Merge pull request #2568 from akrigator/tor_deprecate

Deprecate Tor

zzz_archived_tor/CHANGELOG.md

@@ -0,0 +1,48 @@
+## 5.0.1-1 (13-08-2024)
+
+- Update apparmomr profile to fix start up
+
+## 5.0.1-2 (13-08-2024)
+
+- Align version
+
+## 5.0.1-3 (13-08-2024)
+
+- Add read permission for /etc/s6-overlay/ in apparmor
+
+## 5.0.1-4 (14-08-2024)
+
+- Add execution permission for permission for /etc/s6-overlay/s6-overlay/s6-rc.d/init-tor/run file
+
+## 5.0.2-1 (13-02-2025)
+
+- HTTP tunneling
+
+## 5.0.2-2 (13-02-2025)
+
+- Fix snowflake build
+- Lint issues
+
+## 5.0.2-3 (13-02-2025)
+
+- Fix network for http tunel
+
+## 5.0.2-4 (13-02-2025)
+
+- Init build procedure
+
+## 5.0.2-5 (13-02-2025)
+
+- Init build procedure
+
+## 5.0.2-6 (13-02-2025)
+
+- Remove excess depents
+
+## 5.0.3-1 (14-02-2025)
+
+- hassio-addons/base 17.1.5
+
+## 5.0.3-2 (16-02-2025)
+
+- hassio-addons/base 17.2.0

zzz_archived_tor/README.md

@@ -0,0 +1,112 @@
+## ⚠ Open Request : [✨ [REQUEST] qBittorrent Gluetun (opened 2024-12-10)](https://github.com/alexbelgium/hassio-addons/issues/1661) by [@xtian47](https://github.com/xtian47)
+# Hass.io Add-ons: Tor with bridges
+
+[![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium)
+[![Donate][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA)
+
+![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
+![Ingress](https://img.shields.io/badge/dynamic/json?label=Ingress&query=%24.ingress&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
+![Arch](https://img.shields.io/badge/dynamic/json?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json)
+
+[![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard?utm_source=github.com&utm_medium=referral&utm_content=alexbelgium/hassio-addons&utm_campaign=Badge_Grade)
+[![GitHub Super-Linter](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/weekly-supelinter.yaml?label=Lint%20code%20base)](https://github.com/alexbelgium/hassio-addons/actions/workflows/weekly-supelinter.yaml)
+[![Builder](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/onpush_builder.yaml?label=Builder)](https://github.com/alexbelgium/hassio-addons/actions/workflows/onpush_builder.yaml)
+
+[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20(no%20paypal)-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white
+[paypal-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20with%20Paypal-0070BA?logo=paypal&style=flat&logoColor=white
+
+_Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_
+
+[![Stargazers repo roster for @alexbelgium/hassio-addons](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.github/stars2.svg)](https://github.com/alexbelgium/hassio-addons/stargazers)
+
+![downloads evolution](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/tor/stats.png)
+
+## About
+
+Extended version of the [Tor addon from Home Assistant Community repository](https://github.com/hassio-addons/addon-tor) by supporting multiples bridges protocols WebTunnel, Snowflake and OBFS.
+
+## Installation
+
+The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on.
+
+1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA)
+   [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons)
+1. Install this add-on.
+1. Click the `Save` button to store your configuration.
+1. Set the add-on options to your preferences
+1. Start the add-on.
+1. Check the logs of the add-on to see if everything went well.
+1. Open the webUI and adapt the software options
+
+## Configuration
+
+You should follow to the initial guide for configuring base addon options. Here will described only extra options in comparisons with base:
+
+### Option: `http_tunnel`
+
+Setting this option to true opens port 9080 to listen for connections from HTTP-speaking applications. Enabling this feature allows you to use other applications on your network to use the Tor network via http proxy.
+
+### Option: `bridges`
+
+> Ensure the option value is clear to avoid unintended use of transport plugins and bridges.
+
+Bridges are Tor relays that help you circumvent censorship.
+Access to bridges is provided by supported transport plugins:
+
+#### OBFS
+
+Because bridge addresses are not public, you will need to request them yourself. You have a few options:
+
+- Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or
+- Email `bridges@torproject.org` from a Gmail, or Riseup email address
+- Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat.
+
+For example:
+
+```yaml
+bridges:
+  - >-
+    obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4
+    cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA
+    iat-mode=0
+```
+
+#### Webtunnel
+
+Visit [Tor][tor-bridges-webtunnel] project and follow the instructions
+
+For example:
+
+```yaml
+bridges:
+  - >-
+    webtunnel 192.0.2.3:1
+    DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
+    url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
+    ver=0.0.1
+```
+
+#### Snowflake
+
+What is [snowflake][what-is-snowflake], example:
+
+```yaml
+bridges:
+  - >-
+    snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72
+    fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72
+    url=https://snowflake-broker.torproject.net/
+    ampcache=https://cdn.ampproject.org/
+    front=www.google.com
+    ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
+    utls-imitate=hellorandomizedalpn
+```
+
+## Support
+
+If you have in issue with your installation, please be sure to checkout github.
+
+[tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en
+[tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4
+[tor-bridges-webtunnel]: https://bridges.torproject.org/bridges/?transport=webtunnel
+[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/

