feat: making the script insta fail if off

assets/entrypoint.sh

@@ -1,28 +1,67 @@
 #!/bin/sh
+set -e
 
-# Defaults
-ENABLE_VANGUARDS=${ENABLE_VANGUARDS:-true}
-ENABLE_TOR=${ENABLE_TOR:-true}
+# --- Configuration ---
+TOR_CONFIG="/etc/tor/torrc"
+# Default to /var/lib/tor if not set
+DATA_DIR="${TOR_DATA_DIR:-/var/lib/tor}"
 
-# Sync with internal variable used by Onions.py
-export TOR_ENABLE_VANGUARDS="$ENABLE_VANGUARDS"
+echo "Starting Tor Configuration..."
 
-# If user specifically requests to disable Vanguards
-if [ "$ENABLE_VANGUARDS" = "false" ]; then
-    echo "Disabling Vanguards service..."
-    sed -i '/- vanguards/d' /entrypoint-config.yml
-fi
+# 1. Reset the Config File
+echo "DataDirectory $DATA_DIR" > "$TOR_CONFIG"
+echo "User tor" >> "$TOR_CONFIG"
 
-# If user specifically requests to disable Tor (e.g. for sidecar mode)
-if [ "$ENABLE_TOR" = "false" ]; then
-    echo "Disabling Tor service..."
-    sed -i '/- tor/d' /entrypoint-config.yml
+# 2. Handle Control Password (The Magic Hashing)
+if [ -n "$TOR_CONTROL_PASSWORD" ]; then
+    echo "Hashing provided control password..."
+    # Generate the hash using Tor itself
+    HASHED_PASSWORD=$(tor --quiet --hash-password "$TOR_CONTROL_PASSWORD" | tail -n 1)
     
-    # In sidecar mode, we don't want to auto-resolve the control port using local defaults.
-    # We remove the line that sets TOR_CONTROL_PORT via 'onions --resolve-control-port'
-    # so that the environment variable passed to the container is preserved.
-    sed -i '/TOR_CONTROL_PORT: onions --resolve-control-port/d' /entrypoint-config.yml
+    if [ -z "$HASHED_PASSWORD" ]; then
+        echo "Error: Failed to hash password."
+        exit 1
+    fi
+    
+    echo "ControlPort 0.0.0.0:9051" >> "$TOR_CONFIG"
+    echo "HashedControlPassword $HASHED_PASSWORD" >> "$TOR_CONFIG"
+    echo "Control Password set."
+else
+    echo "Warning: No TOR_CONTROL_PASSWORD set. Control port disabled."
 fi
 
-# Pass control to pyentrypoint
-exec pyentrypoint "$@"
+# 3. Handle Hidden Services (The Magic Parsing)
+# Expected Format: "80:container_name:80 22:container_name:22"
+if [ -n "$HIDDEN_SERVICE_HOSTS" ]; then
+    echo "HiddenServiceDir $DATA_DIR/hidden_service/" >> "$TOR_CONFIG"
+    echo "HiddenServiceVersion 3" >> "$TOR_CONFIG"
+
+    # Split the string by spaces
+    for rule in $HIDDEN_SERVICE_HOSTS; do
+        # Validate format: Port:Host:Port (using grep regex)
+        if ! echo "$rule" | grep -qE '^[0-9]+:[a-zA-Z0-9.-]+:[0-9]+$'; then
+            echo "CRITICAL ERROR: Invalid format in HIDDEN_SERVICE_HOSTS: '$rule'"
+            echo "Expected format: ExternalPort:ContainerHost:InternalPort (e.g., 80:my-web:80)"
+            exit 1
+        fi
+
+        # Extract parts
+        EXT_PORT=$(echo "$rule" | cut -d: -f1)
+        HOST=$(echo "$rule" | cut -d: -f2)
+        INT_PORT=$(echo "$rule" | cut -d: -f3)
+
+        echo "Adding Hidden Service Rule: Onion:$EXT_PORT -> $HOST:$INT_PORT"
+        echo "HiddenServicePort $EXT_PORT $HOST:$INT_PORT" >> "$TOR_CONFIG"
+    done
+else
+    echo "Error: HIDDEN_SERVICE_HOSTS is empty. Tor has nothing to serve."
+    exit 1
+fi
+
+# 4. Ownership Fix (Crucial for Docker volumes)
+mkdir -p "$DATA_DIR/hidden_service/"
+chown -R tor:root "$DATA_DIR"
+chmod 700 "$DATA_DIR"
+
+echo "Configuration successful. Starting Tor..."
+exec tor -f "$TOR_CONFIG"