diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 510bba4767534eca393fcd0e899e9426111d9cd6..14066c168c6cf1ad76ef06756028cdea6e6bff71 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -29,338 +29,326 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function wait_for_onion_service {
- onion_service_name="$1"
-
- sleep_ctr=0
- while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
- sleep 1
- sleep_ctr=$((sleep_ctr + 1))
- if [ $sleep_ctr -gt 10 ]; then
- break
- fi
- done
-
- if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
- # restart and try a second time
- systemctl restart tor
- sleep_ctr=0
- while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
- sleep 1
- sleep_ctr=$((sleep_ctr + 1))
- if [ $sleep_ctr -gt 10 ]; then
- break
- fi
- done
- fi
+ onion_service_name="$1"
+
+ sleep_ctr=0
+ while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
+ sleep 1
+ sleep_ctr=$((sleep_ctr + 1))
+ if [ $sleep_ctr -gt 10 ]; then
+ break
+ fi
+ done
+
+ if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
+ # restart and try a second time
+ systemctl restart tor
+ sleep_ctr=0
+ while [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; do
+ sleep 1
+ sleep_ctr=$((sleep_ctr + 1))
+ if [ $sleep_ctr -gt 10 ]; then
+ break
+ fi
+ done
+ fi
}
function remove_onion_service {
- onion_service_name="$1"
- onion_service_port_to=$2
- sed -i "/hidden_service_${onion_service_name}/d" /etc/tor/torrc
- sed -i "/127.0.0.1:${onion_service_port_to}/d" /etc/tor/torrc
- if [ $3 ]; then
- sed -i "/127.0.0.1:${3}/d" /etc/tor/torrc
- if [ $4 ]; then
- sed -i "/127.0.0.1:${4}/d" /etc/tor/torrc
- if [ $5 ]; then
- sed -i "/127.0.0.1:${5}/d" /etc/tor/torrc
- fi
- fi
- fi
- systemctl restart tor
+ onion_service_name="$1"
+ onion_service_port_to=$2
+ sed -i "/hidden_service_${onion_service_name}/d" /etc/tor/torrc
+ sed -i "/127.0.0.1:${onion_service_port_to}/d" /etc/tor/torrc
+ if [ $3 ]; then
+ sed -i "/127.0.0.1:${3}/d" /etc/tor/torrc
+ if [ $4 ]; then
+ sed -i "/127.0.0.1:${4}/d" /etc/tor/torrc
+ if [ $5 ]; then
+ sed -i "/127.0.0.1:${5}/d" /etc/tor/torrc
+ fi
+ fi
+ fi
+ systemctl restart tor
}
function add_onion_service {
- onion_service_name="$1"
- onion_service_port_from=$2
- onion_service_port_to=$3
-
- if [ -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
- echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
- return
- fi
-
- if [ ! -d /var/lib/tor ]; then
- echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
- exit 877367
- fi
- if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
- echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
- echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
- fi
-
- systemctl restart tor
-
- function_check wait_for_onion_service
- wait_for_onion_service ${onion_service_name}
-
- if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
- echo $"${onion_service_name} onion site hostname not found"
- exit 76362
- fi
- echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
+ onion_service_name="$1"
+ onion_service_port_from=$2
+ onion_service_port_to=$3
+
+ if [ -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
+ echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
+ return
+ fi
+
+ if [ ! -d /var/lib/tor ]; then
+ echo $"No Tor installation found. ${onion_service_name} onion site cannot be configured."
