release(tor): explicitly create and set perms for onion dirs

README.md

@@ -32,7 +32,7 @@ This is the default behavior intended for ease of use, gets things running faste
 
 * lalanza808/exporter:1.0.0
 * lalanza808/nodemapper:1.0.4
-* lalanza808/tor:1.0.0
+* lalanza808/tor:1.0.2
 * lalanza808/i2p:1.0.0
 * lalanza808/monero:v0.18.4.0
 
@@ -56,6 +56,7 @@ The following ports will be bound for `monerod` by default, but you can override
 - 18081   # restricted rpc
 - 18082   # zmq
 - 18083   # unrestricted rpc
+- 18084   # tor anonymous-inbound
 
 The following ports are commented out but can be enabled to test things locally:
 - 9090  # prometheus web ui
@@ -101,15 +102,19 @@ docker compose logs -f
 docker compose logs -f monerod  # make logs
 ```
 
-Navigate to http://localhost:3000 and log into Grafana. Find the `Node Stats` dashboard to get those sweet, sweet graphs.
+### Running Locally
 
-If you've installed this on another system you will want to use [SSH tunnels](https://www.ssh.com/ssh/tunneling/example) (local forwarding) to reach Grafana (if not exposing via reverse proxy):
+Navigate to http://localhost:3000 and find the `Node Stats` dashboard to get those sweet, sweet graphs.
+
+### Running on VPS
+
+If you've installed this on another system you will want to use [SSH tunnels](https://www.ssh.com/ssh/tunneling/example) (local forwarding) to reach Grafana if not running a reverse proxy:
 
