From 67c1436670a86aca28833a016b7949e07672ef1b Mon Sep 17 00:00:00 2001
From: NW <nw@softuniq.eu>
Date: Wed, 24 Jun 2026 11:45:43 +0100
Subject: [PATCH] feat: save onion addresses to file and .env on host

- entrypoint.sh: background process writes onion-hosts.txt with SSH_ONION and ADMIN_ONION
- docker-compose.yml: bind mount tor-proxy/hosts for onion address persistence on host
- tor-proxy/get-onions.sh: reads onion addresses and updates .env with ADMIN_URL, SSH_ONION, ADMIN_ONION
- .gitignore: exclude tor-proxy/hosts/onion-hosts.txt (secret)
- tor-proxy/hosts/.gitkeep: ensure directory exists in git
---
 .gitignore               |  3 ++
 docker-compose.yml       |  1 +
 tor-proxy/entrypoint.sh  | 26 ++++++++++++++++
 tor-proxy/get-onions.sh  | 66 ++++++++++++++++++++++++++++++++++++++++
 tor-proxy/hosts/.gitkeep |  0
 5 files changed, 96 insertions(+)
 create mode 100755 tor-proxy/get-onions.sh
 create mode 100644 tor-proxy/hosts/.gitkeep

diff --git a/.gitignore b/.gitignore
index fd8e6ad..748c00b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,6 +37,9 @@ AGENTS.md
 # Local workspace / worktrees
 .work/
 
+# Tor onion addresses (secret)
+tor-proxy/hosts/onion-hosts.txt
+
 # Python cache
 __pycache__/
 *.pyc
diff --git a/docker-compose.yml b/docker-compose.yml
index 6874b49..045ba3a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,6 +42,7 @@ services:
       ADMIN_PORT: ${ADMIN_PORT:-3001}
     volumes:
       - tor_data:/var/lib/tor
+      - ./tor-proxy/hosts:/onion-hosts
     extra_hosts:
       - "host.docker.internal:host-gateway"
     networks:
diff --git a/tor-proxy/entrypoint.sh b/tor-proxy/entrypoint.sh
index 33bdb43..f21afb4 100644
--- a/tor-proxy/entrypoint.sh
+++ b/tor-proxy/entrypoint.sh
@@ -53,5 +53,31 @@ EOF
 echo "torrc contents:"
 cat /etc/tor/torrc
 
+mkdir -p /onion-hosts
+
+( \
+  echo "Waiting for onion addresses..."; \
+  for i in $(seq 1 120); do \
+    SSH_H=""; ADMIN_H=""; \
+    [ -s /var/lib/tor/ssh/hostname ] && SSH_H=$(cat /var/lib/tor/ssh/hostname); \
+    [ -s /var/lib/tor/admin/hostname ] && ADMIN_H=$(cat /var/lib/tor/admin/hostname); \
+    if [ -n "$SSH_H" ] && [ -n "$ADMIN_H" ]; then \
+      cat > /onion-hosts/onion-hosts.txt <<CONF
+# Tor Onion Addresses - auto-generated at $(date -u +%Y-%m-%dT%H:%M:%SZ)
+# Do not edit manually - overwritten on container restart
+SSH_ONION=${SSH_H}
+ADMIN_ONION=${ADMIN_H}
+# Usage:
+#   SSH:    torify ssh user@${SSH_H}
+#   Admin:  open http://${ADMIN_H} in Tor Browser
+CONF
+      echo "Onion addresses saved to /onion-hosts/onion-hosts.txt"; \
+      exit 0; \
+    fi; \
+    sleep 2; \
+  done; \
+  echo "WARNING: Timed out waiting for onion addresses"; \
+) &
+
 echo "Starting Tor..."
 exec tor -f /etc/tor/torrc
\ No newline at end of file
diff --git a/tor-proxy/get-onions.sh b/tor-proxy/get-onions.sh
new file mode 100755
index 0000000..062c93c
--- /dev/null
+++ b/tor-proxy/get-onions.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$0")/.."
+
+echo "Reading onion addresses from tor-proxy/hosts/onion-hosts.txt..."
+
+ONION_FILE="tor-proxy/hosts/onion-hosts.txt"
+
+if [ ! -f "$ONION_FILE" ]; then
+    echo "ERROR: $ONION_FILE not found. Is tor-proxy container running?"
+    echo "Run: docker compose up -d && sleep 30 && $0"
+    exit 1
+fi
+
+SSH_ONION=$(grep '^SSH_ONION=' "$ONION_FILE" | cut -d= -f2 | tr -d ' ')
+ADMIN_ONION=$(grep '^ADMIN_ONION=' "$ONION_FILE" | cut -d= -f2 | tr -d ' ')
+
+if [ -z "$SSH_ONION" ] || [ -z "$ADMIN_ONION" ]; then
+    echo "ERROR: Onion addresses not found in $ONION_FILE"
+    echo "Contents:"
+    cat "$ONION_FILE"
+    exit 1
+fi
+
+echo ""
+echo "============================================================"
+echo "  Onion services"
+echo "============================================================"
+echo "  SSH   : ${SSH_ONION}  (port 22 -> host SSH)"
+echo "  Admin : ${ADMIN_ONION}  (port 80 -> telegram_shop_prod:3001)"
+echo "============================================================"
+echo ""
+echo "Usage:"
+echo "  SSH    : torify ssh root@${SSH_ONION}"
+echo "  Admin  : open http://${ADMIN_ONION} in Tor Browser"
+echo ""
+
+if [ -f .env ]; then
+    ADMIN_URL="http://${ADMIN_ONION}"
+    if grep -q '^ADMIN_URL=' .env; then
+        sed -i "s|^ADMIN_URL=.*|ADMIN_URL=${ADMIN_URL}|" .env
+        echo "Updated ADMIN_URL in .env: ${ADMIN_URL}"
+    else
+        echo "" >> .env
+        echo "# Auto-updated by tor-proxy/get-onions.sh" >> .env
+        echo "ADMIN_URL=${ADMIN_URL}" >> .env
+        echo "Added ADMIN_URL to .env: ${ADMIN_URL}"
+    fi
+
+    if grep -q '^SSH_ONION=' .env; then
+        sed -i "s|^SSH_ONION=.*|SSH_ONION=${SSH_ONION}|" .env
+        echo "Updated SSH_ONION in .env: ${SSH_ONION}"
+    else
+        echo "SSH_ONION=${SSH_ONION}" >> .env
+        echo "Added SSH_ONION to .env: ${SSH_ONION}"
+    fi
+
+    if grep -q '^ADMIN_ONION=' .env; then
+        sed -i "s|^ADMIN_ONION=.*|ADMIN_ONION=${ADMIN_ONION}|" .env
+        echo "Updated ADMIN_ONION in .env: ${ADMIN_ONION}"
+    else
+        echo "ADMIN_ONION=${ADMIN_ONION}" >> .env
+        echo "Added ADMIN_ONION to .env: ${ADMIN_ONION}"
+    fi
+fi
\ No newline at end of file
diff --git a/tor-proxy/hosts/.gitkeep b/tor-proxy/hosts/.gitkeep
new file mode 100644
index 0000000..e69de29