Use alpine and build tor from source

assets/entrypoint-config.yml

@@ -1,7 +1,7 @@
 command: tor
 
-user: debian-tor
-group: debian-tor
+user: tor
+group: tor
 
 secret_env:
     - '*_KEY'
@@ -11,8 +11,8 @@ pre_conf_commands:
     - onions --setup-hosts
 
 post_conf_commands:
-    - timeout 3s tor > /dev/null || true
+    - timeout -t 3 tor > /dev/null || true
     - onions
-    - chown -R debian-tor:debian-tor $HOME
+    - chown -R tor:tor $HOME
 
 debug: false

assets/onions/onions/Onions.py

@@ -12,11 +12,31 @@ import argparse
 from jinja2 import Environment
 from jinja2 import FileSystemLoader
 
+import socket
+
+from Crypto.PublicKey import RSA
+from hashlib import sha1
+from base64 import b32encode
+
 
 class Setup(object):
 
     hidden_service_dir = "/var/lib/tor/hidden_service/"
-    torrc = '/etc/tor/torrc'
+    torrc = '/usr/local/etc/tor/torrc'
+    torrc_template = '/var/local/tor/torrc.tpl'
+
+    def onion_url_gen(self, key):
+        "Get onion url from private key"
+
+        # Convert private RSA to public DER
+        priv = RSA.importKey(key.strip())
+        der = priv.publickey().exportKey("DER")
+
+        # hash key, keep first half of sha1, base32 encode
+        onion = b32encode(sha1(der[22:]).digest()[:10])
+
+        return '{onion}.onion'.format(onion=onion.decode().lower())
+
 
     def _add_host(self, host):
         if host not in self.setup:
@@ -31,6 +51,10 @@ class Setup(object):
         if port not in self.setup[host]['ports']:
             self.setup[host]['ports'].append(port)
 
+    def _get_ip(self):
+        for host in self.setup:
+            self.setup[host]['ip'] = str(socket.gethostbyname(host))
+
     def _get_key(self, host, key):
         self._add_host(host)
         assert len(key) > 800
@@ -68,12 +92,17 @@ class Setup(object):
             if 'key' in conf:
                 serv_dir = os.path.join(self.hidden_service_dir, link)
                 os.makedirs(serv_dir, exist_ok=True)
+                os.chmod(serv_dir, 0o700)
                 with open(os.path.join(serv_dir, 'private_key'), 'w') as f:
                     f.write(conf['key'])
+                    os.fchmod(f.fileno(), 0o600)
+                with open(os.path.join(serv_dir, 'hostname'), 'w') as f:
+                    f.write(self.onion_url_gen(conf['key']))
+
 
     def _set_conf(self):
         env = Environment(loader=FileSystemLoader('/'))
-        temp = env.get_template(self.torrc)
+        temp = env.get_template(self.torrc_template)
         with open(self.torrc, mode='w') as f:
             f.write(temp.render(setup=self.setup,
                                 env=os.environ))
@@ -83,6 +112,7 @@ class Setup(object):
         try:
             self._get_setup_from_env()
             self._get_setup_from_links()
+            self._get_ip()
             self._set_keys()
             self._set_conf()
         except:

assets/onions/setup.py

@@ -6,7 +6,7 @@ from setuptools import setup
 setup(
     name='onions',
 
-    version='0.1',
+    version='0.2',
 
     packages=find_packages(),
 
@@ -31,6 +31,9 @@ setup(
         "Topic :: System :: Installation/Setup",
     ],
 
+    install_requires=['pyentrypoint',
+                      'Jinja2>=2.8',
+                      'pycrypto',],
 
     entry_points={
         'console_scripts': [

assets/torrc

@@ -2,7 +2,7 @@
 HiddenServiceDir /var/lib/tor/hidden_service/{{service}}
 {% for ports in conf['ports'] %}
 # PORT {{service}} {{ports[0]}}
-HiddenServicePort {{ports[0]}} {{service}}:{{ports[1]}}
+HiddenServicePort {{ports[0]}} {{conf['ip']}}:{{ports[1]}}
 {% endfor %}
 {% endfor %}