 ```
 ssh <VPS OR SERVER IP> -L 3000:localhost:3000
 ```
 
-Then navigate to http://localhost:3000. Here is what the graph looks like:
+Then navigate to http://localhost:3000. Here is what the dashboard looks like:
 
 ![](static/graf1.png)
 

docker-compose.yaml

@@ -104,7 +104,7 @@ services:
     <<: *log-config
   tor:
     container_name: monerod_tor
-    image: lalanza808/tor:1.0.0
+    image: lalanza808/tor:1.0.2
     build:
       context: .
       dockerfile: dockerfiles/tor
@@ -113,6 +113,7 @@ services:
       # - 127.0.0.1:9050:9050
     volumes:
       - tor:/var/lib/tor/monerod
+      - tor:/var/lib/tor/monerod-rpc
     networks:
       tor_net:
         ipv4_address: 172.31.255.250
@@ -141,11 +142,15 @@ services:
     volumes:
       - ${DATA_DIR:-./data}:/data
       - tor:/var/lib/tor/monerod:ro
+      - tor:/var/lib/tor/monerod-rpc:ro
     ports:
       - ${P2P_PORT:-18080}:18080                    # p2p
       - ${RESTRICTED_PORT:-18081}:18081             # restricted rpc
       - 127.0.0.1:${ZMQ_PORT:-18082}:18082          # zmq
       - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc
+      - 127.0.0.1:${P2P_TOR:-18084}:18084           # tor anonymous-inbound
     networks:
       - tor_net
+    command:
+      - /entrypoint.sh
     <<: *log-config

dockerfiles/monero

@@ -61,8 +61,6 @@ COPY --from=og /tmp/ban_list.txt /ban_list.txt
 COPY ./dockerfiles/monerod_entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
-ENTRYPOINT ["/entrypoint.sh"]
-
 EXPOSE 18080
 EXPOSE 18081
 EXPOSE 18082

dockerfiles/monerod_entrypoint.sh

@@ -1,11 +1,28 @@
 #!/bin/bash
 
-while [ ! -f /var/lib/tor/monerod/hostname ]; do
-    echo -e "[+] Waiting for onion address to be generated"
-    sleep 1
+# Dynamically determine onion address to serve monerod on tor network
+
+hidden_service=(
+    monerod
+    monerod-rpc
+)
+for i in "${hidden_service[@]}"; do
+    tries=0
+    until [ -f /var/lib/tor/"${i}"/hostname ]; do
+        if [ $tries -ge 5 ]; then
+            echo "[+] Failed to generate ${i} onion address"
+            exit 1
+        fi
+        tries=$((tries+1))
+        echo -e "[${tries}] Waiting for ${i} onion address to be generated"
+        sleep 1
+    done
+    onion=$(cat "/var/lib/tor/${i}/hostname")
+    echo -e "[+] Generated /var/lib/tor/${i}/hostname\n${onion}\n"
 done
 
-export ONION_ADDRESS=$(cat /var/lib/tor/monerod/hostname)
+export ONION_ADDRESS=$(cat /var/lib/tor/monerod-rpc/hostname)
+export P2P_ONION_ADDRESS=$(cat /var/lib/tor/monerod/hostname)
 
 echo "=========================================="
 echo "Your Monero RPC Onion address is: ${ONION_ADDRESS}"
@@ -29,6 +46,6 @@ monerod \
     --log-level=0 \
     --rpc-ssl=disabled \
     --ban-list=/ban_list.txt \
-    --anonymous-inbound=${ONION_ADDRESS}:18081,127.0.0.1:18089,24 \
+    --anonymous-inbound=${P2P_ONION_ADDRESS}:18084,0.0.0.0:18084,24 \
     --tx-proxy=tor,172.31.255.250:9050,disable_noise,24 \
     --tx-proxy=i2p,172.31.255.251:4447,disable_noise,24

dockerfiles/tor

@@ -1,10 +1,10 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 
 RUN apt-get update && apt-get install tor -y
 
-RUN mkdir -p /run/tor /var/lib/tor/monerod \
-  && chown -R debian-tor:debian-tor /run/tor /var/lib/tor/monerod \
-  && chmod 700 -R /run/tor /var/lib/tor/monerod
+RUN mkdir -p /run/tor /var/lib/tor/monerod /var/lib/tor/monero-rpc \
+  && chown -R debian-tor:debian-tor /run/tor /var/lib/tor/monerod /var/lib/tor/monero-rpc \
+  && chmod 700 -R /run/tor /var/lib/tor/monerod /var/lib/tor/monero-rpc
 
 COPY dockerfiles/tor-config /etc/tor/torrc
 

dockerfiles/tor-config

@@ -5,5 +5,9 @@ IPv6Exit 0
 Log notice stdout
 PublishServerDescriptor 0
 SOCKSPort 0.0.0.0:9050
-HiddenServiceDir /var/lib/tor/monerod
+
+HiddenServiceDir /var/lib/tor/monerod-rpc
 HiddenServicePort 18081 monerod:18081
+
+HiddenServiceDir /var/lib/tor/monerod
+HiddenServicePort 18084 monerod:18084

env-example

@@ -3,6 +3,7 @@ P2P_PORT=18080
 RESTRICTED_PORT=18081
 ZMQ_PORT=18082
 UNRESTRICTED_PORT=18083
+P2P_TOR=18084
 PROM_RETENTION=360d
 PROM_TAG=v2.36.0
 GRAFANA_URL=http://mynodeurl.com

release.sh

@@ -7,6 +7,7 @@
 # Example usage:
 #   ./release.sh monero
 #   ./release.sh exporter
+#
 
 set -ex
 
@@ -18,7 +19,7 @@ EXPORTER_VERSION=1.0.0
 EXPORTER_BASE=${DH_USER}/exporter
 NODEMAPPER_VERSION=1.0.4
 NODEMAPPER_BASE=${DH_USER}/nodemapper
-TOR_VERSION=1.0.0
+TOR_VERSION=1.0.2
 TOR_BASE=${DH_USER}/tor
 I2P_VERSION=1.0.0
 I2P_BASE=${DH_USER}/i2p