diff --git a/zzz_archived_tor/CHANGELOG.md b/zzz_archived_tor/CHANGELOG.md new file mode 100644 index 000000000..96e023354 --- /dev/null +++ b/zzz_archived_tor/CHANGELOG.md @@ -0,0 +1,48 @@ +## 5.0.1-1 (13-08-2024) + +- Update apparmomr profile to fix start up + +## 5.0.1-2 (13-08-2024) + +- Align version + +## 5.0.1-3 (13-08-2024) + +- Add read permission for /etc/s6-overlay/ in apparmor + +## 5.0.1-4 (14-08-2024) + +- Add execution permission for permission for /etc/s6-overlay/s6-overlay/s6-rc.d/init-tor/run file + +## 5.0.2-1 (13-02-2025) + +- HTTP tunneling + +## 5.0.2-2 (13-02-2025) + +- Fix snowflake build +- Lint issues + +## 5.0.2-3 (13-02-2025) + +- Fix network for http tunel + +## 5.0.2-4 (13-02-2025) + +- Init build procedure + +## 5.0.2-5 (13-02-2025) + +- Init build procedure + +## 5.0.2-6 (13-02-2025) + +- Remove excess depents + +## 5.0.3-1 (14-02-2025) + +- hassio-addons/base 17.1.5 + +## 5.0.3-2 (16-02-2025) + +- hassio-addons/base 17.2.0 diff --git a/tor/Dockerfile b/zzz_archived_tor/Dockerfile similarity index 100% rename from tor/Dockerfile rename to zzz_archived_tor/Dockerfile diff --git a/zzz_archived_tor/README.md b/zzz_archived_tor/README.md new file mode 100644 index 000000000..bfe201d1c --- /dev/null +++ b/zzz_archived_tor/README.md @@ -0,0 +1,112 @@ +## ⚠ Open Request : [✨ [REQUEST] qBittorrent Gluetun (opened 2024-12-10)](https://github.com/alexbelgium/hassio-addons/issues/1661) by [@xtian47](https://github.com/xtian47) +# Hass.io Add-ons: Tor with bridges + +[![Donate][donation-badge]](https://www.buymeacoffee.com/alexbelgium) +[![Donate][paypal-badge]](https://www.paypal.com/donate/?hosted_button_id=DZFULJZTP3UQA) + +![Version](https://img.shields.io/badge/dynamic/json?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json) +![Ingress](https://img.shields.io/badge/dynamic/json?label=Ingress&query=%24.ingress&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json) +![Arch](https://img.shields.io/badge/dynamic/json?color=success&label=Arch&query=%24.arch&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Ftor%2Fconfig.json) + +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/9c6cf10bdbba45ecb202d7f579b5be0e)](https://www.codacy.com/gh/alexbelgium/hassio-addons/dashboard?utm_source=github.com&utm_medium=referral&utm_content=alexbelgium/hassio-addons&utm_campaign=Badge_Grade) +[![GitHub Super-Linter](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/weekly-supelinter.yaml?label=Lint%20code%20base)](https://github.com/alexbelgium/hassio-addons/actions/workflows/weekly-supelinter.yaml) +[![Builder](https://img.shields.io/github/actions/workflow/status/alexbelgium/hassio-addons/onpush_builder.yaml?label=Builder)](https://github.com/alexbelgium/hassio-addons/actions/workflows/onpush_builder.yaml) + +[donation-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20(no%20paypal)-%23d32f2f?logo=buy-me-a-coffee&style=flat&logoColor=white +[paypal-badge]: https://img.shields.io/badge/Buy%20me%20a%20coffee%20with%20Paypal-0070BA?logo=paypal&style=flat&logoColor=white + +_Thanks to everyone having starred my repo! To star it click on the image below, then it will be on top right. Thanks!_ + +[![Stargazers repo roster for @alexbelgium/hassio-addons](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.github/stars2.svg)](https://github.com/alexbelgium/hassio-addons/stargazers) + +![downloads evolution](https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/tor/stats.png) + +## About + +Extended version of the [Tor addon from Home Assistant Community repository](https://github.com/hassio-addons/addon-tor) by supporting multiples bridges protocols WebTunnel, Snowflake and OBFS. + +## Installation + +The installation of this add-on is pretty straightforward and not different in comparison to installing any other add-on. + +1. Add my add-ons repository to your home