♻️ Migrate tor to /config/ source-of-truth architecture ♻️

Migrate tor Docker image to the new build-time config architecture. - rootfs/root/docker/setup/03-files.sh: rewrite to canonical form with /tmp/bin, /tmp/var, /tmp/etc, /tmp/usr handlers; remove template-files copy block - rootfs/usr/local/etc/docker/functions/entrypoint.sh: update to latest template with __init_service_conf, __find_php_ini, __find_php_bin helpers - rootfs/usr/local/etc/docker/init.d/*.sh: fix $(basename) UUOC → ${var##*/}; move inline comments above code lines; remove commented-out dead code - rootfs/usr/local/share/template-files/: delete entire directory; config files now deployed via /tmp/etc/ at build time rootfs/root/docker/setup/03-files.sh rootfs/usr/local/etc/docker/functions/entrypoint.sh rootfs/usr/local/etc/docker/init.d/01-tor-server.sh rootfs/usr/local/etc/docker/init.d/04-tor-exit.sh rootfs/usr/local/etc/docker/init.d/09-unbound.sh rootfs/usr/local/etc/docker/init.d/98-privoxy.sh rootfs/usr/local/etc/docker/init.d/zz-nginx.sh rootfs/usr/local/share/template-files/config/env/default.sample rootfs/usr/local/share/template-files/config/env/examples/00-directory.sh rootfs/usr/local/share/template-files/config/env/examples/addresses.sh rootfs/usr/local/share/template-files/config/env/examples/certbot.sh rootfs/usr/local/share/template-files/config/env/examples/couchdb.sh rootfs/usr/local/share/template-files/config/env/examples/dockerd.sh rootfs/usr/local/share/template-files/config/env/examples/global.sh rootfs/usr/local/share/template-files/config/env/examples/healthcheck.sh rootfs/usr/local/share/template-files/config/env/examples/mariadb.sh rootfs/usr/local/share/template-files/config/env/examples/mongodb.sh rootfs/usr/local/share/template-files/config/env/examples/networking.sh rootfs/usr/local/share/template-files/config/env/examples/other.sh rootfs/usr/local/share/template-files/config/env/examples/php.sh rootfs/usr/local/share/template-files/config/env/examples/postgres.sh rootfs/usr/local/share/template-files/config/env/examples/redis.sh rootfs/usr/local/share/template-files/config/env/examples/services.sh rootfs/usr/local/share/template-files/config/env/examples/ssl.sh rootfs/usr/local/share/template-files/config/env/examples/supabase.sh rootfs/usr/local/share/template-files/config/env/examples/webservers.sh rootfs/usr/local/share/template-files/config/env/examples/zz-entrypoint.sh rootfs/usr/local/share/template-files/config/.gitkeep rootfs/usr/local/share/template-files/data/.gitkeep rootfs/usr/local/share/template-files/defaults/.gitkeep
2026-06-24 08:01:05 -04:00 · 2026-06-04 14:49:19 -04:00
parent f4df3572d5
commit c96a4c7996
30 changed files with 329 additions and 602 deletions
@@ -513,7 +513,7 @@ __post_execute() {
 			[ -f "$WWW_ROOT_DIR/hostnames.html" ] && rm -f "$WWW_ROOT_DIR/hostnames.html"
 			for host in "$TOR_HIDDEN_SERVICE_DIR"/*/hostname; do
 				d="$(dirname -- $host)"
-				name="$(basename "$d")"
+				name="${d##*/}"
 				url="$(<"$host")"
 				site="$(echo "$url" | sed 's|\.onion$||g')"
 				echo "$name: $url"
@@ -395,39 +395,72 @@ RelayBandwidthBurst 192 KB
 AccountingStart month 1 00:00

 # Blocks mail, BitTorrent, and other high-abuse protocols
-ExitPolicy reject *:25          # SMTP
-ExitPolicy reject *:119         # NNTP
-ExitPolicy reject *:135-139     # NetBIOS
-ExitPolicy reject *:445         # SMB
-ExitPolicy reject *:465         # SMTPS
-ExitPolicy reject *:563         # NNTP over TLS
-ExitPolicy reject *:587         # Submission
-ExitPolicy reject *:1214        # Kazaa
-ExitPolicy reject *:4661-4666   # eMule
-ExitPolicy reject *:6346-6429   # Gnutella
-ExitPolicy reject *:6699        # WinMX
-ExitPolicy reject *:6881-6999   # BitTorrent
-ExitPolicy accept *:20-21       # FTP
-ExitPolicy accept *:22          # SSH
-ExitPolicy accept *:43          # WHOIS
-ExitPolicy accept *:53          # DNS
-ExitPolicy accept *:80          # HTTP