+ exit 877367
+ fi
+ if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
+ echo "HiddenServiceDir /var/lib/tor/hidden_service_${onion_service_name}/" >> /etc/tor/torrc
+ echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
+ fi
+
+ systemctl restart tor
+
+ function_check wait_for_onion_service
+ wait_for_onion_service ${onion_service_name}
+
+ if [ ! -f /var/lib/tor/hidden_service_${onion_service_name}/hostname ]; then
+ echo $"${onion_service_name} onion site hostname not found"
+ exit 76362
+ fi
+ echo $(cat /var/lib/tor/hidden_service_${onion_service_name}/hostname)
}
function set_default_onion_domains {
- # If sites are only visible via Tor then for installation
- # purposes assign them some default domain names
- if [[ $ONION_ONLY == "no" ]]; then
- return
- fi
-
- if [ ${#MICROBLOG_DOMAIN_NAME} -gt 1 ]; then
- MICROBLOG_DOMAIN_NAME='microblog.local'
- fi
- if [ ${#FULLBLOG_DOMAIN_NAME} -gt 1 ]; then
- FULLBLOG_DOMAIN_NAME='blog.local'
- fi
- if [ ${#WIKI_DOMAIN_NAME} -gt 1 ]; then
- WIKI_DOMAIN_NAME='wiki.local'
- fi
- if [ ${#DEFAULT_DOMAIN_NAME} -gt 1 ]; then
- DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
- fi
- if [ ${#GIT_DOMAIN_NAME} -gt 1 ]; then
- GIT_DOMAIN_NAME='git.local'
- fi
- if [ ${#MEDIAGOBLIN_DOMAIN_NAME} -gt 1 ]; then
- MEDIAGOBLIN_DOMAIN_NAME='media.local'
- fi
+ # If sites are only visible via Tor then for installation
+ # purposes assign them some default domain names
+ if [[ $ONION_ONLY == "no" ]]; then
+ return
+ fi
+
+ MICROBLOG_DOMAIN_NAME='microblog.local'
+ FULLBLOG_DOMAIN_NAME='blog.local'
+ WIKI_DOMAIN_NAME='wiki.local'
+ DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local"
+ GIT_DOMAIN_NAME='git.local'
+ MEDIAGOBLIN_DOMAIN_NAME='media.local'
}
function create_avahi_onion_domains {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! -d /etc/avahi/services ]; then
- return
- fi
- if [ $MICROBLOG_DOMAIN_NAME ]; then
- function_check create_avahi_service
- create_avahi_service microblog http tcp $MICROBLOG_ONION_PORT
- fi
- if [ $FULLBLOG_DOMAIN_NAME ]; then
- function_check create_avahi_service
- create_avahi_service blog http tcp $BLOG_ONION_PORT
- fi
- if [ $GIT_DOMAIN_NAME ]; then
- function_check create_avahi_service
- create_avahi_service git http tcp $GIT_ONION_PORT
- fi
- if [ $WIKI_DOMAIN_NAME ]; then
- function_check create_avahi_service
- create_avahi_service wiki http tcp $WIKI_ONION_PORT
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! -d /etc/avahi/services ]; then
+ return
+ fi
+ if [ $MICROBLOG_DOMAIN_NAME ]; then
+ function_check create_avahi_service
+ create_avahi_service microblog http tcp $MICROBLOG_ONION_PORT
+ fi
+ if [ $FULLBLOG_DOMAIN_NAME ]; then
+ function_check create_avahi_service
+ create_avahi_service blog http tcp $BLOG_ONION_PORT
+ fi
+ if [ $GIT_DOMAIN_NAME ]; then
+ function_check create_avahi_service
+ create_avahi_service git http tcp $GIT_ONION_PORT
+ fi
+ if [ $WIKI_DOMAIN_NAME ]; then
+ function_check create_avahi_service
+ create_avahi_service wiki http tcp $WIKI_ONION_PORT
+ fi
}
function allow_ssh_to_onion_address {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if [ ! -d /home/$MY_USERNAME/.ssh ]; then
- mkdir /home/$MY_USERNAME/.ssh
- fi
- if [ ! -d /etc/tor ]; then
- echo $'Tor not found when updating ssh'
- exit 528257
- fi
- if ! grep -q "onion" /home/$MY_USERNAME/.ssh/config; then
- echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
- echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
- fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if [ ! -d /home/$MY_USERNAME/.ssh ]; then
+ mkdir /home/$MY_USERNAME/.ssh
+ fi
+ if [ ! -d /etc/tor ]; then
+ echo $'Tor not found when updating ssh'
+ exit 528257
+ fi
+ if ! grep -q "onion" /home/$MY_USERNAME/.ssh/config; then
+ echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
+ echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
+ fi
}
function enable_ssh_via_onion {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "enable_ssh_via_onion" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install tor connect-proxy
- if ! grep -q 'Host *.onion' /home/$MY_USERNAME/.ssh/config; then
- if [ ! -d /home/$MY_USERNAME/.ssh ]; then
- mkdir /home/$MY_USERNAME/.ssh
- fi
- echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
- echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh/config
- fi
- if ! grep -q 'Host *.onion' /root/.ssh/config; then
- if [ ! -d /root/.ssh ]; then
- mkdir /root/.ssh
- fi
- echo 'Host *.onion' >> /root/.ssh/config
- echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /root/.ssh/config
- fi
- echo 'enable_ssh_via_onion' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "enable_ssh_via_onion" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install tor connect-proxy
