Using pyentrypoint

Dockerfile

@@ -1,23 +1,20 @@
 FROM  debian:jessie
 
 ENV DEBIAN_FRONTEND=noninteractive
+ENV HOME /var/lib/tor
 
-RUN   apt-get update && apt-get install -y \
+RUN   apt-get update && apt-get install --no-install-recommends -y \
         tor \
-        python3 \
+        python3-pip
-        git \
-        ca-certificates
 
-ADD   assets/docker-entrypoint.sh /
+RUN   pip3 install pyentrypoint==0.2.1
-ADD   assets/tor_config.py /
 
-RUN   chmod +x /docker-entrypoint.sh
+ADD   assets/entrypoint-config.yml /
-
+ADD   assets/display_onions.py /
-RUN   git clone https://github.com/cmehay/python-docker-tool.git /docker --branch=old
+ADD   assets/torrc /etc/tor/torrc
-RUN   touch /docker/__init__.py
 
 VOLUME  ["/var/lib/tor/hidden_service/"]
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+ENTRYPOINT ["pyentrypoint"]
 
 CMD   ["tor"]

README.md

@@ -19,3 +19,9 @@ $ docker run -ti --link something --volume /path/to/keys:/var/lib/tor/hidden_ser
 ```
 
 Look at the `docker-compose.yml` file to see own to use it.
+
+### pyentrypoint
+
+This container is using [`pyentrypoint`](https://github.com/cmehay/pyentrypoint) to generate its setup.
+
+If you need to use the legacy version, please checkout to the `legacy` branch or pull `goldy/tor-hidden-service:legacy`.

assets/display_onions.py

@@ -0,0 +1,13 @@
+import os
+
+for root, dirs, _ in os.walk("/var/lib/tor/hidden_service/", topdown=False):
+    for service in dirs:
+        filename = "{root}{service}/hostname".format(
+            service=service,
+            root=root
+        )
+        with open(filename, 'r') as hostfile:
+            print('{service}: {onion}'.format(
+                service=service,
+                onion=hostfile.read()
+            ))

assets/docker-entrypoint.sh

@@ -1,22 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ "${1:0:1}" == '-' ]; then
-  set -- tor $@
-fi
-
-if [ "$1" == "tor" ]; then
-  # Set config
-  python3 ./tor_config.py
-
-  # set rights on keys
-  chown -R debian-tor:debian-tor /var/lib/tor/hidden_service/
-  chmod -R 700 /var/lib/tor/hidden_service/
-
-  # Switch user
-
-  set -- su debian-tor -s /bin/sh -c "$@"
-fi
-
-exec "$@"

assets/entrypoint-config.yml

@@ -0,0 +1,14 @@
+command: tor
+
+user: debian-tor
+group: debian-tor
+
+config_files:
+    - /etc/tor/torrc
+
+post_conf_commands:
+    - timeout 3s tor > /dev/null || true
+    - python3 /display_onions.py
+    - chown -R debian-tor:debian-tor $HOME
+
+debug: false

assets/tor_config.py

@@ -1,59 +0,0 @@
-#!/usr/bin/python3
-
-import os
-from docker import docker
-from subprocess import call
-
-# Generate conf for tor hidden service
-def set_conf():
-    rtn = []
-    links = docker.get_links()
-    with open("/etc/tor/torrc", "a") as conf:
-        for link in links:
-            path = "/var/lib/tor/hidden_service/{service}".format(service=link)
-            env_port = links[link]['environment'].get('PORT')
-            # Test if link has ports
-            if len(links[link]['ports']) == 0 and not env_port:
-                print("{link} has no port")
-                continue
-            conf.write('HiddenServiceDir {path}\n'.format(path=path))
-            rtn.append(link)
-            for port in links[link]['ports']:
-                if links[link]['ports'][port]['protocol'] == 'UDP':
-                    continue
-                service = '{port} {ip}:{port}'.format(
-                    port=port, ip=links[link]['ip']
-                )
-                conf.write('HiddenServicePort {service}\n'.format(
-                    service=service
-                ))
-            if env_port:
-                service = '80 {ip}:{port}'.format(
-                     port=env_port, ip=links[link]['ip']
-                )
-                conf.write('HiddenServicePort {service}\n'.format(
-                    service=service
-                ))
-        # set relay if enabled in env (not so secure)
-        if 'RELAY' in os.environ:
-            conf.write("ORPort 9001\n")
-        # Disable local socket
-        conf.write("SocksPort 0\n")
-    return rtn
-
-def gen_host(services):
-    # Run tor to generate keys if they doesn't exist
-    call(["sh", "-c", "timeout 3s tor > /dev/null"])
-    for service in services:
-        filename = "/var/lib/tor/hidden_service/{service}/hostname".format(
-            service=service
-        )
-        with open(filename, 'r') as hostfile:
-            print('{service}: {onion}'.format(
-                service=service,
-                onion=hostfile.read()
-            ))
-
-if __name__ == '__main__':
-    services = set_conf()
-    gen_host(services)

assets/torrc

@@ -0,0 +1,12 @@
+{% for container in containers %}
+HiddenServiceDir /var/lib/tor/hidden_service/{{container.names[0]}}
+{% for link in container.links %}
+HiddenServicePort {{link.port}} {{link.ip}}:{{link.port}}
+{% endfor %}
+{% endfor %}
+
+{% if 'RELAY' in environ %}
+ORPort 9001
+{% endif %}
+
+SocksPort 0

docker-compose.yml

@@ -4,7 +4,12 @@ tor:
   image: goldy/tor-hidden-service
   links:
     - hello
+    - world
 
 hello:
   image: tutum/hello-world
-  hostname: hello-world
+  hostname: hello
+
+world:
+  image: tutum/hello-world
+  hostname: world