-ExitPolicy accept *:110         # POP3
-ExitPolicy accept *:143         # IMAP
-ExitPolicy accept *:220         # IMAP3
-ExitPolicy accept *:443         # HTTPS
-ExitPolicy accept *:873         # rsync
-ExitPolicy accept *:989-995     # FTPS, Netnews, IMAP/POP3 over TLS
-ExitPolicy accept *:1293        # IPsec
-ExitPolicy accept *:3690        # SVN
-ExitPolicy accept *:4321        # RWHOIS
-ExitPolicy accept *:5222-5223   # XMPP, Jabber
-ExitPolicy accept *:8008        # HTTP
-ExitPolicy accept *:8080        # HTTP Proxies
-ExitPolicy accept *:8443        # HTTPS alt
-ExitPolicy accept *:8888        # HTTP alt
-ExitPolicy accept *:9418        # Git
-ExitPolicy reject *:*           # Reject everything else
+# SMTP
+ExitPolicy reject *:25
+# NNTP
+ExitPolicy reject *:119
+# NetBIOS
+ExitPolicy reject *:135-139
+# SMB
+ExitPolicy reject *:445
+# SMTPS
+ExitPolicy reject *:465
+# NNTP over TLS
+ExitPolicy reject *:563
+# Submission
+ExitPolicy reject *:587
+# Kazaa
+ExitPolicy reject *:1214
+# eMule
+ExitPolicy reject *:4661-4666
+# Gnutella
+ExitPolicy reject *:6346-6429
+# WinMX
+ExitPolicy reject *:6699
+# BitTorrent
+ExitPolicy reject *:6881-6999
+# FTP
+ExitPolicy accept *:20-21
+# SSH
+ExitPolicy accept *:22
+# WHOIS
+ExitPolicy accept *:43
+# DNS
+ExitPolicy accept *:53
+# HTTP
+ExitPolicy accept *:80
+# POP3
+ExitPolicy accept *:110
+# IMAP
+ExitPolicy accept *:143
+# IMAP3
+ExitPolicy accept *:220
+# HTTPS
+ExitPolicy accept *:443
+# rsync
+ExitPolicy accept *:873
+# FTPS, Netnews, IMAP/POP3 over TLS
+ExitPolicy accept *:989-995
+# IPsec
+ExitPolicy accept *:1293
+# SVN
+ExitPolicy accept *:3690
+# RWHOIS
+ExitPolicy accept *:4321
+# XMPP, Jabber
+ExitPolicy accept *:5222-5223
+# HTTP
+ExitPolicy accept *:8008
+# HTTP Proxies
+ExitPolicy accept *:8080
+# HTTPS alt
+ExitPolicy accept *:8443
+# HTTP alt
+ExitPolicy accept *:8888
+# Git
+ExitPolicy accept *:9418
+# Reject everything else
+ExitPolicy reject *:*

 # DNS Configuration
 DNSPort 5353
@@ -126,8 +126,10 @@ RESET_ENV="no"
 WWW_ROOT_DIR="/usr/local/share/httpd/default"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Default predefined variables
-DATA_DIR="/data/unbound"   # set data directory
-CONF_DIR="/config/unbound" # set config directory
+# set data directory
+DATA_DIR="/data/unbound"
+# set config directory
+CONF_DIR="/config/unbound"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # set the containers etc directory
 ETC_DIR="/etc/unbound"
@@ -135,9 +137,12 @@ ETC_DIR="/etc/unbound"
 # set the var dir
 VAR_DIR=""
 # - - - - - - - - - - - - - - - - - - - - - - - - -
-TMP_DIR="/tmp/unbound"       # set the temp dir
-RUN_DIR="/run/unbound"       # set scripts pid dir
-LOG_DIR="/data/logs/unbound" # set log directory
+# set the temp dir
+TMP_DIR="/tmp/unbound"
+# set scripts pid dir
+RUN_DIR="/run/unbound"
+# set log directory
+LOG_DIR="/data/logs/unbound"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set the working dir
 WORK_DIR=""
@@ -150,21 +155,28 @@ SERVICE_PORT="9053"
 RUNAS_USER="root"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # User and group in which the service switches to - IE: nginx,apache,mysql,postgres
-SERVICE_USER="root"  # execute command as another user
-SERVICE_GROUP="root" # Set the service group
+# execute command as another user
+SERVICE_USER="root"
+# Set the service group
+SERVICE_GROUP="root"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set password length
 RANDOM_PASS_USER=""
 RANDOM_PASS_ROOT=""
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set user and group ID
-SERVICE_UID="0" # set the user id
-SERVICE_GID="0" # set the group id
+# set the user id
+SERVICE_UID="0"
+# set the group id
+SERVICE_GID="0"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # execute command variables - keep single quotes variables will be expanded later
-EXEC_CMD_BIN='unbound'                                          # command to execute
