Migrate to new tor-server image (#1191)

3 years ago · 73b5aeff47
10 changed files with 220 additions and 249 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,49 +1,30 @@
 version: '3.7'

 services:
-        tor:
+        tor_proxy:
                container_name: tor
                image: lncm/tor:0.4.5.7@sha256:a83e0d9fd1a35adf025f2f34237ec1810e2a59765988dce1dfb222ca8ef6583c
                user: toruser
                restart: on-failure
                volumes:
-                    - ${PWD}/tor/torrc-umbrel:/etc/tor/torrc
+                    - ${PWD}/tor/torrc-proxy:/etc/tor/torrc
                    - ${PWD}/tor/data:/var/lib/tor/
                ports:
                  - "127.0.0.1:$TOR_PROXY_PORT:$TOR_PROXY_PORT"
                networks:
                    default:
                        ipv4_address: $TOR_PROXY_IP
-        app_tor:
-                image: lncm/tor:0.4.5.7@sha256:a83e0d9fd1a35adf025f2f34237ec1810e2a59765988dce1dfb222ca8ef6583c
-                user: toruser
-                restart: on-failure
-                volumes:
-                    - ${PWD}/tor/torrc-apps:/etc/tor/torrc
-                    - ${PWD}/tor/data:/var/lib/tor/
-                networks:
-                    default:
-                        ipv4_address: $APPS_TOR_IP
-        app_2_tor:
-                image: lncm/tor:0.4.5.7@sha256:a83e0d9fd1a35adf025f2f34237ec1810e2a59765988dce1dfb222ca8ef6583c
-                user: toruser
+        tor_server:
+                image: getumbrel/tor-server:0.4.6.8@sha256:a81797e4a6b0c4709dd6f7c5543ab99e318af329bdf728c5b267f412c51b9a31
                restart: on-failure
                volumes:
-                    - ${PWD}/tor/torrc-apps-2:/etc/tor/torrc
-                    - ${PWD}/tor/data:/var/lib/tor/
-                networks:
-                    default:
-                        ipv4_address: $APPS_2_TOR_IP
-        app_3_tor:
-                image: lncm/tor:0.4.5.7@sha256:a83e0d9fd1a35adf025f2f34237ec1810e2a59765988dce1dfb222ca8ef6583c
-                user: toruser
-                restart: on-failure
-                volumes:
-                    - ${PWD}/tor/torrc-apps-3:/etc/tor/torrc
-                    - ${PWD}/tor/data:/var/lib/tor/
+                    - ${PWD}/tor/torrc-server:/torrc
+                    - ${PWD}/tor/data:/data
+                environment:
+                    HS_PER_PROCESS: "10"
                networks:
                    default:
-                        ipv4_address: $APPS_3_TOR_IP
+                        ipv4_address: $TOR_SERVER_IP
        nginx:
                container_name: nginx
                image: nginx:1.17.8@sha256:380eb808e2a3b0dd954f92c1cae2f845e6558a15037efefcabc5b4e03d666d03
@ -60,7 +41,7 @@ services:
        bitcoin:
                container_name: bitcoin
                image: lncm/bitcoind:v22.0@sha256:37a1adb29b3abc9f972f0d981f45e41e5fca2e22816a023faa9fdc0084aa4507
-                depends_on: [ tor, manager, nginx ]
+                depends_on: [ tor_proxy, manager, nginx ]
                volumes:
                        - ${PWD}/bitcoin:/data/.bitcoin
                restart: on-failure
@ -74,7 +55,7 @@ services:
                container_name: lnd
                image: lightninglabs/lnd:v0.14.1-beta@sha256:810f290f4da51adaf57d53bc1f1e65b52b03c543f322da0b98fb8c47be94a27a
                user: 1000:1000
-                depends_on: [ tor, manager ]
+                depends_on: [ tor_proxy, manager ]
                volumes:
                        - ${PWD}/lnd:/data/.lnd
                environment:
@ -99,7 +80,7 @@ services:
        manager:
                container_name: manager
                image: getumbrel/manager:v0.2.17@sha256:52e306203dc86bcad61c96e33a43e7d6e445d98c3e7f0f06d3c5a88ec7f5126b
-                depends_on: [ tor ]
+                depends_on: [ tor_proxy ]
                restart: on-failure
                stop_grace_period: 5m30s
                volumes:
--- a/scripts/configure
+++ b/scripts/configure
@ -71,10 +71,8 @@ echo
 NGINX_CONF_FILE="./templates/nginx.conf"
 BITCOIN_CONF_FILE="./templates/bitcoin.conf"
 LND_CONF_FILE="./templates/lnd.conf"
-APPS_TOR_CONF_FILE="./templates/torrc-apps"
-APPS_2_TOR_CONF_FILE="./templates/torrc-apps-2"
-APPS_3_TOR_CONF_FILE="./templates/torrc-apps-3"
-UMBREL_TOR_CONF_FILE="./templates/torrc-umbrel"
+TOR_SERVER_CONF_FILE="./templates/torrc-server"
+TOR_PROXY_CONF_FILE="./templates/torrc-proxy"
 ELECTRS_CONF_FILE="./templates/electrs.toml"
 ENV_FILE="./templates/.env"

