
 bridges:
  - >-
    obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4
    cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA
    iat-mode=0
 ```
 #### Webtunnel
 Visit [Tor][tor-bridges-webtunnel] project and follow the instructions
 For example:
 ```yaml
 bridges:
  - >-
    webtunnel 192.0.2.3:1
    DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
    url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
    ver=0.0.1
 ```
 #### Snowflake
 What is [snowflake][what-is-snowflake], example:
 ```yaml
 bridges:
  - >-
    snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72
    fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72
    url=https://snowflake-broker.torproject.net/
    ampcache=https://cdn.ampproject.org/
    front=www.google.com
    ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
    utls-imitate=hellorandomizedalpn
 ```
 ## Support
 If you have in issue with your installation, please be sure to checkout github.
 [tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en
 [tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4
 [tor-bridges-webtunnel]: https://bridges.torproject.org/bridges/?transport=webtunnel
 [what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/
--- a/tor/apparmor.txt
+++ b/tor/apparmor.txt
@@ -0,0 +1,66 @@
 #include <tunables/global>
 profile tor_addon flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/base>
  capability,
  file,
  signal,
  mount,
  umount,
  remount,
  network udp,
  network tcp,
  network dgram,
  network stream,
  network inet,
  network inet6,
  network netlink raw,
  network unix dgram,
  capability setgid,
  capability setuid,
  capability sys_admin,
  capability dac_read_search,
  # capability dac_override,
  # capability sys_rawio,
 # S6-Overlay
  /init ix,
  /run/{s6,s6-rc*,service}/** ix,
  /package/** ix,
  /command/** ix,
  /run/{,**} rwk,
  /dev/tty rw,
  /bin/** ix,
  /usr/bin/** ix,
  /usr/lib/bashio/** ix,
  /etc/s6/** rix,
  /run/s6/** rix,
  /etc/services.d/** rwix,
  /etc/cont-init.d/** rwix,
  /etc/cont-finish.d/** rwix,
  /init rix,
  /var/run/** mrwkl,
  /var/run/ mrwkl,
  /dev/i2c-1 mrwkl,
  # Files required
  /dev/fuse mrwkl,
  /dev/sda1 mrwkl,
  /dev/sdb1 mrwkl,
  /dev/nvme0 mrwkl,
  /dev/nvme1 mrwkl,
  /dev/mmcblk0p1 mrwkl,
  /dev/* mrwkl,
  /tmp/** mrkwl,
  # Data access
  /data/** rw,
  # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
  ptrace (trace,read) peer=docker-default,
  # docker daemon confinement requires explict allow rule for signal
  signal (receive) set=(kill,term) peer=/usr/bin/docker,
 }
--- a/tor/build.json
+++ b/tor/build.json
@@ -0,0 +1,11 @@
 {
  "build_from": {
    "aarch64": "ghcr.io/hassio-addons/base:16.2.0",
    "amd64": "ghcr.io/hassio-addons/base:16.2.0",
    "armv7": "ghcr.io/hassio-addons/base:16.2.0"
  },
  "codenotary": {
    "base_image": "codenotary@frenck.dev",
    "signer": "codenotary@frenck.dev"
  }
 }
--- a/tor/config.json
+++ b/tor/config.json
@@ -0,0 +1,50 @@
 {
  "arch": [
    "aarch64",
    "amd64",
    "armv7"
  ],
  "codenotary": "alexandrep.github@gmail.com",
  "description": "Protect your privacy and access Home Assistant via Tor",
  "init": false,
  "map": [
    "ssl:rw"
  ],
  "name": "Tor with bridges",
  "ports": {
    "9050/tcp": 9050
  },
  "ports_description": {
    "9050/tcp": "Tor SOCKS proxy port"
  },
  "slug": "tor",
  "url": "https://github.com/alexbelgium/hassio-addons",
  "version": "dev",
  "startup": "service",
  "options": {
    "socks": false,
    "hidden_services": true,
    "stealth": false,
    "client_names": [],
    "ports": [
      "8123",
      "8123:80"
    ],
    "bridges": []
  },
  "schema": {
    "log_level": "list(trace|debug|info|notice|warning|error|fatal)?",
    "socks": "bool",
    "hidden_services": "bool",
    "stealth": "bool",
    "client_names": [
      "match(^[A-Za-z0-9+-_]{1,16}$)"
    ],
    "ports": [
      "match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$)"
    ],
    "bridges":[
      "str"
    ]
  }
 }
--- a/tor/icon.png
+++ b/tor/icon.png
--- a/tor/logo.png
+++ b/tor/logo.png
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/dependencies.d/base
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/dependencies.d/base
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run
@@ -0,0 +1,236 @@
 #!/command/with-contenv bashio
 # shellcheck shell=bash
 # ==============================================================================
 # Home Assistant Community Add-on: Tor
 # Prepares the add-on for startup
 # ==============================================================================
 declare address
 declare clientname
 declare host
 declare key
 declare log_level
 declare port
 declare private_key
 declare public_key
 declare target_port
 declare virtual_port
 readonly torrc='/etc/tor/torrc'
 readonly hidden_service_dir='/ssl/tor/hidden_service'
 readonly authorized_clients_dir="${hidden_service_dir}/authorized_clients"
 readonly clients_dir="${hidden_service_dir}/clients"
 readonly hostname_file="${hidden_service_dir}/hostname"
 # A hidden service without any ports is kinda useless
 if bashio::config.true 'hidden_services' \
    && ! bashio::config.has_value 'ports'; then
    bashio::log.fatal
    bashio::log.fatal 'Add-on configuration is incomplete.'
