From 21895dca3539d9afaff906b57f23e590c45184c8 Mon Sep 17 00:00:00 2001 From: lza_menace Date: Thu, 19 Dec 2024 09:34:42 -0800 Subject: [PATCH] route txes through tor and i2p proxies --- docker-compose.yaml | 29 ++++++++++++++++++++----- dockerfiles/i2p | 26 ++++++++++++++++++++++ dockerfiles/i2p-entrypoint.sh | 9 ++++++++ dockerfiles/monero | 37 ++++++++++++++++++++------------ dockerfiles/monero-entrypoint.sh | 27 +++++++++++++++++++++++ dockerfiles/tor | 15 +++++++++++++ dockerfiles/tor-config | 12 +++++++++++ 7 files changed, 136 insertions(+), 19 deletions(-) create mode 100644 dockerfiles/i2p create mode 100644 dockerfiles/i2p-entrypoint.sh create mode 100644 dockerfiles/monero-entrypoint.sh create mode 100644 dockerfiles/tor create mode 100644 dockerfiles/tor-config diff --git a/docker-compose.yaml b/docker-compose.yaml index 78e6ce9..5b18650 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,5 +1,3 @@ -version: "3.7" - volumes: grafana: prometheus: @@ -11,7 +9,7 @@ x-log-config: &log-config max-size: "50m" max-file: "20" -services: +services: prometheus: image: prom/prometheus:${PROM_TAG:-v2.36.0} command: @@ -77,12 +75,35 @@ services: # ports: # - 127.0.0.1:${MAPPER_PORT:-5000}:5000 <<: *log-config + tor: + container_name: monerod_tor + build: + context: . + dockerfile: dockerfiles/tor + restart: unless-stopped + # ports: + # - 127.0.0.1:9050:9050 + <<: *log-config + i2p: + container_name: monerod_i2p + build: + context: . + dockerfile: dockerfiles/i2p + restart: unless-stopped + # ports: + # - 127.0.0.1:4444:4444 + <<: *log-config monerod: container_name: monerod build: context: . dockerfile: dockerfiles/monero restart: unless-stopped + depends_on: + tor: + condition: service_started + i2p: + condition: service_started volumes: - ${DATA_DIR:-./data}:/data ports: @@ -90,6 +111,4 @@ services: - ${RESTRICTED_PORT:-18081}:18081 # restricted rpc - 127.0.0.1:${ZMQ_PORT:-18082}:18082 # zmq - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc - command: - monerod --data-dir=/data --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18081 --zmq-rpc-bind-ip=0.0.0.0 --zmq-rpc-bind-port=18082 --rpc-bind-ip=0.0.0.0 --rpc-bind-port=18083 --non-interactive --confirm-external-bind --public-node --log-level=0 --enable-dns-blocklist --rpc-ssl=disabled --ban-list=/ban_list.txt <<: *log-config diff --git a/dockerfiles/i2p b/dockerfiles/i2p new file mode 100644 index 0000000..a0aafe0 --- /dev/null +++ b/dockerfiles/i2p @@ -0,0 +1,26 @@ +FROM ubuntu:22.04 + +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get install wget sudo -y + +WORKDIR /tmp/i2p +RUN wget https://github.com/PurpleI2P/i2pd/releases/download/2.47.0/i2pd_2.47.0-1jammy1_amd64.deb -O i2pd.deb -q +RUN apt install ./i2pd.deb -y + +RUN rm -rf /tmp/i2p + +RUN adduser \ + --system \ + --shell /bin/bash \ + --gecos 'i2p' \ + --group \ + --disabled-password \ + --home /home/i2p \ + --uid 1000 \ + i2p +COPY dockerfiles/i2p-entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh +EXPOSE 4444 +CMD /entrypoint.sh diff --git a/dockerfiles/i2p-entrypoint.sh b/dockerfiles/i2p-entrypoint.sh new file mode 100644 index 0000000..6b2ff5e --- /dev/null +++ b/dockerfiles/i2p-entrypoint.