zzz_archived_tor/build.json

@@ -0,0 +1,11 @@
+{
+  "build_from": {
+    "aarch64": "ghcr.io/hassio-addons/base:17.2.0",
+    "amd64": "ghcr.io/hassio-addons/base:17.2.0",
+    "armv7": "ghcr.io/hassio-addons/base:17.2.0"
+  },
+  "codenotary": {
+    "base_image": "codenotary@frenck.dev",
+    "signer": "codenotary@frenck.dev"
+  }
+}

zzz_archived_tor/config.json

@@ -0,0 +1,55 @@
+{
+  "arch": [
+    "aarch64",
+    "amd64",
+    "armv7"
+  ],
+  "codenotary": "alexandrep.github@gmail.com",
+  "description": "Protect your privacy and access Home Assistant via Tor",
+  "image": "ghcr.io/alexbelgium/tor-{arch}",
+  "init": false,
+  "map": [
+    "ssl:rw"
+  ],
+  "name": "zzz_archived - Tor with bridges",
+  "options": {
+    "bridges": [],
+    "client_names": [],
+    "hidden_services": true,
+    "ports": [
+      "8123",
+      "8123:80"
+    ],
+    "socks": false,
+    "http_tunnel": false,
+    "stealth": false
+  },
+  "ports": {
+    "9050/tcp": 9050,
+    "9080/tcp": 9080
+  },
+  "ports_description": {
+    "9050/tcp": "Tor SOCKS proxy port",
+    "9080/tcp": "Tor HTTP tunnel port"
+  },
+  "schema": {
+    "bridges": [
+      "str"
+    ],
+    "client_names": [
+      "match(^[A-Za-z0-9+-_]{1,16}$)"
+    ],
+    "hidden_services": "bool",
+    "log_level": "list(trace|debug|info|notice|warning|error|fatal)?",
+    "ports": [
+      "match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$)"
+    ],
+    "socks": "bool",
+    "http_tunnel": "bool",
+    "stealth": "bool"
+  },
+  "slug": "tor",
+  "startup": "services",
+  "url": "https://github.com/alexbelgium/hassio-addons",
+  "version": "5.0.3-2"
+}

zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run

@@ -0,0 +1,241 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Home Assistant Community Add-on: Tor
+# Prepares the add-on for startup
+# ==============================================================================
+declare address
+declare clientname
+declare host
+declare key
+declare log_level
+declare port
+declare private_key
+declare public_key
+declare target_port
+declare virtual_port
+
+readonly torrc='/etc/tor/torrc'
+readonly hidden_service_dir='/ssl/tor/hidden_service'
+readonly authorized_clients_dir="${hidden_service_dir}/authorized_clients"
+readonly clients_dir="${hidden_service_dir}/clients"
+readonly hostname_file="${hidden_service_dir}/hostname"
+
+# A hidden service without any ports is kinda useless
+if bashio::config.true 'hidden_services' \
+    && ! bashio::config.has_value 'ports'; then
+    bashio::log.fatal
+    bashio::log.fatal 'Add-on configuration is incomplete.'
+    bashio::log.fatal
+    bashio::log.fatal 'Hidden services where enabled, using the'
+    bashio::log.fatal '"hidden_services" add-on configuration option,'
+    bashio::log.fatal 'But the "port" option does not contain any values!'
+    bashio::log.fatal
+    bashio::log.fatal 'Please configure the "ports" option.'
+    bashio::exit.nok
+fi
+
+# Checks if client names where configured when using stealth mode
+if bashio::config.true 'hidden_services' \
+    && bashio::config.true 'stealth' \
+    && ! bashio::config.has_value 'client_names';
+then
+    bashio::log.fatal
+    bashio::log.fatal 'Add-on configuration is incomplete.'
+    bashio::log.fatal
+    bashio::log.fatal 'Stealth mode is enabled, using the "stealth" add-on'
+    bashio::log.fatal 'configuration option, but there are no client names'
+    bashio::log.fatal 'configured in the "client_names" add-on option.'
+    bashio::log.fatal
+    bashio::log.fatal 'Please configure the "client_names" option.'
+    bashio::exit.nok
+fi
+
+# Created needed directories
+mkdir -p \
+    "${authorized_clients_dir}" \
+    "${clients_dir}" \
+    "${hidden_service_dir}" \
+    || bashio::exit.nok 'Could not create tor data directories'
+chmod -R 0700 /ssl/tor
+
+# Find the matching Tor log level
+if bashio::config.has_value 'log_level'; then
+    case "$(bashio::string.lower "$(bashio::config 'log_level')")" in
+        all|trace)
+            log_level="debug"
+            ;;
+        debug)
+            log_level="info"
+            ;;
+        info|notice)
+            log_level="notice"
+            ;;
+        warning)
+            log_level="warn"
+            ;;
+        error|fatal|off)
+            log_level="err"
+            ;;
+    esac
+
+    echo "Log ${log_level} stdout" >> "${torrc}"
+fi
+
+# Configure Socks proxy
+if bashio::config.true 'socks'; then
+    echo 'SOCKSPort 0.0.0.0:9050' >> "${torrc}"
+else
+    echo 'SOCKSPort 127.0.0.1:9050' >> "${torrc}"
+fi
+
+# Configure Http tunnel port
+if bashio::config.true 'http_tunnel'; then
+    echo 'HTTPTunnelPort 0.0.0.0:9080' >> "${torrc}"
+fi
+
+# Configure hidden services
+if bashio::config.true 'hidden_services'; then
+    echo "HiddenServiceDir ${hidden_service_dir}" >> "${torrc}"
+
+    for port in $(bashio::config 'ports'); do
+        count=$(echo "${port}" | sed 's/[^:]//g'| awk '{ print length }')
+        if [[ "${count}" == 0 ]]; then
+            host='homeassistant'
+            virtual_port="${port}"
+            target_port="${port}"
+        elif [[ "${count}" == 1 ]]; then
+            # Check if format is hostname/ip:port or port:port
+            first=$(echo "${port}" | cut -f1 -d:)
+            if [[ "${first}" =~ ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]) ]]; then
+                host='homeassistant'
+                virtual_port=$(echo "${port}" | cut -f1 -d:)
+                target_port=$(echo "${port}" | cut -f2 -d:)
+            else
+                host=$(echo "${port}" | cut -f1 -d:)
+                virtual_port=$(echo "${port}" | cut -f2 -d:)
+                target_port=$(echo "${port}" | cut -f2 -d:)
+            fi
+        elif [[ "${count}" == 2 ]]; then
+            host=$(echo "${port}" | cut -f1 -d:)
+            virtual_port=$(echo "${port}" | cut -f2 -d:)
+            target_port=$(echo "${port}" | cut -f3 -d:)
+        else
+            bashio::log.warning "$port Are not correct format, skipping..."