    bashio::log.fatal
    bashio::log.fatal 'Hidden services where enabled, using the'
    bashio::log.fatal '"hidden_services" add-on configuration option,'
    bashio::log.fatal 'But the "port" option does not contain any values!'
    bashio::log.fatal
    bashio::log.fatal 'Please configure the "ports" option.'
    bashio::exit.nok
 fi
 # Checks if client names where configured when using stealth mode
 if bashio::config.true 'hidden_services' \
    && bashio::config.true 'stealth' \
    && ! bashio::config.has_value 'client_names';
 then
    bashio::log.fatal
    bashio::log.fatal 'Add-on configuration is incomplete.'
    bashio::log.fatal
    bashio::log.fatal 'Stealth mode is enabled, using the "stealth" add-on'
    bashio::log.fatal 'configuration option, but there are no client names'
    bashio::log.fatal 'configured in the "client_names" add-on option.'
    bashio::log.fatal
    bashio::log.fatal 'Please configure the "client_names" option.'
    bashio::exit.nok
 fi
 # Created needed directories
 mkdir -p \
    "${authorized_clients_dir}" \
    "${clients_dir}" \
    "${hidden_service_dir}" \
    || bashio::exit.nok 'Could not create tor data directories'
 chmod -R 0700 /ssl/tor
 # Find the matching Tor log level
 if bashio::config.has_value 'log_level'; then
    case "$(bashio::string.lower "$(bashio::config 'log_level')")" in
        all|trace)
            log_level="debug"
            ;;
        debug)
            log_level="info"
            ;;
        info|notice)
            log_level="notice"
            ;;
        warning)
            log_level="warn"
            ;;
        error|fatal|off)
            log_level="err"
            ;;
    esac
    echo "Log ${log_level} stdout" >> "${torrc}"
 fi
 # Configure Socks proxy
 if bashio::config.true 'socks'; then
    echo 'SOCKSPort 0.0.0.0:9050' >> "${torrc}"
 else
    echo 'SOCKSPort 127.0.0.1:9050' >> "${torrc}"
 fi
 # Configure hidden services
 if bashio::config.true 'hidden_services'; then
    echo "HiddenServiceDir ${hidden_service_dir}" >> "${torrc}"
    for port in $(bashio::config 'ports'); do
        count=$(echo "${port}" | sed 's/[^:]//g'| awk '{ print length }')
        if [[ "${count}" == 0 ]]; then
            host='homeassistant'
            virtual_port="${port}"
            target_port="${port}"
        elif [[ "${count}" == 1 ]]; then
            # Check if format is hostname/ip:port or port:port
            first=$(echo "${port}" | cut -f1 -d:)
            if [[ "${first}" =~ ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]) ]]; then
                host='homeassistant'
                virtual_port=$(echo "${port}" | cut -f1 -d:)
                target_port=$(echo "${port}" | cut -f2 -d:)
            else
                host=$(echo "${port}" | cut -f1 -d:)
                virtual_port=$(echo "${port}" | cut -f2 -d:)
                target_port=$(echo "${port}" | cut -f2 -d:)
            fi
        elif [[ "${count}" == 2 ]]; then
            host=$(echo "${port}" | cut -f1 -d:)
            virtual_port=$(echo "${port}" | cut -f2 -d:)
            target_port=$(echo "${port}" | cut -f3 -d:)
        else
            bashio::log.warning "$port Are not correct format, skipping..."
        fi
        if [[ "${count}" -le 2 ]]; then
            echo "HiddenServicePort ${target_port} ${host}:${virtual_port}" \
                >> "${torrc}"
        fi
    done
 fi
 # Configure bridges
 if bashio::config.exists 'bridges' \
    && ! bashio::config.is_empty 'bridges';
 then
    bashio::log.info 'Use bridges:'
    echo "UseBridges 1" >> "${torrc}"
    # Add client for OBFS transport
    echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}"
    # Add client for Snowflake transport
    echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}"
    # Add client for WebTunnel transport
    echo "ClientTransportPlugin webtunnel exec /usr/local/bin/webtunnel" >> "${torrc}"
    # Add bridges
    while read -r bridge; do
        bashio::log.info "Bridge ${bridge}"
        echo "Bridge ${bridge}" >> "${torrc}"
    done <<< "$(bashio::config 'bridges')"
 fi
 # Figure out the address
 if bashio::config.true 'hidden_services'; then
    bashio::log.info 'Starting Tor temporarly...'
