From efe253201e9858eb3a4ad2b1cf6a4a2f22427528 Mon Sep 17 00:00:00 2001
From: lza_menace <lza_menace@protonmail.com>
Date: Fri, 2 Apr 2021 14:09:20 -0700
Subject: [PATCH] adding hidden tor service by default

---
 Makefile                 |  4 ++++
 docker-compose.full.yaml | 23 +++++++++++++++++++++++
 docker-compose.yaml      | 26 +++++++++++++++++++++++++-
 dockerfiles/conf/torrc   | 16 ++++++++++++++++
 dockerfiles/tor          | 15 +++++++++++++++
 5 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 dockerfiles/conf/torrc
 create mode 100644 dockerfiles/tor

diff --git a/Makefile b/Makefile
index 00e2eb0..4a27715 100644
--- a/Makefile
+++ b/Makefile
@@ -8,6 +8,7 @@ help:
 
 up: ## Build and run the required containers by fetching binaries
 	docker-compose -f docker-compose.yaml up -d
+	docker-compose -f docker-compose.yaml exec tor cat /var/lib/tor/monero/hostname
 
 up-full: ## Build and run the required containers by compiling source
 	docker-compose -f docker-compose.full.yaml up -d
@@ -29,3 +30,6 @@ logs: ## Get logs from the containers
 
 logs-full: ## Get logs from the containers
 	docker-compose -f docker-compose.full.yaml logs -f monerod
+
+tor: ## Get onion address for the Monero node
+	docker-compose -f docker-compose.yaml exec tor cat /var/lib/tor/monero/hostname
diff --git a/docker-compose.full.yaml b/docker-compose.full.yaml
index f72b576..f174b7a 100644
--- a/docker-compose.full.yaml
+++ b/docker-compose.full.yaml
@@ -52,6 +52,19 @@ services:
       PORT: 8080
     ports:
       - 127.0.0.1:8080:8080
+  tor:
+    container_name: tor
+    build:
+      context: dockerfiles
+      dockerfile: tor
+    restart: unless-stopped
+    ports:
+      - 127.0.0.1:9050:9050
+    volumes:
+      - tor:/var/lib/tor
+    networks:
+      monero:
+        ipv4_address: 172.96.0.15
   monerod:
     container_name: monerod
     build:
@@ -62,6 +75,9 @@ services:
     restart: unless-stopped
     volumes:
       - ${DATA_DIR:-./data}:/data
+    networks:
+      monero:
+        ipv4_address: 172.96.0.20
     ports:
       - ${P2P_PORT:-18080}:18080                    # p2p
       - ${RESTRICTED_PORT:-18081}:18081             # restricted rpc
@@ -69,3 +85,10 @@ services:
       - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc
     command:
       monerod --data-dir=/data --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18081 --zmq-rpc-bind-ip=0.0.0.0 --zmq-rpc-bind-port=18082 --rpc-bind-ip=0.0.0.0 --rpc-bind-port=18083 --non-interactive --confirm-external-bind --public-node --log-level=0 --enable-dns-blocklist
+networks:
+  monero:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.96.0.0/16
diff --git a/docker-compose.yaml b/docker-compose.yaml
index b417aa2..adf63fb 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -2,6 +2,7 @@ version: '3'
 volumes:
   grafana:
   prometheus:
+  tor:
 services:
   prometheus:
     image: prom/prometheus:v2.18.0
@@ -54,6 +55,19 @@ services:
       PORT: 8080
     ports:
       - 127.0.0.1:8080:8080
+  tor:
+    container_name: tor
+    build:
+      context: dockerfiles
+      dockerfile: tor
+    restart: unless-stopped
+    ports:
+      - 127.0.0.1:9050:9050
+    volumes:
+      - tor:/var/lib/tor
+    networks:
+      monero:
+        ipv4_address: 172.96.0.15
   monerod:
     container_name: monerod
     build:
@@ -62,10 +76,20 @@ services:
     restart: unless-stopped
     volumes:
       - ${DATA_DIR:-./data}:/data
+    networks:
+      monero:
+        ipv4_address: 172.96.0.20
     ports:
       - ${P2P_PORT:-18080}:18080                    # p2p
       - ${RESTRICTED_PORT:-18081}:18081             # restricted rpc
       - 127.0.0.1:${ZMQ_PORT:-18082}:18082          # zmq
       - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc
     command:
-      monerod --data-dir=/data --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18081 --zmq-rpc-bind-ip=0.0.0.0 --zmq-rpc-bind-port=18082 --rpc-bind-ip=0.0.0.0 --rpc-bind-port=18083 --non-interactive --confirm-external-bind --public-node --log-level=0 --enable-dns-blocklist
+      monerod --data-dir=/data --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18081 --zmq-rpc-bind-ip=0.0.0.0 --zmq-rpc-bind-port=18082 --rpc-bind-ip=0.0.0.0 --rpc-bind-port=18083 --non-interactive --confirm-external-bind --public-node --log-level=0 --enable-dns-blocklist --tx-proxy tor,172.96.0.15:9050
+networks:
+  monero:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.96.0.0/16
diff --git a/dockerfiles/conf/torrc b/dockerfiles/conf/torrc
new file mode 100644
index 0000000..3673286
--- /dev/null
+++ b/dockerfiles/conf/torrc
@@ -0,0 +1,16 @@
+BridgeRelay 1
+ControlSocket /run/tor/control
+ControlSocketsGroupWritable 1
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+CookieAuthFile /run/tor/control.authcookie
+DataDirectory /var/lib/tor
+ExitPolicy reject6 *:*, reject *:*
+ExitRelay 0
+IPv6Exit 0
+Log notice stdout
+ORPort 9001
+PublishServerDescriptor 0
+SOCKSPort 0.0.0.0:9050
+HiddenServiceDir /var/lib/tor/monero
+HiddenServicePort 18081 172.96.0.20:18081
diff --git a/dockerfiles/tor b/dockerfiles/tor
new file mode 100644
index 0000000..a2238a9
--- /dev/null
+++ b/dockerfiles/tor
@@ -0,0 +1,15 @@
+FROM ubuntu:20.04
+
+RUN apt-get update && apt-get install tor -y
+
+RUN mkdir -p /run/tor \
+  && chown -R debian-tor:debian-tor /run/tor \
+  && chmod 700 -R /run/tor
+
+COPY conf/torrc /etc/tor/torrc
+
+USER debian-tor
+
+EXPOSE 9050
+
+ENTRYPOINT ["tor"]