-EXEC_CMD_ARGS='-d -c $CONF_DIR/unbound.conf '                   # command arguments
-EXEC_PRE_SCRIPT='unbound-checkconfig -f $CONF_DIR/unbound.conf' # execute script before
+# command to execute
+EXEC_CMD_BIN='unbound'
+# command arguments
+EXEC_CMD_ARGS='-d -c $CONF_DIR/unbound.conf '
+# execute script before
+EXEC_PRE_SCRIPT='unbound-checkconfig -f $CONF_DIR/unbound.conf'
 # Set to 'no' for configuration services (no daemon process), leave blank for actual services
 SERVICE_USES_PID=''
 # - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -190,16 +202,22 @@ POST_EXECUTE_WAIT_TIME="1"
 PATH="$PATH:."
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Where to save passwords to
-ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/password for root user
-USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user
+# directory to save username/password for root user
+ROOT_FILE_PREFIX="/config/secure/auth/root"
+# directory to save username/password for normal user
+USER_FILE_PREFIX="/config/secure/auth/user"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # root/admin user info password/random]
-root_user_name="${UNBOUND_ROOT_USER_NAME:-}" # root user name
-root_user_pass="${UNBOUND_ROOT_PASS_WORD:-}" # root user password
+# root user name
+root_user_name="${UNBOUND_ROOT_USER_NAME:-}"
+# root user password
+root_user_pass="${UNBOUND_ROOT_PASS_WORD:-}"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Normal user info [password/random]
-user_name="${UNBOUND_USER_NAME:-}"      # normal user name
-user_pass="${UNBOUND_USER_PASS_WORD:-}" # normal user password
+# normal user name
+user_name="${UNBOUND_USER_NAME:-}"
+# normal user password
+user_pass="${UNBOUND_USER_PASS_WORD:-}"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Load variables from config
 # Generated by my dockermgr script
@@ -126,8 +126,10 @@ RESET_ENV="yes"
 WWW_ROOT_DIR="/usr/local/share/httpd/default"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Default predefined variables
-DATA_DIR="/data/privoxy"   # set data directory
-CONF_DIR="/config/privoxy" # set config directory
+# set data directory
+DATA_DIR="/data/privoxy"
+# set config directory
+CONF_DIR="/config/privoxy"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # set the containers etc directory
 ETC_DIR="/etc/privoxy"
@@ -135,9 +137,12 @@ ETC_DIR="/etc/privoxy"
 # set the var dir
 VAR_DIR=""
 # - - - - - - - - - - - - - - - - - - - - - - - - -
-TMP_DIR="/tmp/privoxy"       # set the temp dir
-RUN_DIR="/run/privoxy"       # set scripts pid dir
-LOG_DIR="/data/logs/privoxy" # set log directory
+# set the temp dir
+TMP_DIR="/tmp/privoxy"
+# set scripts pid dir
+RUN_DIR="/run/privoxy"
+# set log directory
+LOG_DIR="/data/logs/privoxy"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set the working dir
 WORK_DIR=""
@@ -150,21 +155,28 @@ SERVICE_PORT="8118"
 RUNAS_USER="root"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # User and group in which the service switches to - IE: nginx,apache,mysql,postgres
-SERVICE_USER="root"  # execute command as another user
-SERVICE_GROUP="root" # Set the service group
+# execute command as another user
+SERVICE_USER="root"
+# Set the service group
+SERVICE_GROUP="root"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set password length
 RANDOM_PASS_USER=""
 RANDOM_PASS_ROOT=""
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set user and group ID
-SERVICE_UID="0" # set the user id
-SERVICE_GID="0" # set the group id
+# set the user id
+SERVICE_UID="0"
+# set the group id
+SERVICE_GID="0"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # execute command variables - keep single quotes variables will be expanded later
-EXEC_CMD_BIN='privoxy'                      # command to execute
-EXEC_CMD_ARGS='--no-daemon $ETC_DIR/config' # command arguments
-EXEC_PRE_SCRIPT=''                          # execute script before
+# command to execute
+EXEC_CMD_BIN='privoxy'
+# command arguments