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +chown -R i2p:i2p /home/i2p + +# Run i2pd +sudo -u i2p i2pd \ + --httpproxy.enabled 1 \ + --httpproxy.address 0.0.0.0 \ + --httpproxy.port 4444 diff --git a/dockerfiles/monero b/dockerfiles/monero index 89dec09..27612ee 100644 --- a/dockerfiles/monero +++ b/dockerfiles/monero @@ -1,4 +1,4 @@ -FROM ubuntu:22.04 as OG +FROM ubuntu:22.04 AS og ENV MONERO_HASH 51ba03928d189c1c11b5379cab17dd9ae8d2230056dc05c872d0f8dba4a87f1d ENV MONERO_DL_URL https://downloads.getmonero.org/cli/monero-linux-x64-v0.18.3.4.tar.bz2 @@ -8,18 +8,14 @@ ENV MONERO_SUMS_FILE sha256sums WORKDIR /opt/monero # Update system and install dependencies -# Download ban list -# Download Monero binaries from getmonero.org -# Confirm hashes match -# Install daemon binary -# Clean up - RUN apt-get update \ && apt-get upgrade -y \ && apt-get install -y tar wget bzip2 -RUN wget -qO /ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt" - +# Download Monero binaries from getmonero.org +# Confirm hashes match +# Install daemon binary +# Clean up RUN wget -qO ${MONERO_DL_FILE} ${MONERO_DL_URL} \ && echo "${MONERO_HASH} ${MONERO_DL_FILE}" > ${MONERO_SUMS_FILE} \ && sha256sum -c ${MONERO_SUMS_FILE}; \ @@ -35,14 +31,27 @@ RUN wget -qO ${MONERO_DL_FILE} ${MONERO_DL_URL} \ && mv ./tmp/* /usr/local/bin/ \ && rm -rf ./tmp ${MONERO_SUMS_FILE} ${MONERO_DL_FILE} -WORKDIR /data +# Download ban list +RUN wget -qO /tmp/ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt" + +# Download DNS client +RUN wget -qO q.tar.gz "https://github.com/natesales/q/releases/download/v0.19.2/q_0.19.2_linux_amd64.tar.gz" \ + && tar xzvf q.tar.gz \ + && mv q /tmp/q \ + && rm *.tar.gz # Copy to fresh Ubuntu image to reduce size FROM ubuntu:22.04 -COPY --from=OG /usr/local/bin/monerod /usr/local/bin/monerod -COPY --from=OG /usr/local/bin/monero-wallet-cli /usr/local/bin/monero-wallet-cli -COPY --from=OG /usr/local/bin/monero-wallet-rpc /usr/local/bin/monero-wallet-rpc -COPY --from=OG /ban_list.txt /ban_list.txt +COPY --from=og /usr/local/bin/monerod /usr/local/bin/monerod +COPY --from=og /usr/local/bin/monero-wallet-cli /usr/local/bin/monero-wallet-cli +COPY --from=og /usr/local/bin/monero-wallet-rpc /usr/local/bin/monero-wallet-rpc +COPY --from=og /tmp/ban_list.txt /ban_list.txt +COPY --from=og /tmp/q /usr/local/bin/q + +COPY dockerfiles/monero-entrypoint.sh /entrypoint.sh +RUN chmod 755 /entrypoint.sh + +CMD "/entrypoint.sh" EXPOSE 18080 EXPOSE 18081 diff --git a/dockerfiles/monero-entrypoint.sh b/dockerfiles/monero-entrypoint.sh new file mode 100644 index 0000000..e6e0101 --- /dev/null +++ b/dockerfiles/monero-entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +TOR_HOST=$(q tor A -r) +I2P_HOST=$(q i2p A -r) + +set -x + +monerod \ + --data-dir=/data \ + --p2p-bind-ip=0.0.0.0 \ + --p2p-bind-port=18080 \ + --rpc-restricted-bind-ip=0.0.0.0 \ + --rpc-restricted-bind-port=18081 \ + --zmq-rpc-bind-ip=0.0.0.0 \ + --zmq-rpc-bind-port=18082 \ + --rpc-bind-ip=0.0.0.0 \ + --rpc-bind-port=18083 \ + --non-interactive \ + --confirm-external-bind \ + --public-node \ + --log-level=0 \ + --enable-dns-blocklist \ + --rpc-ssl=disabled \ + --ban-list=/ban_list.txt \ + --tx-proxy=tor,$TOR_HOST:9050 \ + --tx-proxy=i2p,$I2P_HOST:4444 + diff --git a/dockerfiles/tor b/dockerfiles/tor new file mode 100644 index 0000000..6f723c1 --- /dev/null +++ b/dockerfiles/tor @@ -0,0 +1,15 @@ +FROM ubuntu:20.04 + +RUN apt-get update && apt-get install tor -y + +RUN mkdir -p /run/tor \ + && chown -R debian-tor:debian-tor /run/tor \ + && chmod 700 -R /run/tor + +COPY dockerfiles/tor-config /etc/tor/torrc + +USER debian-tor + +EXPOSE 9050 + +ENTRYPOINT ["tor"] diff --git a/dockerfiles/tor-config b/dockerfiles/tor-config new file mode 100644 index 0000000..795229b --- /dev/null +++ b/dockerfiles/tor-config @@ -0,0 +1,12 @@ +ControlSocket /run/tor/control +ControlSocketsGroupWritable 1 +CookieAuthentication 1 +CookieAuthFileGroupReadable 1 +CookieAuthFile /run/tor/control.authcookie +DataDirectory /var/lib/tor +ExitPolicy reject6 *:*, reject *:* +ExitRelay 0 +IPv6Exit 0 +Log notice stdout +PublishServerDescriptor 0 +SOCKSPort 0.0.0.0:9050