initial commit

9 years ago · 45219ce52f
commit 45219ce52f
5 changed files with 166 additions and 0 deletions
--- a/23
+++ b/23
@ -0,0 +1,23 @@
+FROM  debian:jessie
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN   apt-get update && apt-get install -y \
+        tor \
+        python3 \
+        git \
+        ca-certificates
+
+ADD   assets/docker-entrypoint.sh /
+ADD   assets/tor_config.py /
+
+RUN   chmod +x /docker-entrypoint.sh 
+
+RUN   git clone https://github.com/cmehay/python-docker-tool.git /docker
+RUN   touch /docker/__init__.py
+
+VOLUME  ["/var/lib/tor/hidden_service/"]
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD   ["tor"]
--- a/assets/docker-entrypoint.sh
+++ b/assets/docker-entrypoint.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+if [ "${1:0:1}" == '-' ]; then
+  set -- tor $@
+fi
+
+if [ "$1" == "tor" ]; then
+  # Set config
+  python3 ./tor_config.py
+
+  # set rights on keys
+  chown -R debian-tor:debian-tor /var/lib/tor/hidden_service/
+  chmod -R 700 /var/lib/tor/hidden_service/
+
+  # Switch user
+
+  set -- su debian-tor -s /bin/sh -c "$@"
+fi
+
+exec "$@"
--- a/assets/tor_config.py
+++ b/assets/tor_config.py
@ -0,0 +1,51 @@
+#!/usr/bin/python3
+
+import os
+from docker import docker
+from subprocess import call
+
+# Generate conf for tor hidden service
+def set_conf():
+    rtn = []
+    links = docker.get_links()
+    with open("/etc/tor/torrc", "a") as conf:
+        for link in links:
+            path = "/var/lib/tor/hidden_service/{service}".format(service=link)
+            # Test if link has ports
+            if len(links[link]['ports']) == 0:
+                print("{link} has no port")
+                continue
+            conf.write('HiddenServiceDir {path}\n'.format(path=path))
+            rtn.append(link)
+            for port in links[link]['ports']:
+                if links[link]['ports'][port]['protocol'] == 'UDP':
+                    continue
+                service = '{port} {ip}:{port}'.format(
+                    port=port, ip=links[link]['ip']
+                )
+                conf.write('HiddenServicePort {service}\n'.format(
+                    service=service
+                ))
+        # set relay if enabled in env (not so secure)
+        if 'RELAY' in os.environ:
+            conf.write("ORPort 9001\n")
+        # Disable local socket
+        conf.write("SocksPort 0\n")
+    return rtn
+
+def gen_host(services):
+    # Run tor to generate keys if they doesn't exist
+    call(["sh", "-c", "timeout 3s tor > /dev/null"])
+    for service in services:
+        filename = "/var/lib/tor/hidden_service/{service}/hostname".format(
+            service=service
+        )
+        with open(filename, 'r') as hostfile:
+            print('{service}: {onion}'.format(
+                service=service,
+                onion=hostfile.read()
+            ))
+
+if __name__ == '__main__':
+    services = set_conf()
+    gen_host(services)
--- a/docker/init.py
+++ b/docker/init.py
--- a/docker/docker.py
+++ b/docker/docker.py
@ -0,0 +1,70 @@
+#! /usr/bin/env python3
+
+import os
+import json
+import re
+
+"""
+    get_docker_links is a kiss module which return a dict of links
+    in a docker container, or a formated json if you run it
+"""
+
+def _find_ports(link_name):
+    rtn = {}
+    p = re.compile('^{link}_PORT_(\d*)_(UDP|TCP)$'.format(link=link_name))
+    for key in os.environ:
+        m = p.match(key)
+        if m:
+            rtn[m.group(1)] = {
+                "protocol": m.group(2).lower(),
+            }
+    return rtn
+
+def _find_env(link_name):
+    rtn = {}
+    p = re.compile('^{link}_ENV_(.*)$'.format(link=link_name))
+    for key, value in os.environ.items():
+        m = p.match(key)
+        if m:
+            rtn[m.group(1)] = value
+    return rtn
+
+def get_links(*args):
+    """
+        List all links and return dictionnay with link name, ip address,
+        ports and protocols.
+    """
+    rtn = {}
+    nb_args = len(args)
+    # Read hosts file
+    with open('/etc/hosts') as hosts:
+        for line in hosts:
+            split = line.split()
+            if len(split) != 3:
+                continue
+            # Check if entry is a link
+            link_ip = split[0]
+            link_name_env = split[1].upper()
+            link_name = split[1]
+            env_var = "{link_name}_NAME".format(link_name=link_name_env)
+            if nb_args and link_name not in args:
+                continue
+            if env_var in os.environ:
+                network = os.environ[env_var].split(':')
+                rtn[link_name] = {
+                    "ip": link_ip,
+                    "ports": _find_ports(link_name_env),
+                    "environment": _find_env(link_name_env)
+                }
+    return rtn
+
+def to_json(*args):
+    print(json.dumps(get_links(*args),
+        sort_keys=True,
+        indent=4,
+        separators=(',', ': ')
+    ))
+
+
+if __name__ == '__main__':
+    to_json()