@ -83,10 +81,8 @@ ENV_FILE="./templates/.env"
 [[ -f "$NGINX_CONF_FILE" ]] && rm -f "$NGINX_CONF_FILE"
 [[ -f "$BITCOIN_CONF_FILE" ]] && rm -f "$BITCOIN_CONF_FILE"
 [[ -f "$LND_CONF_FILE" ]] && rm -f "$LND_CONF_FILE"
-[[ -f "$APPS_TOR_CONF_FILE" ]] && rm -f "$APPS_TOR_CONF_FILE"
-[[ -f "$APPS_2_TOR_CONF_FILE" ]] && rm -f "$APPS_2_TOR_CONF_FILE"
-[[ -f "$APPS_3_TOR_CONF_FILE" ]] && rm -f "$APPS_3_TOR_CONF_FILE"
-[[ -f "$UMBREL_TOR_CONF_FILE" ]] && rm -f "$UMBREL_TOR_CONF_FILE"
+[[ -f "$TOR_SERVER_CONF_FILE" ]] && rm -f "$TOR_SERVER_CONF_FILE"
+[[ -f "$TOR_PROXY_CONF_FILE" ]] && rm -f "$TOR_PROXY_CONF_FILE"
 [[ -f "$ELECTRS_CONF_FILE" ]] && rm -f "$ELECTRS_CONF_FILE"
 [[ -f "$ENV_FILE" ]] && rm -f "$ENV_FILE"

@ -94,10 +90,8 @@ ENV_FILE="./templates/.env"
 [[ -f "./templates/nginx-sample.conf" ]] && cp "./templates/nginx-sample.conf" "$NGINX_CONF_FILE"
 [[ -f "./templates/bitcoin-sample.conf" ]] && cp "./templates/bitcoin-sample.conf" "$BITCOIN_CONF_FILE"
 [[ -f "./templates/lnd-sample.conf" ]] && cp "./templates/lnd-sample.conf" "$LND_CONF_FILE"
-[[ -f "./templates/torrc-apps-sample" ]] && cp "./templates/torrc-apps-sample" "$APPS_TOR_CONF_FILE"
-[[ -f "./templates/torrc-apps-2-sample" ]] && cp "./templates/torrc-apps-2-sample" "$APPS_2_TOR_CONF_FILE"
-[[ -f "./templates/torrc-apps-3-sample" ]] && cp "./templates/torrc-apps-3-sample" "$APPS_3_TOR_CONF_FILE"
-[[ -f "./templates/torrc-umbrel-sample" ]] && cp "./templates/torrc-umbrel-sample" "$UMBREL_TOR_CONF_FILE"
+[[ -f "./templates/torrc-server-sample" ]] && cp "./templates/torrc-server-sample" "$TOR_SERVER_CONF_FILE"
+[[ -f "./templates/torrc-proxy-sample" ]] && cp "./templates/torrc-proxy-sample" "$TOR_PROXY_CONF_FILE"
 [[ -f "./templates/electrs-sample.toml" ]] && cp "./templates/electrs-sample.toml" "$ELECTRS_CONF_FILE"
 [[ -f "./templates/.env-sample" ]] && cp "./templates/.env-sample" "$ENV_FILE"

@ -131,10 +125,8 @@ LND_REST_PORT="8080"
 ELECTRUM_IP="10.21.21.10"
 ELECTRUM_PORT="50001"
 TOR_PROXY_IP="10.21.21.11"
-APPS_TOR_IP="10.21.21.47"
-APPS_2_TOR_IP="10.21.21.48"
-APPS_3_TOR_IP="10.21.21.49"
 TOR_PROXY_PORT="9050"
+TOR_SERVER_IP="10.21.21.49"