+        fi
+        if [[ "${count}" -le 2 ]]; then
+            echo "HiddenServicePort ${target_port} ${host}:${virtual_port}" \
+                >> "${torrc}"
+        fi
+    done
+fi
+
+# Configure bridges
+if bashio::config.exists 'bridges' \
+    && ! bashio::config.is_empty 'bridges';
+then
+    bashio::log.info 'Use bridges:'
+    echo "UseBridges 1" >> "${torrc}"
+
+    # Add client for OBFS transport
+    echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}"
+
+    # Add client for Snowflake transport
+    echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}"
+
+    # Add client for WebTunnel transport
+    echo "ClientTransportPlugin webtunnel exec /usr/local/bin/webtunnel" >> "${torrc}"
+
+    # Add bridges
+    while read -r bridge; do
+        bashio::log.info "Bridge ${bridge}"
+        echo "Bridge ${bridge}" >> "${torrc}"
+    done <<< "$(bashio::config 'bridges')"
+fi
+
+# Figure out the address
+if bashio::config.true 'hidden_services'; then
+    bashio::log.info 'Starting Tor temporarly...'
+
+    exec 3< <(tor)
+
+    until bashio::fs.file_exists "${hostname_file}"; do
+        bashio::log.info "Waiting for service to start..."
+        sleep 1
+    done
+
+    address=$(<"${hostname_file}")
+    grep -m 1 "Bootstrapped 100% (done): Done" <&3 >/dev/null 2>&1
+
+    kill "$(pgrep tor)" >/dev/null 2>&1
+
+    bashio::log.info '---------------------------------------------------------'
+    bashio::log.info 'Your Home Assistant instance is available on Tor!'
+    bashio::log.info "Address: ${address}"
+    bashio::log.info '---------------------------------------------------------'
+fi
+
+# Configure stealth mode
+if bashio::config.true 'hidden_services' && bashio::config.true 'stealth';
+then
+    # Following the documentation at:
+    # https://community.torproject.org/onion-services/advanced/client-auth/
+    while read -r clientname; do
+        # Generate key is they do not exist yet
+        if ! bashio::fs.file_exists "${authorized_clients_dir}/${clientname}.auth"
+        then
+            key=$(openssl genpkey -algorithm x25519)
+
+            private_key=$(
+                sed \
+                    -e '/----.*PRIVATE KEY----\|^[[:space:]]*$/d' \
+                    <<< "${key}" \
+                    | base64 -d \
+                    | tail -c 32 \
+                    | base32 \
+                    | sed 's/=//g'
+            )
+
+            public_key=$(
+                openssl pkey -pubout \
+                <<< "${key}" \
+                | sed -e '/----.*PUBLIC KEY----\|^[[:space:]]*$/d' \
+                | base64 -d \
+                | tail -c 32 \
+                | base32 \
+                | sed 's/=//g'
+            )
+
+            # Create authorized client file
+            echo "descriptor:x25519:${public_key}" \
+                > "${clients_dir}/${clientname}.auth"
+            echo "descriptor:x25519:${public_key}" \
+                > "${authorized_clients_dir}/${clientname}.auth"
+
+            # Create private key file
+            echo "${private_key}" \
+                > "${clients_dir}/${clientname}.key.txt"
+            echo "${address%.onion}:descriptor:x25519:${private_key}" \
+                > "${clients_dir}/${clientname}.auth_private"
+
+            bashio::log.red
+            bashio::log.red
+            bashio::log.red "Created keys for ${clientname}!"
+            bashio::log.red
+            bashio::log.red "Keys are stored in:"
+            bashio::log.red "${clients_dir}"
+            bashio::log.red
+            bashio::log.red "Public key":
+            bashio::log.red "${public_key}"
+            bashio::log.red
+            bashio::log.red "Private key:"
+            bashio::log.red "${private_key}"
+            bashio::log.red
+            bashio::log.red
+        else
+            bashio::log.info "Keys for ${clientname} already exists; skipping..."
+        fi
+    done <<< "$(bashio::config 'client_names')"
+
+    echo 'HiddenServiceAllowUnknownPorts 0' >> "${torrc}"
+fi

zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run

@@ -0,0 +1,10 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Home Assistant Community Add-on: Tor
+# Runs the Tor daemon
+# ==============================================================================
+bashio::log.info "Starting Tor..."
+
+# Run the Tor daemon
+exec tor