diff --git a/conf/torrc b/conf/torrc new file mode 100644 index 0000000..2db2a2d --- /dev/null +++ b/conf/torrc @@ -0,0 +1,24 @@ +BridgeRelay 1 + +# Replace "TODO1" with a Tor port of your choice. +# This port must be externally reachable. +# Avoid port 9001 because it's commonly associated with Tor and censors may be scanning the Internet for this port. +ORPort __PORT_OR__ + +ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy + +# Replace "TODO2" with an obfs4 port of your choice. +# This port must be externally reachable and must be different from the one specified for ORPort. +# Avoid port 9001 because it's commonly associated with Tor and censors may be scanning the Internet for this port. +ServerTransportListenAddr obfs4 0.0.0.0:__PORT_OBFS4__ + +# Local communication port between Tor and obfs4. Always set this to "auto". +# "Ext" means "extended", not "external". Don't try to set a specific port number, nor listen on 0.0.0.0. +ExtORPort auto + +# Replace "" with your email address so we can contact you if there are problems with your bridge. +# This is optional but encouraged. +#ContactInfo _CONTACT_ + +# Pick a nickname that you like for your bridge. This is optional. +#Nickname _NICKNAME_ \ No newline at end of file diff --git a/manifest.toml b/manifest.toml index a40dad7..6a4c464 100644 --- a/manifest.toml +++ b/manifest.toml @@ -59,6 +59,11 @@ ram.runtime = "50M" xftp.default = 5224 xftp.exposed = "TCP" + or.default = 9002 + or.exposed = "Both" + obfs4.default = 9003 + obfs4.exposed = "Both" + [resources.system_user] [resources.install_dir] diff --git a/scripts/backup b/scripts/backup index 04a1a6c..f381279 100755 --- a/scripts/backup +++ b/scripts/backup @@ -32,6 +32,7 @@ ynh_backup --src_path="/var/opt/simplex-xftp" ynh_backup --src_path="/etc/systemd/system/$app.service" ynh_backup --src_path="/etc/systemd/system/xftp.service" +ynh_backup --src_path="/etc/tor/torrc" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index aa3cbca..d5cfd11 100755 --- a/scripts/install +++ b/scripts/install @@ -25,8 +25,11 @@ ynh_script_progression --message="Setting up source files..." --weight=1 ynh_setup_source --dest_dir="$install_dir" ynh_setup_source --dest_dir="$install_dir" --source_id="xftp" +mkdir /var/lib/tor/simplex-xftp/ +chown debian-tor:debian-tor /var/lib/tor/simplex-xftp/ && chmod 700 /var/lib/tor/simplex-xftp/ + mkdir -p /etc/opt/simplex-xftp /etc/opt/simplex /var/opt/simplex-xftp /var/opt/simplex -chown -R $app:$app /etc/opt/simplex-xftp /etc/opt/simplex /var/opt/simplex-xftp /var/opt/simplex +chown -R $app:$app /etc/opt/simplex-xftp /etc/opt/simplex /var/opt/simplex-xftp /var/opt/simplex chmod -R o-rwx "$install_dir" chown -R $app:$app "$install_dir" @@ -66,6 +69,11 @@ ynh_add_config --template="file-server.ini" --destination="/etc/opt/simplex-xftp chmod 400 "/etc/opt/simplex-xftp/file-server.ini" chown $app:$app "/etc/opt/simplex-xftp/file-server.ini" +ynh_add_config --template="torrc" --destination="/etc/tor/torrc" + +chmod 660 /etc/tor/torrc +chown :debian-tor /etc/tor/torrc + #================================================= # SYSTEM CONFIGURATION #================================================= @@ -77,6 +85,7 @@ ynh_add_systemd_config --service=xftp --template=../conf/xftp.systemd.service yunohost service add $app --description="Messaging platform" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port" yunohost service add xftp --description="Messaging platform" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port_xftp" +yunohost service add tor --description="Tor Relay" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port_or" --test_status="pgrep tor" #================================================= # START SYSTEMD SERVICE @@ -86,6 +95,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" ynh_systemd_action --service_name="xftp" --action="start" --log_path="systemd" +ynh_systemd_action --service_name=tor --action="restart" --log_path="systemd" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 0284b9b..86d0405 100755 --- a/scripts/remove +++ b/scripts/remove @@ -21,6 +21,7 @@ then ynh_script_progression --message="Removing $app service integration..." --weight=1 yunohost service remove $app yunohost service remove xftp + yunohost service remove tor fi #================================================= @@ -33,12 +34,14 @@ ynh_script_progression --message="Removing system configurations related to $app # Remove the dedicated systemd config ynh_remove_systemd_config ynh_remove_systemd_config --service=xftp +ynh_remove_systemd_config --service=tor # Remove the app directory securely ynh_secure_remove --file="/etc/opt/simplex" ynh_secure_remove --file="/etc/opt/simplex-xftp" ynh_secure_remove --file="/var/opt/simplex" ynh_secure_remove --file="/var/opt/simplex-xftp" +ynh_secure_remove --file="/etc/tor/torrc" #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 52cb464..08bda7b 100755 --- a/scripts/restore +++ b/scripts/restore @@ -39,6 +39,7 @@ ynh_script_progression --message="Restoring system configurations related to $ap ynh_restore_file --origin_path="/etc/opt/simplex" ynh_restore_file --origin_path="/etc/opt/simplex-xftp" +ynh_restore_file --origin_path="/etc/tor/torrc" ynh_restore_file --origin_path="/var/opt/simplex" ynh_restore_file --origin_path="/var/opt/simplex-xftp" @@ -52,6 +53,7 @@ systemctl enable xftp.service --quiet yunohost service add $app --description="Messaging platform" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port" yunohost service add xftp --description="Messaging platform" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port_xftp" +yunohost service add tor --description="Tor Relay" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port_or" --test_status="pgrep tor" #================================================= # START SYSTEMD SERVICE @@ -60,6 +62,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" ynh_systemd_action --service_name=xftp --action="start" --log_path="systemd" +ynh_systemd_action --service_name=tor --action="restart" --log_path="systemd" #================================================= # END OF SCRIPT diff --git a/scripts/upgrade b/scripts/upgrade index cda4c80..a12966a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,6 +18,7 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" ynh_systemd_action --service_name=xftp --action="stop" --log_path="systemd" +ynh_systemd_action --service_name=tor --action="stop" --log_path="systemd" #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -76,6 +77,11 @@ fi #chmod 400 "/etc/opt/simplex-xftp/file-server.ini" #chown $app:$app "/etc/opt/simplex-xftp/file-server.ini" +ynh_add_config --template="torrc" --destination="/etc/tor/torrc" + +chmod 660 /etc/tor/torrc +chown :debian-tor /etc/tor/torrc + #================================================= # REAPPLY SYSTEM CONFIGURATIONS #================================================= @@ -87,6 +93,7 @@ ynh_add_systemd_config --service=xftp --template=../conf/xftp.systemd.service yunohost service add $app --description="Messaging platform" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port" yunohost service add xftp --description="Messaging platform" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port_xftp" +yunohost service add tor --description="Tor Relay" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port_or" --test_status="pgrep tor" #================================================= # START SYSTEMD SERVICE @@ -95,6 +102,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" ynh_systemd_action --service_name=xftp --action="start" --log_path="systemd" +ynh_systemd_action --service_name=tor --action="restart" --log_path="systemd" #================================================= # END OF SCRIPT