From 620d6d9e924eadc723dca828473b35b71ace9017 Mon Sep 17 00:00:00 2001
From: koalasat <koalasat@satstralia.com>
Date: Thu, 13 Feb 2025 12:00:43 +0100
Subject: [PATCH] Add Tor

---
 README.md          |  9 +++++----
 docker-compose.yml |  6 ++++++
 tor/Dockerfile     | 20 ++++++++++++++++++++
 tor/data/.gitkeep  |  0
 tor/entrypoint.sh  | 13 +++++++++++++
 tor/torrc          | 17 +++++++++++++++++
 6 files changed, 61 insertions(+), 4 deletions(-)
 create mode 100644 tor/Dockerfile
 create mode 100644 tor/data/.gitkeep
 create mode 100755 tor/entrypoint.sh
 create mode 100644 tor/torrc

diff --git a/README.md b/README.md
index ce95119..2a488db 100644
--- a/README.md
+++ b/README.md
@@ -8,15 +8,16 @@ Clone https://github.com/RoboSats/robosats on a searate folder
 
 ````
 cd robosats
-docker run -d --name pages --restart always -p 4000:4000 pages
+docker run -d --name pages --restart always -p 4000:4000 pages  # Docs
 cd web
-docker composer up -d
-cd ../nodeapp
-docker composer up -d
+docker composer up -d # Tor Frontend
+cd ../nodeapp 
+docker composer up -d  # Clearnet Frontend
 ````
 
 From this folder
 
 ````
+# Make sure to manually setup certbot before
 docker composer up -d
 ````
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 66f0c72..5447ac5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,6 +12,12 @@ services:
       - /etc/letsencrypt/:/etc/nginx/ssl/:ro
     network_mode: host
     command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+  tor:
+    build: ./tor
+    restart: always
+    volumes:
+      - ./tor/data:/var/lib/tor
+      - ./tor/torrc:/etc/tor/torrc
   certbot:
     image: certbot/certbot:latest
     restart: always
diff --git a/tor/Dockerfile b/tor/Dockerfile
new file mode 100644
index 0000000..b24b031
--- /dev/null
+++ b/tor/Dockerfile
@@ -0,0 +1,20 @@
+FROM alpine:3
+
+RUN apk --no-cache --no-progress add tor=~0.4
+
+EXPOSE 9001 9050
+
+# hadolint ignore=DL3002
+USER root
+ARG LOCAL_USER_ID=9999
+ENV TOR_DATA=/var/lib/tor
+
+# Add useradd and usermod
+# Create user account (UID will be changed in entrypoint script)
+RUN apk --no-cache --no-progress add shadow=~4 sudo=~1 && \
+  useradd -u $LOCAL_USER_ID --shell /bin/sh -m alice && \
+  usermod -g alice tor
+
+COPY entrypoint.sh /root/entrypoint.sh
+
+ENTRYPOINT [ "/root/entrypoint.sh" ]
\ No newline at end of file
diff --git a/tor/data/.gitkeep b/tor/data/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/tor/entrypoint.sh b/tor/entrypoint.sh
new file mode 100755
index 0000000..402d8c8
--- /dev/null
+++ b/tor/entrypoint.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+# Change local user id and group
+usermod -u 1000 alice
+groupmod -g 1000 alice
+
+# Set correct owners on volumes
+chown -R tor:alice /var/lib/tor
+chown -R :alice /etc/tor
+chown -R alice:alice /home/alice
+
+exec sudo -u tor /usr/bin/tor
\ No newline at end of file
diff --git a/tor/torrc b/tor/torrc
new file mode 100644
index 0000000..b4ed2fd
--- /dev/null
+++ b/tor/torrc
@@ -0,0 +1,17 @@
+Log notice file /var/log/tor/notices.log
+
+## The directory for keeping all the keys/etc. By default, we store
+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+DataDirectory /var/lib/tor
+DataDirectoryGroupReadable 1
+
+## Enable ControlPort
+ControlPort 9051
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+CookieAuthFile /var/lib/tor/control_auth_cookie
+
+# Robosats LND Testnet Onion Service
+HiddenServiceDir /var/lib/tor/robosats/
+HiddenServiceVersion 3
+HiddenServicePort 80 127.0.0.1:8080