assistant instance (in supervisor addons store at top right, or click button below if you have configured my HA) + [![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) +1. Install this add-on. +1. Click the `Save` button to store your configuration. +1. Set the add-on options to your preferences +1. Start the add-on. +1. Check the logs of the add-on to see if everything went well. +1. Open the webUI and adapt the software options + +## Configuration + +You should follow to the initial guide for configuring base addon options. Here will described only extra options in comparisons with base: + +### Option: `http_tunnel` + +Setting this option to true opens port 9080 to listen for connections from HTTP-speaking applications. Enabling this feature allows you to use other applications on your network to use the Tor network via http proxy. + +### Option: `bridges` + +> Ensure the option value is clear to avoid unintended use of transport plugins and bridges. + +Bridges are Tor relays that help you circumvent censorship. +Access to bridges is provided by supported transport plugins: + +#### OBFS + +Because bridge addresses are not public, you will need to request them yourself. You have a few options: + +- Visit [Tor][tor-bridges-obfs4] project and follow the instructions, or +- Email `bridges@torproject.org` from a Gmail, or Riseup email address +- Send a message to @GetBridgesBot on Telegram. Tap on 'Start' or write /start or /bridges in the chat. + +For example: + +```yaml +bridges: + - >- + obfs4 123.45.67.89:443 EFC6A00EE6272355C023862378AC77F935F091E4 + cert=KkdWiWlfetJG9SFrzX8g1teBbgxtsc0zPiN5VLxqNNH+iudVW48CoH/XVXPQntbivXIqZA + iat-mode=0 +``` + +#### Webtunnel + +Visit [Tor][tor-bridges-webtunnel] project and follow the instructions + +For example: + +```yaml +bridges: + - >- + webtunnel 192.0.2.3:1 + DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF + url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0 + ver=0.0.1 +``` + +#### Snowflake + +What is [snowflake][what-is-snowflake], example: + +```yaml +bridges: + - >- + snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 + fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 + url=https://snowflake-broker.torproject.net/ + ampcache=https://cdn.ampproject.org/ + front=www.google.com + ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 + utls-imitate=hellorandomizedalpn +``` + +## Support + +If you have in issue with your installation, please be sure to checkout github. + +[tor-hidden-service]: https://www.torproject.org/docs/hidden-services.html.en +[tor-bridges-obfs4]: https://bridges.torproject.org/bridges/?transport=obfs4 +[tor-bridges-webtunnel]: https://bridges.torproject.org/bridges/?transport=webtunnel +[what-is-snowflake]: https://support.torproject.org/censorship/what-is-snowflake/ diff --git a/tor/apparmor.txt b/zzz_archived_tor/apparmor.txt similarity index 100% rename from tor/apparmor.txt rename to zzz_archived_tor/apparmor.txt diff --git a/zzz_archived_tor/build.json b/zzz_archived_tor/build.json new file mode 100644 index 000000000..3f6b4e1bd --- /dev/null +++ b/zzz_archived_tor/build.json @@ -0,0 +1,11 @@ +{ + "build_from": { + "aarch64": "ghcr.io/hassio-addons/base:17.2.0", + "amd64": "ghcr.io/hassio-addons/base:17.2.0", + "armv7": "ghcr.io/hassio-addons/base:17.2.0" + }, + "codenotary": { + "base_image": "codenotary@frenck.dev", + "signer": "codenotary@frenck.dev" + } +} diff --git a/zzz_archived_tor/config.json b/zzz_archived_tor/config.json new file mode 100644 index 000000000..881180dec --- /dev/null +++ b/zzz_archived_tor/config.json @@ -0,0 +1,55 @@ +{ + "arch": [ + "aarch64", + "amd64", + "armv7" + ], + "codenotary": "alexandrep.github@gmail.com", + "description": "Protect your privacy and access Home Assistant via Tor", + "image": "ghcr.io/alexbelgium/tor-{arch}", + "init": false, + "map": [ + "ssl:rw" + ], + "name": "zzz_archived - Tor with bridges", + "options": { + "bridges": [], + "client_names": [], + "hidden_services": true, + "ports": [ + "8123", + "8123:80" + ], + "socks": false, + "http_tunnel": false, + "stealth": false + }, + "ports": { + "9050/tcp": 9050, + "9080/tcp": 9080 + }, + "ports_description": { + "9050/tcp": "Tor SOCKS proxy port", + "9080/tcp": "Tor HTTP tunnel port" + }, + "schema": { + "bridges": [ + "str" + ], + "client_names": [ + "match(^[A-Za-z0-9+-_]{1,16}$)" + ], + "hidden_services": "bool", + "log_level": "list(trace|debug|info|notice|warning|error|fatal)?", + "ports": [ + "match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$)" + ], + "socks": "bool", + "http_tunnel": "bool", + "stealth": "bool" + }, + "slug": "tor", + "startup": "services", + "url": "https://github.com/alexbelgium/hassio-addons", + "version": "5.0.3-2" +} diff --git a/zzz_archived_tor/icon.png b/zzz_archived_tor/icon.png new file mode 100644 index 000000000..444f31bfd Binary files /dev/null and b/zzz_archived_tor/icon.png differ diff --git a/zzz_archived_tor/logo.png b/zzz_archived_tor/logo.png new file mode 100644 index 000000000..148007ecd Binary files /dev/null and b/zzz_archived_tor/logo.png differ diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/dependencies.d/base b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/dependencies.d/base similarity index 100% rename from tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/dependencies.d/base rename to zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/dependencies.d/base diff --git a/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run new file mode 100755 index 000000000..4afd5a026 --- /dev/null +++ b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run @@ -0,0 +1,241 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Community Add-on: Tor +# Prepares the add-on for startup +# ============================================================================== +declare address +declare clientname +declare host +declare key +declare log_level +declare port +declare private_key +declare public_key +declare target_port +declare virtual_port + +readonly torrc='/etc/tor/torrc' +readonly hidden_service_dir='/ssl/tor/hidden_service' +readonly authorized_clients_dir="${hidden_service_dir}/authorized_clients" +readonly clients_dir="${hidden_service_dir}/clients" +readonly hostname_file="${hidden_service_dir}/hostname" + +# A hidden service without any ports is kinda useless +if bashio::config.true 'hidden_services' \ + && ! bashio::config.has_value 'ports'; then + bashio::log.fatal + bashio::log.fatal 'Add-on configuration is incomplete.' + bashio::log.fatal + bashio::log.fatal 'Hidden services where enabled, using the' + bashio::log.fatal '"hidden_services" add-on configuration option,' + bashio::log.fatal 'But the "port" option does not contain any values!' + bashio::log.fatal + bashio::log.fatal 'Please configure the "ports" option.' + bashio::exit.nok +fi + +# Checks if client names where configured when using stealth mode +if bashio::config.true 'hidden_services' \ + && bashio::config.true 'stealth' \ + && ! bashio::config.has_value 'client_names'; +then + bashio::log.fatal + bashio::log.fatal 'Add-on configuration is incomplete.' + bashio::log.fatal + bashio::log.fatal 'Stealth mode is enabled, using the "stealth" add-on' + bashio::log.fatal 'configuration option, but there are no client names' + bashio::log.fatal 'configured in the "client_names" add-on option.' + bashio::log.fatal + bashio::log.fatal 'Please configure the "client_names" option.' + bashio::exit.nok +fi + +# Created needed directories +mkdir -p \ + "${authorized_clients_dir}" \ + "${clients_dir}" \ + "${hidden_service_dir}" \ + || bashio::exit.nok 'Could not create tor data directories' +chmod -R 0700 /ssl/tor + +# Find the matching Tor log level +if