 # Apps
 APP_BTC_RPC_EXPLORER_IP="10.21.21.12"
@ -283,8 +275,6 @@ fi
 # Update RPC, P2P and ZMQ Ports
 sed -i "s/rpcport=<port>/rpcport=$BITCOIN_RPC_PORT/g;" "$BITCOIN_CONF_FILE"
 sed -i "s/port=<port>/port=$BITCOIN_P2P_PORT/g;" "$BITCOIN_CONF_FILE"
-sed -i "s/<bitcoin-rpc-port>/$BITCOIN_RPC_PORT/g;" "$UMBREL_TOR_CONF_FILE"
-sed -i "s/<bitcoin-p2p-port>/$BITCOIN_P2P_PORT/g;" "$UMBREL_TOR_CONF_FILE"
 sed -i "/daemon_rpc_addr/s/<port>/$BITCOIN_RPC_PORT/g;" "$ELECTRS_CONF_FILE"
 sed -i "s/BITCOIN_RPC_PORT=<port>/BITCOIN_RPC_PORT=$BITCOIN_RPC_PORT/g;" "$ENV_FILE"
 sed -i "s/BITCOIN_P2P_PORT=<port>/BITCOIN_P2P_PORT=$BITCOIN_P2P_PORT/g;" "$ENV_FILE"
@ -303,7 +293,7 @@ sed -i "s/BITCOIN_RPC_PASS=<password>/BITCOIN_RPC_PASS=$BITCOIN_RPC_PASS/g;" "$E
 sed -i "s/BITCOIN_NETWORK=<network>/BITCOIN_NETWORK=$BITCOIN_NETWORK/g;" "$ENV_FILE"

 # Add Tor password
-sed -i "s/HashedControlPassword <password>/HashedControlPassword $TOR_HASHED_PASSWORD/g;" "$UMBREL_TOR_CONF_FILE"
+sed -i "s/HashedControlPassword <password>/HashedControlPassword $TOR_HASHED_PASSWORD/g;" "$TOR_PROXY_CONF_FILE"
 sed -i "s/torpassword=<password>/torpassword=$TOR_PASSWORD/g;" "$BITCOIN_CONF_FILE"
 sed -i "s/tor.password=<password>/tor.password=$TOR_PASSWORD/g;" "$LND_CONF_FILE"
 sed -i "s/TOR_PASSWORD=<password>/TOR_PASSWORD=$TOR_PASSWORD/g;" "$ENV_FILE"
@ -332,7 +322,7 @@ if [[ "$BITCOIN_NETWORK" == "mainnet" ]] && [[ ! -f "${STATUS_DIR}/node-status-b
 fi

 # TODO: Update all the above code to use this simpler logic
-for template in "${NGINX_CONF_FILE}" "${BITCOIN_CONF_FILE}" "${LND_CONF_FILE}" "${APPS_TOR_CONF_FILE}" "${APPS_2_TOR_CONF_FILE}" "${APPS_3_TOR_CONF_FILE}" "${UMBREL_TOR_CONF_FILE}" "${ELECTRS_CONF_FILE}" "${ENV_FILE}"; do
+for template in "${NGINX_CONF_FILE}" "${BITCOIN_CONF_FILE}" "${LND_CONF_FILE}" "${TOR_PROXY_CONF_FILE}" "${TOR_SERVER_CONF_FILE}" "${ELECTRS_CONF_FILE}" "${ENV_FILE}"; do
  # Umbrel
  sed -i "s/<network-ip>/${NETWORK_IP}/g" "${template}"
  sed -i "s/<gateway-ip>/${GATEWAY_IP}/g" "${template}"
@ -344,6 +334,7 @@ for template in "${NGINX_CONF_FILE}" "${BITCOIN_CONF_FILE}" "${LND_CONF_FILE}" "
  sed -i "s/<neutrino-switcher-ip>/${NEUTRINO_SWITCHER_IP}/g" "${template}"
  sed -i "s/<bitcoin-ip>/${BITCOIN_IP}/g" "${template}"
  sed -i "s/<bitcoin-p2p-port>/${BITCOIN_P2P_PORT}/g" "${template}"
+  sed -i "s/<bitcoin-rpc-port>/$BITCOIN_RPC_PORT/g" "${template}"
  sed -i "s/<lnd-ip>/${LND_IP}/g" "${template}"
  sed -i "s/<lnd-grpc-port>/${LND_GRPC_PORT}/g" "${template}"
  sed -i "s/<lnd-rest-port>/${LND_REST_PORT}/g" "${template}"
@ -351,9 +342,7 @@ for template in "${NGINX_CONF_FILE}" "${BITCOIN_CONF_FILE}" "${LND_CONF_FILE}" "
  sed -i "s/<electrum-port>/${ELECTRUM_PORT}/g" "${template}"
  sed -i "s/<tor-proxy-ip>/${TOR_PROXY_IP}/g" "${template}"
  sed -i "s/<tor-proxy-port>/${TOR_PROXY_PORT}/g" "${template}"
-  sed -i "s/<apps-tor-ip>/${APPS_TOR_IP}/g" "${template}"
-  sed -i "s/<apps-2-tor-ip>/${APPS_2_TOR_IP}/g" "${template}"
-  sed -i "s/<apps-3-tor-ip>/${APPS_3_TOR_IP}/g" "${template}"
+  sed -i "s/<tor-server-ip>/${TOR_SERVER_IP}/g" "${template}"
  sed -i "s/<zmq-rawblock-port>/${BITCOIN_ZMQ_RAWBLOCK_PORT}/g;" "${template}"
  sed -i "s/<zmq-rawtx-port>/${BITCOIN_ZMQ_RAWTX_PORT}/g;" "${template}"
  sed -i "s/<zmq-hashblock-port>/${BITCOIN_ZMQ_HASHBLOCK_PORT}/g;" "${template}"
@ -455,10 +444,8 @@ done

