Remote Tor access toggle

Co-authored-by: Luke Childs <lukechilds123@gmail.com> Co-authored-by: Steven Briscoe <me@stevenbriscoe.com>
getumbrel · Oct 11, 2022 · 37f08cf · 37f08cf
1 parent c9a7cfa
commit 37f08cf
Show file tree

Hide file tree

Showing 16 changed files with 297 additions and 104 deletions.
diff --git a/docker-compose.tor.yml b/docker-compose.tor.yml
@@ -0,0 +1,14 @@
+version: '3.7'
+
+services:
+        tor_server:
+                container_name: tor_server
+                image: getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
+                user: "1000:1000"
+                # build: ./deps/tor
+                restart: on-failure
+                volumes:
+                    - ${PWD}/tor/torrc-server:/etc/tor/torrc:ro
+                    - ${PWD}/tor/data:/data
+                environment:
+                    HOME: "/tmp"
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,9 +2,9 @@ version: '3.7'
 
 services:
         tor_proxy:
-                container_name: tor
-                image: lncm/tor:0.4.7.7@sha256:3c4ae833d2fefbea7d960f833a1e89fc9b2069a6e5f360109b5ddc9334ac0227
-                user: toruser
+                container_name: tor_proxy
+                image: getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
+                user: "1000:1000"
                 restart: on-failure
                 volumes:
                     - ${PWD}/tor/torrc-proxy:/etc/tor/torrc:ro
@@ -40,7 +40,6 @@ services:
         manager:
                 container_name: manager
                 image: getumbrel/manager:v0.5.0@sha256:c780ffb2619ba32e392ed9343d0336867ad3b2e9f3f08b8b0c7f9083e2c44a26
-                depends_on: [ tor_proxy ]
                 restart: on-failure
                 stop_grace_period: 5m30s
                 volumes:
@@ -63,8 +62,6 @@ services:
                     JWT_PRIVATE_KEY_FILE: "/jwt-private-key/jwt.key"
                     JWT_EXPIRATION: "3600"
                     DOCKER_COMPOSE_DIRECTORY: $PWD
-                    DEVICE_HOSTS: ${DEVICE_HOSTS:-"http://umbrel.local"}
-                    DEVICE_HOSTNAME: ${DEVICE_HOSTNAME:-""}
                     UMBREL_SEED_FILE: "/db/umbrel-seed/seed"
                     UMBREL_DASHBOARD_HIDDEN_SERVICE_FILE: "/var/lib/tor/web/hostname"
                     UMBREL_AUTH_SECRET: $UMBREL_AUTH_SECRET
@@ -87,8 +84,6 @@ services:
                     UPDATE_LOCK_FILE: "/statuses/update-in-progress"
                     BACKUP_STATUS_FILE: "/statuses/backup-status.json"
                     DEBUG_STATUS_FILE: "/statuses/debug-status.json"
-                    TOR_PROXY_IP: "${TOR_PROXY_IP}"
-                    TOR_PROXY_PORT: "${TOR_PROXY_PORT}"
                     TOR_HIDDEN_SERVICE_DIR: "/var/lib/tor"
                     IS_UMBREL_OS: ${IS_UMBREL_OS:-"false"}
                     UMBREL_APP_REPO_URL: "https://github.com/getumbrel/umbrel-apps.git"

diff --git a/events/triggers/remote-tor-access b/events/triggers/remote-tor-access
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+UMBREL_ROOT="$(readlink -f $(dirname "${BASH_SOURCE[0]}")/../..)"
+USER_FILE="${UMBREL_ROOT}/db/user.json"
+STATUS_FILE="${UMBREL_ROOT}/statuses/remote-tor-access-status.json"
+SIGNAL_FILE="${UMBREL_ROOT}/events/signals/remote-tor-access"
+
+updateStatus() {
+  local -r state="${1}"
+  local -r progress="${2}"
+
+  cat <<EOF > "${STATUS_FILE}"
+{"state": "${state}", "progress": ${progress}}
+EOF
+}
+
+if [[ ! -f "${SIGNAL_FILE}" ]]; then
+  exit
+fi
+
+enabled=$(cat "${SIGNAL_FILE}")
+rm -f "${SIGNAL_FILE}"
+
+if [[ -f "${STATUS_FILE}" ]]; then
+  state=$(cat "${STATUS_FILE}" 2> /dev/null | jq -r 'if has("state") then .state else "" end' || true)
+
+  if [[ "${state}" == "running" ]]; then
+    >&2 echo "Error: Already running!"
+    exit 1
+  fi
+fi
+
+updateStatus "running" "20"
+
+echo "Stopping Umbrel..."
+"${UMBREL_ROOT}/scripts/stop" || true
+
+updateStatus "running" "50"
+
+echo
+echo "Saving 'remoteTorAccess' setting..."
+
+while ! (set -o noclobber; echo "$$" > "${USER_FILE}.lock") 2> /dev/null; do
+  echo "Waiting for JSON lock to be released for ${app} update..."
+  sleep 1
+done
+# This will cause the lock-file to be deleted in case of a
+# premature exit.
+trap "rm -f "${USER_FILE}.lock"; exit $?" INT TERM EXIT
+
+jq ".remoteTorAccess = ${enabled}" "${USER_FILE}" > /tmp/user.json
+mv /tmp/user.json "${USER_FILE}"
+
+rm -f "${USER_FILE}.lock"
+
+echo
+echo "Starting Umbrel..."
+"${UMBREL_ROOT}/scripts/start"
+
+updateStatus "complete" "100"