+ if ! grep -q 'Host *.onion' /home/$MY_USERNAME/.ssh/config; then
+ if [ ! -d /home/$MY_USERNAME/.ssh ]; then
+ mkdir /home/$MY_USERNAME/.ssh
+ fi
+ echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config
+ echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh/config
+ fi
+ if ! grep -q 'Host *.onion' /root/.ssh/config; then
+ if [ ! -d /root/.ssh ]; then
+ mkdir /root/.ssh
+ fi
+ echo 'Host *.onion' >> /root/.ssh/config
+ echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /root/.ssh/config
+ fi
+ echo 'enable_ssh_via_onion' >> $COMPLETION_FILE
}
function configure_ssh_onion {
- if grep -Fxq "configure_ssh_onion" $COMPLETION_FILE; then
- return
- fi
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
-
- SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT})
-
- if ! grep -q "ssh onion domain" $COMPLETION_FILE; then
- echo "ssh onion domain:${SSH_ONION_HOSTNAME}" >> $COMPLETION_FILE
- else
- sed -i "s|ssh onion domain.*|ssh onion domain:${SSH_ONION_HOSTNAME}|g" $COMPLETION_FILE
- fi
-
- echo 'configure_ssh_onion' >> $COMPLETION_FILE
+ if grep -Fxq "configure_ssh_onion" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+
+ SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT})
+
+ if ! grep -q "ssh onion domain" $COMPLETION_FILE; then
+ echo "ssh onion domain:${SSH_ONION_HOSTNAME}" >> $COMPLETION_FILE
+ else
+ sed -i "s|ssh onion domain.*|ssh onion domain:${SSH_ONION_HOSTNAME}|g" $COMPLETION_FILE
+ fi
+
+ echo 'configure_ssh_onion' >> $COMPLETION_FILE
}
function install_tor {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "install_tor" $COMPLETION_FILE; then
- return
- fi
- apt-get -y install tor
- if [ ! -f /etc/tor/torrc ]; then
- echo 'Tor failed to install'
- exit 38259
- fi
- echo 'install_tor' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "install_tor" $COMPLETION_FILE; then
+ return
+ fi
+ apt-get -y install tor
+ if [ ! -f /etc/tor/torrc ]; then
+ echo 'Tor failed to install'
+ exit 38259
+ fi
+ echo 'install_tor' >> $COMPLETION_FILE
}
function resolve_dns_via_tor {
- if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
- return
- fi
- if grep -Fxq "resolve_dns_via_tor" $COMPLETION_FILE; then
- return
- fi
- if [ ! -f /etc/tor/torrc ]; then
- echo $'tor was not installed'
- exit 52952
- fi
-
- # resolve DNS via tor
- if ! grep 'DNSPort 53' /etc/tor/torrc; then
- echo 'DNSPort 53' >> /etc/tor/torrc
- echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
- echo 'AutomapHostsSuffixes .exit,.onion' >> /etc/tor/torrc
- systemctl restart tor
- fi
-
- # don't change resolv.conf
- sed -i 's|, domain-name-servers||g' /etc/dhcp/dhclient.conf
-
- # point resolv.conf to tor
- echo 'nameserver 127.0.0.1:53' > /etc/resolv.conf
-
- # prevent resolv.conf from changing
- chattr +i /etc/resolv.conf
-
- echo 'resolve_dns_via_tor' >> $COMPLETION_FILE
+ if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
+ return
+ fi
+ if grep -Fxq "resolve_dns_via_tor" $COMPLETION_FILE; then
+ return
+ fi
+ if [ ! -f /etc/tor/torrc ]; then
+ echo $'tor was not installed'
+ exit 52952
+ fi
+
+ # resolve DNS via tor
+ if ! grep 'DNSPort 53' /etc/tor/torrc; then
+ echo 'DNSPort 53' >> /etc/tor/torrc
+ echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
+ echo 'AutomapHostsSuffixes .exit,.onion' >> /etc/tor/torrc
+ systemctl restart tor
+ fi
+
+ # don't change resolv.conf
+ sed -i 's|, domain-name-servers||g' /etc/dhcp/dhclient.conf
+
+ # point resolv.conf to tor
+ echo 'nameserver 127.0.0.1:53' > /etc/resolv.conf
+
+ # prevent resolv.conf from changing
+ chattr +i /etc/resolv.conf
+
+ echo 'resolve_dns_via_tor' >> $COMPLETION_FILE
}
# see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
# Local Redirection and Anonymizing Middlebox
function route_outgoing_traffic_through_tor {
- if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then
- return
- fi
- if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
- return
- fi
- apt-get -y install tor tor-arm
-
- ### set variables
- # Destinations you don't want routed through Tor
- _non_tor="192.168.1.0/24 192.168.0.0/24"
-
- # The user that Tor runs as
- _tor_uid="debian-tor"
-
- # Tor's TransPort
- _trans_port="9040"
-
- # Your internal interface
- _int_if="eth0"
-
- ### Set iptables *nat
- iptables -t nat -A OUTPUT -o lo -j RETURN
- iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
- iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
-
- # Allow clearnet access for hosts in $_non_tor
- for _clearnet in $_non_tor; do
- iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
- iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
- done
-
- # Redirect all other pre-routing and output to Tor
- iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
- iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53
- iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port
-
- ### set iptables *filter
- iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-
- # Allow clearnet access for hosts in $_non_tor
- for _clearnet in $_non_tor 127.0.0.0/8; do
- iptables -A OUTPUT -d $_clearnet -j ACCEPT
- done
-
- # Allow only Tor output
- iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
- iptables -A OUTPUT -j REJECT
-
- function_check save_firewall_settings
- save_firewall_settings
-
- if ! grep -q "fs.file-max" /etc/sysctl.conf; then
- echo "fs.file-max=100000" >> /etc/sysctl.conf
- /sbin/sysctl -p
- fi
-
- echo 'domain localdomain' > /etc/resolv.conf
- echo 'search localdomain' >> /etc/resolv.conf
- echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
-
- if ! grep -q "VirtualAddrNetworkIPv4" /etc/tor/torrc; then
- echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >> /etc/tor/torrc
- fi
-
- if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
- echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
- fi
-
- if ! grep -q "TransPort" /etc/tor/torrc; then
- echo 'TransPort 9040' >> /etc/tor/torrc
- fi
-
- if ! grep -q "TransListenAddress 127.0.0.1" /etc/tor/torrc; then
- echo 'TransListenAddress 127.0.0.1' >> /etc/tor/torrc
- fi
-
- if ! grep -q "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
- echo "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
- fi
-
- if ! grep -q "DNSPort" /etc/tor/torrc; then
- echo 'DNSPort 53' >> /etc/tor/torrc
- fi
-
- if ! grep -q "DNSListenAddress 127.0.0.1" /etc/tor/torrc; then
- echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
- fi
-
- if ! grep -q "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
- echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
- fi
-
- echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE
+ if grep -Fxq "route_outgoing_traffic_through_tor" $COMPLETION_FILE; then
+ return
+ fi
+ if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
+ return
+ fi
+ apt-get -y install tor tor-arm
+
+ ### set variables
+ # Destinations you don't want routed through Tor
+ _non_tor="192.168.1.0/24 192.168.0.0/24"
+
+ # The user that Tor runs as
+ _tor_uid="debian-tor"
+
+ # Tor's TransPort
+ _trans_port="9040"
+
+ # Your internal interface
+ _int_if="eth0"
+
+ ### Set iptables *nat
+ iptables -t nat -A OUTPUT -o lo -j RETURN
+ iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
+ iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
+
+ # Allow clearnet access for hosts in $_non_tor
+ for _clearnet in $_non_tor; do
+ iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
+ iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN
+ done
+
+ # Redirect all other pre-routing and output to Tor
+ iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
+ iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53
+ iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port
+
+ ### set iptables *filter
+ iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+ # Allow clearnet access for hosts in $_non_tor
+ for _clearnet in $_non_tor 127.0.0.0/8; do
+ iptables -A OUTPUT -d $_clearnet -j ACCEPT
+ done
+
+ # Allow only Tor output
+ iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
+ iptables -A OUTPUT -j REJECT
+
+ function_check save_firewall_settings
+ save_firewall_settings
+
+ if ! grep -q "fs.file-max" /etc/sysctl.conf; then
+ echo "fs.file-max=100000" >> /etc/sysctl.conf
+ /sbin/sysctl -p
+ fi
+
+ echo 'domain localdomain' > /etc/resolv.conf
+ echo 'search localdomain' >> /etc/resolv.conf
+ echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
+
+ if ! grep -q "VirtualAddrNetworkIPv4" /etc/tor/torrc; then
+ echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >> /etc/tor/torrc
+ fi
+
+ if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
+ echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
+ fi
+
+ if ! grep -q "TransPort" /etc/tor/torrc; then
+ echo 'TransPort 9040' >> /etc/tor/torrc
+ fi
+
+ if ! grep -q "TransListenAddress 127.0.0.1" /etc/tor/torrc; then
+ echo 'TransListenAddress 127.0.0.1' >> /etc/tor/torrc
+ fi
+
+ if ! grep -q "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
+ echo "TransListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
+ fi
+
+ if ! grep -q "DNSPort" /etc/tor/torrc; then
+ echo 'DNSPort 53' >> /etc/tor/torrc
+ fi
+
+ if ! grep -q "DNSListenAddress 127.0.0.1" /etc/tor/torrc; then
+ echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
+ fi
+
+ if ! grep -q "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" /etc/tor/torrc; then
+ echo "DNSListenAddress $LOCAL_NETWORK_STATIC_IP_ADDRESS" >> /etc/tor/torrc
+ fi
+
+ echo 'route_outgoing_traffic_through_tor' >> $COMPLETION_FILE
}
# NOTE: deliberately no exit 0