add privoxy and tor

manifests/deployments/privoxy.yaml

@@ -0,0 +1,77 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: privoxy
+  namespace: darkdork-dev
+spec:
+  ports:
+    - port: 8118
+      targetPort: 8118
+      protocol: TCP
+  selector:
+    app: privoxy
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: privoxy
+  namespace: darkdork-dev
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: privoxy
+  template:
+    metadata:
+      labels:
+        app: privoxy
+    spec:
+      imagePullSecrets:
+        - name: registry-credentials
+      containers:
+        - name: privoxy
+          image: cr.forge.lan/darkdork-dev/privoxy
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8118
+          volumeMounts:
+          - name: privoxy-config
+            mountPath: /etc/privoxy/config
+            subPath: config
+      volumes:
+      - name: privoxy-config
+        configMap:
+          name: privoxy-config
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: privoxy-config
+  namespace: darkdork-dev
+data:
+  config: |
+    confdir /etc/privoxy
+    logdir /var/log/privoxy
+    logfile privoxy.log
+    listen-address  0.0.0.0:8118
+    toggle  0
+    enable-remote-toggle  0
+    enable-remote-http-toggle  0
+    enable-edit-actions 0
+    enforce-blocks 0
+    buffer-limit 4096
+    enable-proxy-authentication-forwarding 0
+    forwarded-connect-retries  0
+    accept-intercepted-requests 0
+    allow-cgi-request-crunching 0
+    split-large-forms 0
+    keep-alive-timeout 5
+    tolerate-pipelining 1
+    socket-timeout 300
+
+    # debug 13313
+    forward-socks5 / 10.8.0.1:1080 .
+    forward-socks5t .onion tor:9050 .
+    forward minio/ .
+

manifests/deployments/tor.yaml

@@ -0,0 +1,54 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: tor
+  namespace: darkdork-dev
+spec:
+  ports:
+    - port: 9050
+      targetPort: 9050
+      protocol: TCP
+  selector:
+    app: tor
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tor
+  namespace: darkdork-dev
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tor
+  template:
+    metadata:
+      labels:
+        app: tor
+    spec:
+      imagePullSecrets:
+        - name: registry-credentials
+      containers:
+        - name: tor
+          image: cr.forge.lan/darkdork-dev/tor
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8118
+          volumeMounts:
+          - name: tor-config
+            mountPath: /etc/tor/torrc
+            subPath: torrc
+      volumes:
+      - name: tor-config
+        configMap:
+          name: tor-config
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tor-config
+  namespace: darkdork-dev
+data:
+  torrc: |
+    SocksPort 0.0.0.0:9050

pleroma/Dockerfile

@@ -9,7 +9,7 @@ RUN wget 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/dow
 RUN unzip /tmp/pleroma.zip -d /tmp/
 
 RUN apk update && \
-    apk add exiftool ffmpeg vips libmagic ncurses postgresql-client
+    apk add exiftool ffmpeg vips libmagic ncurses postgresql-client curl
 
 RUN	adduser --system --shell /bin/false --home ${HOME} pleroma &&\
     mkdir -p ${DATA} &&\
@@ -22,7 +22,7 @@ RUN	adduser --system --shell /bin/false --home ${HOME} pleroma &&\
 RUN rm -r /tmp/release
 RUN rm /tmp/pleroma.zip
 
-# USER pleroma
+USER pleroma
 
 COPY --chmod=0764 --chown=pleroma ./static-files/ /static-files/
 COPY --chmod=0640 --chown=pleroma ./docker.exs /etc/pleroma/config.exs

pleroma/docker.exs

@@ -20,8 +20,9 @@ config :pleroma, :instance,
   invites_enabled: true,
   healthcheck: true
 
+# config :pleroma, :http, proxy_url: {:socks5h, System.get_env("SOCKS_ADDRESS"), System.get_env("SOCKS_PORT")}
 config :pleroma, :http,
-  proxy_url: { :socks5, {10, 8, 0, 1}, 1080 }
+  proxy_url: "http://privoxy:8118"
 
 
 config :pleroma, :media_proxy,

privoxy/Dockerfile

@@ -0,0 +1,9 @@
+FROM alpine
+
+RUN apk update
+
+RUN apk add privoxy
+
+EXPOSE 8118
+
+ENTRYPOINT ["privoxy", "--user", "privoxy.privoxy", "--no-daemon", "/etc/privoxy/config"]

tor/Dockerfile

@@ -0,0 +1,11 @@
+FROM alpine
+
+RUN apk update
+
+RUN apk add tor
+
+EXPOSE 9050
+
+USER tor
+
+ENTRYPOINT ["tor"]