bashio::config.has_value 'log_level'; then + case "$(bashio::string.lower "$(bashio::config 'log_level')")" in + all|trace) + log_level="debug" + ;; + debug) + log_level="info" + ;; + info|notice) + log_level="notice" + ;; + warning) + log_level="warn" + ;; + error|fatal|off) + log_level="err" + ;; + esac + + echo "Log ${log_level} stdout" >> "${torrc}" +fi + +# Configure Socks proxy +if bashio::config.true 'socks'; then + echo 'SOCKSPort 0.0.0.0:9050' >> "${torrc}" +else + echo 'SOCKSPort 127.0.0.1:9050' >> "${torrc}" +fi + +# Configure Http tunnel port +if bashio::config.true 'http_tunnel'; then + echo 'HTTPTunnelPort 0.0.0.0:9080' >> "${torrc}" +fi + +# Configure hidden services +if bashio::config.true 'hidden_services'; then + echo "HiddenServiceDir ${hidden_service_dir}" >> "${torrc}" + + for port in $(bashio::config 'ports'); do + count=$(echo "${port}" | sed 's/[^:]//g'| awk '{ print length }') + if [[ "${count}" == 0 ]]; then + host='homeassistant' + virtual_port="${port}" + target_port="${port}" + elif [[ "${count}" == 1 ]]; then + # Check if format is hostname/ip:port or port:port + first=$(echo "${port}" | cut -f1 -d:) + if [[ "${first}" =~ ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]) ]]; then + host='homeassistant' + virtual_port=$(echo "${port}" | cut -f1 -d:) + target_port=$(echo "${port}" | cut -f2 -d:) + else + host=$(echo "${port}" | cut -f1 -d:) + virtual_port=$(echo "${port}" | cut -f2 -d:) + target_port=$(echo "${port}" | cut -f2 -d:) + fi + elif [[ "${count}" == 2 ]]; then + host=$(echo "${port}" | cut -f1 -d:) + virtual_port=$(echo "${port}" | cut -f2 -d:) + target_port=$(echo "${port}" | cut -f3 -d:) + else + bashio::log.warning "$port Are not correct format, skipping..." + fi + if [[ "${count}" -le 2 ]]; then + echo "HiddenServicePort ${target_port} ${host}:${virtual_port}" \ + >> "${torrc}" + fi + done +fi + +# Configure bridges +if bashio::config.exists 'bridges' \ + && ! bashio::config.is_empty 'bridges'; +then + bashio::log.info 'Use bridges:' + echo "UseBridges 1" >> "${torrc}" + + # Add client for OBFS transport + echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}" + + # Add client for Snowflake transport + echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}" + + # Add client for WebTunnel transport + echo "ClientTransportPlugin webtunnel exec /usr/local/bin/webtunnel" >> "${torrc}" + + # Add bridges + while read -r bridge; do + bashio::log.info "Bridge ${bridge}" + echo "Bridge ${bridge}" >> "${torrc}" + done <<< "$(bashio::config 'bridges')" +fi + +# Figure out the address +if bashio::config.true 'hidden_services'; then + bashio::log.info 'Starting Tor temporarly...' + + exec 3< <(tor) + + until bashio::fs.file_exists "${hostname_file}"; do + bashio::log.info "Waiting for service to start..." + sleep 1 + done + + address=$(<"${hostname_file}") + grep -m 1 "Bootstrapped 100% (done): Done" <&3 >/dev/null 2>&1 + + kill "$(pgrep tor)" >/dev/null 2>&1 + + bashio::log.info '---------------------------------------------------------' + bashio::log.info 'Your Home Assistant instance is available on Tor!' + bashio::log.info "Address: ${address}" + bashio::log.info '---------------------------------------------------------' +fi + +# Configure stealth mode +if bashio::config.true 'hidden_services' && bashio::config.true 'stealth'; +then + # Following the documentation at: + # https://community.torproject.org/onion-services/advanced/client-auth/ + while read -r clientname; do + # Generate key is they do not exist yet + if ! bashio::fs.file_exists "${authorized_clients_dir}/${clientname}.auth" + then + key=$(openssl genpkey -algorithm x25519) + + private_key=$( + sed \ + -e '/----.*PRIVATE KEY----\|^[[:space:]]*$/d' \ + <<< "${key}" \ + | base64 -d \ + | tail -c 32 \ + | base32 \ + | sed 's/=//g' + ) + + public_key=$( + openssl pkey -pubout \ + <<< "${key}" \ + | sed -e '/----.