tor: add 10 relay nodes to docker

src/interfaces/docker_interface.py

@@ -14,6 +14,7 @@
 from services.tor_da import TorDA
 from services.fork_observer import ForkObserver
 from services.fluentd import Fluentd
+from services.tor_relay import TorRelay
 from templates import TEMPLATES
 from warnet.tank import Tank, CONTAINER_PREFIX_BITCOIND
 from warnet.utils import bubble_exception_str, parse_raw_messages, default_bitcoin_conf_args, set_execute_permission
@@ -59,7 +60,8 @@ def build(self) -> bool:
 
     @bubble_exception_str
     def up(self):
-        command = ["docker", "compose", "up", "--detach"]
+        # Give ourselves a good chance at making circuits with 10 relays
+        command = ["docker", "compose", "up", "--scale", "torrelay=10", "--detach"]
         try:
             with subprocess.Popen(
                 command,
@@ -201,6 +203,7 @@ def _write_docker_compose(self, warnet):
             # NodeExporter(warnet.network_name),
             # Grafana(warnet.network_name),
             TorDA(warnet.network_name, TEMPLATES),
+            TorRelay(warnet.network_name, TEMPLATES),
             ForkObserver(warnet.network_name, warnet.fork_observer_config),
             Fluentd(warnet.network_name, warnet.config_dir),
         ]
@@ -335,6 +338,9 @@ def warnet_from_deployment(self, warnet):
 
     def tank_from_deployment(self, service, warnet):
         rex = fr"{warnet.network_name}_{CONTAINER_PREFIX_BITCOIND}_([0-9]{{6}})"
+        # Not a tank, maybe a scaled service
+        if not "container_name" in service:
+            return None
         match = re.match(rex, service["container_name"])
         if match is None:
             return None

src/services/tor_relay.py

@@ -0,0 +1,16 @@
+from .base_service import BaseService
+
+DOCKERFILE = "Dockerfile_tor_relay"
+
+
+class TorRelay(BaseService):
+    def __init__(self, docker_network, templates):
+        super().__init__(docker_network)
+        self.templates = templates
+        self.service = {
+            "build": {
+                "context": str(self.templates),
+                "dockerfile": DOCKERFILE,
+            },
+            "networks": [ self.docker_network ],
+        }

src/templates/Dockerfile_tor_relay

@@ -0,0 +1,17 @@
+FROM debian:bookworm-slim
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y tor iproute2 gosu
+
+RUN mkdir -p /home/debian-tor/.tor/keys
+RUN chown -R debian-tor:debian-tor /home/debian-tor
+RUN mkdir -p /var/log/tor
+RUN chown -R debian-tor:debian-tor /var/log/tor
+
+COPY torrc.relay /etc/tor/torrc
+
+EXPOSE 9050
+
+COPY tor-entrypoint.sh /entrypoint.sh
+ENTRYPOINT /entrypoint.sh
+CMD ["tor", "-f", "/etc/tor/torrc"]

src/templates/tor-entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+
+echo "Address $(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)" >> /etc/tor/torrc
+# mkdir -p /home/debian-tor/.tor/keys
+# chown -R debian-tor:debian-tor /home/debian-tor
+gosu debian-tor tor -f /etc/tor/torrc

src/templates/torrc

@@ -30,6 +30,5 @@ ConstrainedSockets 1
 ConstrainedSockSize 8192 Bytes
 NumEntryGuards 1
 NumDirectoryGuards 1
-UseMicrodescriptors 1
 
 # `Address <w.x.y.z>` will be added by docker_entrypoint.sh

src/templates/torrc.da

@@ -3,6 +3,7 @@ Log err stdout
 DataDirectory /home/debian-tor/.tor
 RunAsDaemon 0
 ControlPort 9051
+ORPort 9001 IPv4Only
 CookieAuthentication 1
 CookieAuthFileGroupReadable 1
 DataDirectoryGroupReadable 1
@@ -15,36 +16,26 @@ ClientUseIPv4 1
 # Relay
 DirAuthority orport=9001 no-v2 v3ident=15E09A6BE3619593076D8324A2E1DBEEAD4539CD 100.20.15.18:9030 03E942A4F12D85B2CF7CBA4E910F321AE98EC233
 AssumeReachable 1
-PathsNeededToBuildCircuits 0.25
-TestingDirAuthVoteExit *
-TestingDirAuthVoteHSDir *
-V3AuthNIntervalsValid 2
 
 # Directory Authority
+DirPort 9030 IPv4Only
 AuthoritativeDirectory 1
 V3AuthoritativeDirectory 1
+PathsNeededToBuildCircuits 0.25
+TestingDirAuthVoteExit *
+TestingDirAuthVoteHSDir *
+V3AuthNIntervalsValid 2
 ContactInfo [email protected]
-ORPort 9001 IPv4Only
-DirPort 9030 IPv4Only
-
 
 # Reduce resource usage
-MaxMemInQueues 64 Mbytes
+MaxMemInQueues 200 Mbytes
 BridgeRecordUsageByCountry 0
 DirReqStatistics 0
 ExtraInfoStatistics 0
 HiddenServiceStatistics 0
 OverloadStatistics 0
 PaddingStatistics 0
-BandwidthBurst 10 Mbytes
-BandwidthRate 10 Mbytes
 ConstrainedSockets 1
 ConstrainedSockSize 8192 Bytes
 
-DoSCircuitCreationEnabled 0
-DoSCircuitCreationDefenseType 1
-
-TestingV3AuthInitialDistDelay 30 seconds
-TestingV3AuthInitialVotingInterval 60 seconds
-
 Address 100.20.15.18

src/templates/torrc.relay

@@ -0,0 +1,37 @@
+# Common
+Log err stdout
+DataDirectory /home/debian-tor/.tor
+RunAsDaemon 0
+ControlPort 9051
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+DataDirectoryGroupReadable 1
+ORPort 9001
+ExitPolicy accept *:*
+TestingTorNetwork 1
+ClientUseIPv6 0
+ClientUseIPv4 1
+
+# Relay
+DirAuthority orport=9001 no-v2 v3ident=15E09A6BE3619593076D8324A2E1DBEEAD4539CD 100.20.15.18:9030 03E942A4F12D85B2CF7CBA4E910F321AE98EC233
+AssumeReachable 1
+PathsNeededToBuildCircuits 0.25
+TestingDirAuthVoteExit *
+TestingDirAuthVoteHSDir *
+V3AuthNIntervalsValid 2
+
+# Reduce resource usage
+MaxMemInQueues 64 Mbytes
+BridgeRecordUsageByCountry 0
+DirReqStatistics 0
+ExtraInfoStatistics 0
+HiddenServiceStatistics 0
+OverloadStatistics 0
+PaddingStatistics 0
+ConstrainedSockets 1
+ConstrainedSockSize 8192 Bytes
+# NumEntryGuards 1
+# NumDirectoryGuards 1
+# UseMicrodescriptors 1
+
+# `Address <w.x.y.z>` will be added by tor-entrypoint.sh