+EXEC_CMD_ARGS='--no-daemon $ETC_DIR/config'
+# execute script before
+EXEC_PRE_SCRIPT=''
 # Set to 'no' for configuration services (no daemon process), leave blank for actual services
 SERVICE_USES_PID=''
 # - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -190,16 +202,22 @@ POST_EXECUTE_WAIT_TIME="1"
 PATH="$PATH:."
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Where to save passwords to
-ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/password for root user
-USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user
+# directory to save username/password for root user
+ROOT_FILE_PREFIX="/config/secure/auth/root"
+# directory to save username/password for normal user
+USER_FILE_PREFIX="/config/secure/auth/user"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # root/admin user info password/random]
-root_user_name="${PRIVOXY_ROOT_USER_NAME:-}" # root user name
-root_user_pass="${PRIVOXY_ROOT_PASS_WORD:-}" # root user password
+# root user name
+root_user_name="${PRIVOXY_ROOT_USER_NAME:-}"
+# root user password
+root_user_pass="${PRIVOXY_ROOT_PASS_WORD:-}"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Normal user info [password/random]
-user_name="${PRIVOXY_USER_NAME:-}"      # normal user name
-user_pass="${PRIVOXY_USER_PASS_WORD:-}" # normal user password
+# normal user name
+user_name="${PRIVOXY_USER_NAME:-}"
+# normal user password
+user_pass="${PRIVOXY_USER_PASS_WORD:-}"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Load variables from config
 # Generated by my dockermgr script
@@ -126,8 +126,10 @@ RESET_ENV="no"
 WWW_ROOT_DIR="/data/htdocs/www"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Default predefined variables
-DATA_DIR="/data/nginx"   # set data directory
-CONF_DIR="/config/nginx" # set config directory
+# set data directory
+DATA_DIR="/data/nginx"
+# set config directory
+CONF_DIR="/config/nginx"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # set the containers etc directory
 ETC_DIR="/etc/nginx"
@@ -135,9 +137,12 @@ ETC_DIR="/etc/nginx"
 # set the var dir
 VAR_DIR=""
 # - - - - - - - - - - - - - - - - - - - - - - - - -
-TMP_DIR="/tmp/nginx"       # set the temp dir
-RUN_DIR="/run/nginx"       # set scripts pid dir
-LOG_DIR="/data/logs/nginx" # set log directory
+# set the temp dir
+TMP_DIR="/tmp/nginx"
+# set scripts pid dir
+RUN_DIR="/run/nginx"
+# set log directory
+LOG_DIR="/data/logs/nginx"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set the working dir
 WORK_DIR=""
@@ -150,21 +155,28 @@ SERVICE_PORT="80"
 RUNAS_USER="root"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # User and group in which the service switches to - IE: nginx,apache,mysql,postgres
-SERVICE_USER="root"  # execute command as another user
-SERVICE_GROUP="root" # Set the service group
+# execute command as another user
+SERVICE_USER="root"
+# Set the service group
+SERVICE_GROUP="root"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set password length
 RANDOM_PASS_USER=""
 RANDOM_PASS_ROOT=""
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set user and group ID
-SERVICE_UID="0" # set the user id
-SERVICE_GID="0" # set the group id
+# set the user id
+SERVICE_UID="0"
+# set the group id
+SERVICE_GID="0"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # execute command variables - keep single quotes variables will be expanded later
-EXEC_CMD_BIN='nginx'                   # command to execute
-EXEC_CMD_ARGS='-c $ETC_DIR/nginx.conf' # command arguments
-EXEC_PRE_SCRIPT=''                     # execute script before
+# command to execute
+EXEC_CMD_BIN='nginx'
+# command arguments
+EXEC_CMD_ARGS='-c $ETC_DIR/nginx.conf'
+# execute script before
+EXEC_PRE_SCRIPT=''
 # Set to 'no' for configuration services (no daemon process), leave blank for actual services
 SERVICE_USES_PID=''
 # - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -190,16 +202,22 @@ POST_EXECUTE_WAIT_TIME="1"
 PATH="$PATH:."