*PUBLIC KEY----\|^[[:space:]]*$/d' \ + | base64 -d \ + | tail -c 32 \ + | base32 \ + | sed 's/=//g' + ) + + # Create authorized client file + echo "descriptor:x25519:${public_key}" \ + > "${clients_dir}/${clientname}.auth" + echo "descriptor:x25519:${public_key}" \ + > "${authorized_clients_dir}/${clientname}.auth" + + # Create private key file + echo "${private_key}" \ + > "${clients_dir}/${clientname}.key.txt" + echo "${address%.onion}:descriptor:x25519:${private_key}" \ + > "${clients_dir}/${clientname}.auth_private" + + bashio::log.red + bashio::log.red + bashio::log.red "Created keys for ${clientname}!" + bashio::log.red + bashio::log.red "Keys are stored in:" + bashio::log.red "${clients_dir}" + bashio::log.red + bashio::log.red "Public key": + bashio::log.red "${public_key}" + bashio::log.red + bashio::log.red "Private key:" + bashio::log.red "${private_key}" + bashio::log.red + bashio::log.red + else + bashio::log.info "Keys for ${clientname} already exists; skipping..." + fi + done <<< "$(bashio::config 'client_names')" + + echo 'HiddenServiceAllowUnknownPorts 0' >> "${torrc}" +fi diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type similarity index 100% rename from tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type rename to zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/type diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up similarity index 100% rename from tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up rename to zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/up diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/dependencies.d/init-tor b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/dependencies.d/init-tor similarity index 100% rename from tor/rootfs/etc/s6-overlay/s6-rc.d/tor/dependencies.d/init-tor rename to zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/dependencies.d/init-tor diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish similarity index 100% rename from tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish rename to zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/finish diff --git a/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run new file mode 100644 index 000000000..a82250d13 --- /dev/null +++ b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/run @@ -0,0 +1,10 @@ +#!/command/with-contenv bashio +# shellcheck shell=bash +# ============================================================================== +# Home Assistant Community Add-on: Tor +# Runs the Tor daemon +# ============================================================================== +bashio::log.info "Starting Tor..." + +# Run the Tor daemon +exec tor diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type similarity index 100% rename from tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type rename to zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/tor/type diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-tor b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-tor similarity index 100% rename from tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-tor rename to zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-tor diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/tor b/zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/tor similarity index 100% rename from tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/tor rename to zzz_archived_tor/rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/tor diff --git a/tor/rootfs/etc/tor/torrc b/zzz_archived_tor/rootfs/etc/tor/torrc similarity index 100% rename from tor/rootfs/etc/tor/torrc rename to zzz_archived_tor/rootfs/etc/tor/torrc diff --git a/zzz_archived_tor/stats.png b/zzz_archived_tor/stats.png new file mode 100644 index 000000000..1b5c23c8f Binary files /dev/null and b/zzz_archived_tor/stats.png differ