    exec 3< <(tor)
    until bashio::fs.file_exists "${hostname_file}"; do
        bashio::log.info "Waiting for service to start..."
        sleep 1
    done
    address=$(<"${hostname_file}")
    grep -m 1 "Bootstrapped 100% (done): Done" <&3 >/dev/null 2>&1
    kill "$(pgrep tor)" >/dev/null 2>&1
    bashio::log.info '---------------------------------------------------------'
    bashio::log.info 'Your Home Assistant instance is available on Tor!'
    bashio::log.info "Address: ${address}"
    bashio::log.info '---------------------------------------------------------'
 fi
 # Configure stealth mode
 if bashio::config.true 'hidden_services' && bashio::config.true 'stealth';
 then
    # Following the documentation at:
    # https://community.torproject.org/onion-services/advanced/client-auth/
    while read -r clientname; do
        # Generate key is they do not exist yet
        if ! bashio::fs.file_exists "${authorized_clients_dir}/${clientname}.auth"
        then 
            key=$(openssl genpkey -algorithm x25519)
            private_key=$(
                sed \
                    -e '/----.*PRIVATE KEY----\|^[[:space:]]*$/d' \
                    <<< "${key}" \
                    | base64 -d \
                    | tail -c 32 \
                    | base32 \
                    | sed 's/=//g'
            )
            public_key=$(
                openssl pkey -pubout \
                <<< "${key}" \
                | sed -e '/----.*PUBLIC KEY----\|^[[:space:]]*$/d' \
                | base64 -d \
                | tail -c 32 \
                | base32 \
                | sed 's/=//g'
            )
            # Create authorized client file
            echo "descriptor:x25519:${public_key}" \
                > "${clients_dir}/${clientname}.auth"
            echo "descriptor:x25519:${public_key}" \
                > "${authorized_clients_dir}/${clientname}.auth"
            # Create private key file
            echo "${private_key}" \
                > "${clients_dir}/${clientname}.key.txt"
            echo "${address%.onion}:descriptor:x25519:${private_key}" \
                > "${clients_dir}/${clientname}.auth_private"
            bashio::log.red
            bashio::log.red
            bashio::log.red "Created keys for ${clientname}!"
            bashio::log.red
            bashio::log.red "Keys are stored in:"
            bashio::log.red "${clients_dir}"
            bashio::log.red
            bashio::log.red "Public key":
            bashio::log.red "${public_key}"
            bashio::log.red
            bashio::log.red "Private key:"
            bashio::log.red "${private_key}"
            bashio::log.red
            bashio::log.red 
        else
            bashio::log.info "Keys for ${clientname} already exists; skipping..."
        fi
    done <<< "$(bashio::config 'client_names')"
    echo 'HiddenServiceAllowUnknownPorts 0' >> "${torrc}"
 fi
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type
@@ -0,0 +1 @@
 oneshot
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up
@@ -0,0 +1 @@
 /etc/s6-overlay/s6-rc.d/init-tor/run
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/dependencies.d/init-tor
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/dependencies.d/init-tor
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish
@@ -0,0 +1,27 @@
 #!/command/with-contenv bashio
 # shellcheck shell=bash
 # ==============================================================================
 # Home Assistant Community Add-on: Tor
 # Take down the S6 supervision tree when the Tor daemon fails
 # ==============================================================================
 declare exit_code
 readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
 readonly exit_code_service="${1}"
 readonly exit_code_signal="${2}"
 readonly service="Tor"
 bashio::log.info \
  "Service ${service} exited with code ${exit_code_service}" \
  "(by signal ${exit_code_signal})"
 if [[ "${exit_code_service}" -eq 256 ]]; then
  if [[ "${exit_code_container}" -eq 0 ]]; then
    echo $((128 + $exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
  fi
  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
 elif [[ "${exit_code_service}" -ne 0 ]]; then
  if [[ "${exit_code_container}" -eq 0 ]]; then
    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
  fi
  exec /run/s6/basedir/bin/halt
 fi
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run
@@ -0,0 +1,10 @@
 #!/command/with-contenv bashio
 # shellcheck shell=bash
 # ==============================================================================
 # Home Assistant Community Add-on: Tor
 # Runs the Tor daemon
 # ==============================================================================
 bashio::log.info "Starting Tor..."
 # Run the Tor daemon
 exec tor
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type
@@ -0,0 +1 @@
 longrun
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-tor
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-tor
--- a/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/tor
+++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/tor
--- a/tor/rootfs/etc/tor/torrc
+++ b/tor/rootfs/etc/tor/torrc
@@ -0,0 +1,3 @@
 RunAsDaemon 0
 DataDirectory /data
 AvoidDiskWrites 1