segfault/tor/fs-root/sf-tor.sh

#! /bin/bash

CR="\e[1;31m" # red
# CG="\e[1;32m" # green
CN="\e[0m"    # none

ERREXIT()
{
	local code
	code="$1"
	# shellcheck disable=SC2181 #(style): Check exit code directly with e.g
	[[ $? -ne 0 ]] && code="$?"
	[[ -z $code ]] && code=99

	shift 1
	[[ -n "$1" ]] && echo -e >&2 "${CR}ERROR:${CN} $*"

	exit "$code"
}

# add [PORT]
xadd()
{
	cp "/var/lib/tor/hidden/service-${1}/hostname" "/config/guest/onion_hostname-${1}"
	chmod 644 "/config/guest/onion_hostname-${1}"
}

sleep_copy()
{
	sleep 5
	xadd 22
	xadd 80
	exit 0
}

# Route all traffic that comes to this instance through TOR.
iptables -t nat -A PREROUTING -p tcp ! -d sf-tor --syn -j REDIRECT --to-ports 9040
# Route to SSHD and NGINX via sf-router
ip route add 172.22.0.22/32 via 172.20.0.2
ip route add 172.20.1.80/32 via 172.20.0.2

chmod 700 /var/lib/tor
chown -R tor /var/lib/tor/hidden || ERREXIT
chmod -R 700 /var/lib/tor/hidden || ERREXIT

# TOR does not have an option to generate keys. Instead wait in the
# background until keys are generated and then copy hostname to
# guest's config dir.
[[ ! -f /var/lib/tor/hidden/service-22/hostname ]] && sleep_copy &

# chmod 644 /var/lib/tor/hidden/service-22/hostname
# chmod 644 /var/lib/tor/hidden/service-80/hostname

if [[ -f /config/host/etc/tor/torrc ]]; then
	exec su -s /bin/ash - tor -c "tor --hush -f /config/host/etc/tor/torrc"
else
	exec su -s /bin/ash - tor -c "tor --hush"
fi
# NOT REACHED
31338 2022-07-25 12:42:33 +00:00			`#! /bin/bash`
tor-onion-nginx 2022-05-20 15:59:45 +00:00
versioning 2022-08-01 10:04:04 +00:00			`CR="\e[1;31m" # red`
			`# CG="\e[1;32m" # green`
			`CN="\e[0m" # none`
tor-onion-nginx 2022-05-20 15:59:45 +00:00
			`ERREXIT()`
			`{`
			`local code`
			`code="$1"`
31338 2022-07-25 12:42:33 +00:00			`# shellcheck disable=SC2181 #(style): Check exit code directly with e.g`
tor-onion-nginx 2022-05-20 15:59:45 +00:00			`[[ $? -ne 0 ]] && code="$?"`
			`[[ -z $code ]] && code=99`

			`shift 1`
			`[[ -n "$1" ]] && echo -e >&2 "${CR}ERROR:${CN} $*"`

			`exit "$code"`
			`}`

cleanups 2022-10-31 18:10:03 +00:00			`# add [PORT]`
sshfs & sftp. Restricted server. FW 2022-09-09 14:19:46 +00:00			`xadd()`
			`{`
			`cp "/var/lib/tor/hidden/service-${1}/hostname" "/config/guest/onion_hostname-${1}"`
cleanups 2022-10-31 18:10:03 +00:00			`chmod 644 "/config/guest/onion_hostname-${1}"`
			`}`

			`sleep_copy()`
			`{`
			`sleep 5`
			`xadd 22`
			`xadd 80`
			`exit 0`
sshfs & sftp. Restricted server. FW 2022-09-09 14:19:46 +00:00			`}`

chmod 2022-07-27 14:26:03 +00:00			`# Route all traffic that comes to this instance through TOR.`
update 2022-09-28 09:49:46 +00:00			`iptables -t nat -A PREROUTING -p tcp ! -d sf-tor --syn -j REDIRECT --to-ports 9040`
DMZ TC and isolation 2022-08-09 13:05:52 +00:00			`# Route to SSHD and NGINX via sf-router`
			`ip route add 172.22.0.22/32 via 172.20.0.2`
			`ip route add 172.20.1.80/32 via 172.20.0.2`
chmod 2022-07-27 14:26:03 +00:00
cleanups 2022-10-31 18:10:03 +00:00			`chmod 700 /var/lib/tor`
cleanup 2022-07-28 13:33:08 +00:00			`chown -R tor /var/lib/tor/hidden \|\| ERREXIT`
			`chmod -R 700 /var/lib/tor/hidden \|\| ERREXIT`
DMZ TC and isolation 2022-08-09 13:05:52 +00:00
cleanups 2022-10-31 18:10:03 +00:00			`# TOR does not have an option to generate keys. Instead wait in the`
			`# background until keys are generated and then copy hostname to`
			`# guest's config dir.`
			`[[ ! -f /var/lib/tor/hidden/service-22/hostname ]] && sleep_copy &`

			`# chmod 644 /var/lib/tor/hidden/service-22/hostname`
			`# chmod 644 /var/lib/tor/hidden/service-80/hostname`
sshfs & sftp. Restricted server. FW 2022-09-09 14:19:46 +00:00
cleanup 2022-09-18 11:42:52 +00:00			`if [[ -f /config/host/etc/tor/torrc ]]; then`
cleanups 2022-10-31 18:10:03 +00:00			`exec su -s /bin/ash - tor -c "tor --hush -f /config/host/etc/tor/torrc"`
31338 2022-07-25 12:42:33 +00:00			`else`
cleanups 2022-10-31 18:10:03 +00:00			`exec su -s /bin/ash - tor -c "tor --hush"`
31338 2022-07-25 12:42:33 +00:00			`fi`
tor-onion-nginx 2022-05-20 15:59:45 +00:00			`# NOT REACHED`