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Where to save passwords to
-ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/password for root user
-USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user
+# directory to save username/password for root user
+ROOT_FILE_PREFIX="/config/secure/auth/root"
+# directory to save username/password for normal user
+USER_FILE_PREFIX="/config/secure/auth/user"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # root/admin user info password/random]
-root_user_name="${NGINX_ROOT_USER_NAME:-}" # root user name
-root_user_pass="${NGINX_ROOT_PASS_WORD:-}" # root user password
+# root user name
+root_user_name="${NGINX_ROOT_USER_NAME:-}"
+# root user password
+root_user_pass="${NGINX_ROOT_PASS_WORD:-}"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Normal user info [password/random]
-user_name="${NGINX_USER_NAME:-}"      # normal user name
-user_pass="${NGINX_USER_PASS_WORD:-}" # normal user password
+# normal user name
+user_name="${NGINX_USER_NAME:-}"
+# normal user password
+user_pass="${NGINX_USER_PASS_WORD:-}"
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # Load variables from config
 # Generated by my dockermgr script
@@ -307,8 +325,10 @@ __run_pre_execute_checks() {
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # use this function to update config files - IE: change port
 __update_conf_files() {
-	local exitCode=0                                               # default exit code
-	local sysname="${SERVER_NAME:-${FULL_DOMAIN_NAME:-$HOSTNAME}}" # set hostname
+	# default exit code
+	local exitCode=0
+	# set hostname
+	local sysname="${SERVER_NAME:-${FULL_DOMAIN_NAME:-$HOSTNAME}}"
 	local default_host="$DEFAULT_ONION_SITE"
 	local NEW_SITE="no"
 	# - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -337,7 +357,7 @@ __update_conf_files() {
 		echo "No onion sites found in /run/tor/sites" >&2
 	else
 		for site in "/run/tor/sites"/*; do
-			onion_site="$(basename -- $site)"
+			onion_site="${site##*/}"
 			__onion_site_dir_is_empty "$onion_site" && NEW_SITE="yes" || NEW_SITE="no"
 			[ -d "/data/htdocs/onions/$onion_site" ] || mkdir -p "/data/htdocs/onions/$onion_site"
 			if [ "$default_host" = "$onion_site" ]; then
@@ -386,8 +406,10 @@ __update_conf_files() {
 # - - - - - - - - - - - - - - - - - - - - - - - - -
 # function to run before executing
 __pre_execute() {
-	local exitCode=0                                               # default exit code
-	local sysname="${SERVER_NAME:-${FULL_DOMAIN_NAME:-$HOSTNAME}}" # set hostname
+	# default exit code
+	local exitCode=0
+	# set hostname
+	local sysname="${SERVER_NAME:-${FULL_DOMAIN_NAME:-$HOSTNAME}}"
 	# execute if directories is empty
 	# __is_dir_empty "$CONF_DIR" && true
 	# - - - - - - - - - - - - - - - - - - - - - - - - -