From 81884056d6595ed19f09108feab7ddc605321cbf Mon Sep 17 00:00:00 2001
From: nahuhh <50635951+nahuhh@users.noreply.github.com>
Date: Mon, 28 Apr 2025 19:23:01 +0000
Subject: [PATCH] tor: anon-inbound fixes (#42)

---
 README.md                         |  1 +
 docker-compose.yaml               |  3 +++
 dockerfiles/monerod_entrypoint.sh | 25 ++++++++++++++++++++-----
 dockerfiles/tor                   |  8 ++++----
 dockerfiles/tor-config            |  6 +++++-
 env-example                       |  3 ++-
 6 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index f1042d9..1c4d429 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,7 @@ The following ports will be bound for `monerod` by default, but you can override
 - 18081   # restricted rpc
 - 18082   # zmq
 - 18083   # unrestricted rpc
+- 18084   # tor anonymous-inbound
 
 The following ports are commented out but can be enabled to test things locally:
 - 9090  # prometheus web ui
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 7e842d1..7ca38a7 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -113,6 +113,7 @@ services:
       # - 127.0.0.1:9050:9050
     volumes:
       - tor:/var/lib/tor/monerod
+      - tor:/var/lib/tor/monerod-rpc
     networks:
       tor_net:
         ipv4_address: 172.31.255.250
@@ -141,11 +142,13 @@ services:
     volumes:
       - ${DATA_DIR:-./data}:/data
       - tor:/var/lib/tor/monerod:ro
+      - tor:/var/lib/tor/monerod-rpc:ro
     ports:
       - ${P2P_PORT:-18080}:18080                    # p2p
       - ${RESTRICTED_PORT:-18081}:18081             # restricted rpc
       - 127.0.0.1:${ZMQ_PORT:-18082}:18082          # zmq
       - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc
+      - 127.0.0.1:${P2P_TOR:-18084}:18084           # tor anonymous-inbound
     networks:
       - tor_net
     command:
diff --git a/dockerfiles/monerod_entrypoint.sh b/dockerfiles/monerod_entrypoint.sh
index 75bc793..a82b5bf 100644
--- a/dockerfiles/monerod_entrypoint.sh
+++ b/dockerfiles/monerod_entrypoint.sh
@@ -2,12 +2,27 @@
 
 # Dynamically determine onion address to serve monerod on tor network
 
-while [ ! -f /var/lib/tor/monerod/hostname ]; do
-    echo -e "[+] Waiting for onion address to be generated"
-    sleep 1
+hidden_service=(
+    monerod
+    monerod-rpc
+)
+for i in "${hidden_service[@]}"; do
+    tries=0
+    until [ -f /var/lib/tor/"${i}"/hostname ]; do
+        if [ $tries -ge 5 ]; then
+            echo "[+] Failed to generate ${i} onion address"
+            exit 1
+        fi
+        tries=$((tries+1))
+        echo -e "[${tries}] Waiting for ${i} onion address to be generated"
+        sleep 1
+    done
+    onion=$(cat "/var/lib/tor/${i}/hostname")
+    echo -e "[+] Generated /var/lib/tor/${i}/hostname\n${onion}\n"
 done
 
-export ONION_ADDRESS=$(cat /var/lib/tor/monerod/hostname)
+export ONION_ADDRESS=$(cat /var/lib/tor/monerod-rpc/hostname)
+export P2P_ONION_ADDRESS=$(cat /var/lib/tor/monerod/hostname)
 
 echo "=========================================="
 echo "Your Monero RPC Onion address is: ${ONION_ADDRESS}"
@@ -31,6 +46,6 @@ monerod \
     --log-level=0 \
     --rpc-ssl=disabled \
     --ban-list=/ban_list.txt \
-    --anonymous-inbound=${ONION_ADDRESS}:18081,127.0.0.1:18089,24 \
+    --anonymous-inbound=${P2P_ONION_ADDRESS}:18084,0.0.0.0:18084,24 \
     --tx-proxy=tor,172.31.255.250:9050,disable_noise,24 \
     --tx-proxy=i2p,172.31.255.251:4447,disable_noise,24
diff --git a/dockerfiles/tor b/dockerfiles/tor
index a6b9e43..79e2bd6 100644
--- a/dockerfiles/tor
+++ b/dockerfiles/tor
@@ -1,10 +1,10 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 
 RUN apt-get update && apt-get install tor -y
 
-RUN mkdir -p /run/tor /var/lib/tor/monerod \
-  && chown -R debian-tor:debian-tor /run/tor /var/lib/tor/monerod \
-  && chmod 700 -R /run/tor /var/lib/tor/monerod
+RUN mkdir -p /run/tor \
+  && chown -R debian-tor:debian-tor /run/tor \
+  && chmod 700 -R /run/tor
 
 COPY dockerfiles/tor-config /etc/tor/torrc
 
diff --git a/dockerfiles/tor-config b/dockerfiles/tor-config
index c3cbb02..1b73b31 100644
--- a/dockerfiles/tor-config
+++ b/dockerfiles/tor-config
@@ -5,5 +5,9 @@ IPv6Exit 0
 Log notice stdout
 PublishServerDescriptor 0
 SOCKSPort 0.0.0.0:9050
-HiddenServiceDir /var/lib/tor/monerod
+
+HiddenServiceDir /var/lib/tor/monerod-rpc
 HiddenServicePort 18081 monerod:18081
+
+HiddenServiceDir /var/lib/tor/monerod
+HiddenServicePort 18084 monerod:18084
diff --git a/env-example b/env-example
index fc9a0be..201e379 100644
--- a/env-example
+++ b/env-example
@@ -3,6 +3,7 @@ P2P_PORT=18080
 RESTRICTED_PORT=18081
 ZMQ_PORT=18082
 UNRESTRICTED_PORT=18083
+P2P_TOR=18084
 PROM_RETENTION=360d
 PROM_TAG=v2.36.0
 GRAFANA_URL=http://mynodeurl.com
@@ -14,4 +15,4 @@ GF_AUTH_DISABLE_LOGIN_FORM=false
 GF_SECURITY_ADMIN_PASSWORD=admin
 GF_SECURITY_ADMIN_USER=admin
 GF_INSTALL_PLUGINS=
-GF_SERVER_SERVE_FROM_SUB_PATH=false
\ No newline at end of file
+GF_SERVER_SERVE_FROM_SUB_PATH=false