 mv -f "$NGINX_CONF_FILE" "./nginx/nginx.conf"
 mv -f "$BITCOIN_CONF_FILE" "./bitcoin/bitcoin.conf"
-mv -f "$APPS_TOR_CONF_FILE" "./tor/torrc-apps"
-mv -f "$APPS_2_TOR_CONF_FILE" "./tor/torrc-apps-2"
-mv -f "$APPS_3_TOR_CONF_FILE" "./tor/torrc-apps-3"
-mv -f "$UMBREL_TOR_CONF_FILE" "./tor/torrc-umbrel"
+mv -f "$TOR_SERVER_CONF_FILE" "./tor/torrc-server"
+mv -f "$TOR_PROXY_CONF_FILE" "./tor/torrc-proxy"
 mv -f "$ELECTRS_CONF_FILE" "./electrs/electrs.toml"
 mv -f "$ENV_FILE" "./.env"

@ -479,7 +466,7 @@ fi
 if [[ ! -f "${STATUS_DIR}/configured" ]]; then
  echo "Generating hidden services..."
  echo
-  docker-compose up --detach tor
+  docker-compose up --detach tor_proxy
  wait_for_tor=10
  while [[ ! -f "${UMBREL_ROOT}/tor/data/web/hostname" ]]; do
    if [[ "${wait_for_tor}" == 0 ]]; then
--- a/scripts/update/.updateinclude
+++ b/scripts/update/.updateinclude
@ -1,7 +1,5 @@
 .env
 bitcoin/bitcoin.conf
-tor/torrc-apps
-tor/torrc-apps-2
-tor/torrc-apps-3
-tor/torrc-umbrel
+tor/torrc-server
+tor/torrc-proxy
 electrs/electrs.toml
--- a/templates/.env-sample
+++ b/templates/.env-sample
@ -26,9 +26,7 @@ TOR_PROXY_IP=<tor-proxy-ip>
 TOR_PROXY_PORT=<tor-proxy-port>
 TOR_PASSWORD=<password>
 TOR_HASHED_PASSWORD=<password>
-APPS_TOR_IP=<apps-tor-ip>
-APPS_2_TOR_IP=<apps-2-tor-ip>
-APPS_3_TOR_IP=<apps-3-tor-ip>
+TOR_SERVER_IP=<tor-server-ip>
 DOCKER_BINARY=<path>

 # Apps
--- a/templates/torrc-apps-2-sample
+++ b/templates/torrc-apps-2-sample
@ -1,43 +0,0 @@
-# Apps 2
-
-# samourai-server dojo Hidden Service
-HiddenServiceDir /var/lib/tor/app-samourai-server-dojo
-HiddenServicePort 80 <app-samourai-server-ip>:80
-
-# samourai-server connect Hidden Service
-HiddenServiceDir /var/lib/tor/app-samourai-server
-HiddenServicePort 80 <app-samourai-server-ip>:8081
-
-# samourai-server whirlpool Hidden Service
-HiddenServiceDir /var/lib/tor/app-samourai-server-whirlpool
-HiddenServicePort 80 <app-samourai-server-whirlpool-ip>:<app-samourai-server-whirlpool-port>
-
-# LndHub Hidden Service
-HiddenServiceDir /var/lib/tor/app-bluewallet
-HiddenServicePort 80 <app-bluewallet-lndhub-ip>:<app-bluewallet-lndhub-port>
-
-# nextcloud Hidden Service
-HiddenServiceDir /var/lib/tor/app-nextcloud
-HiddenServicePort 80 <app-nextcloud-ip>:80
-
-# pi-hole Hidden Service
-HiddenServiceDir /var/lib/tor/app-pi-hole
-HiddenServicePort 80 <app-pi-hole-ip>:80
-
-# home-assistant Hidden Service
-HiddenServiceDir /var/lib/tor/app-home-assistant
-HiddenServicePort 80 <app-home-assistant-ip>:8123
-
-# gitea Hidden Service
-HiddenServiceDir /var/lib/tor/app-gitea
-HiddenServicePort 80 <app-gitea-ip>:<app-gitea-port>
-HiddenServicePort 22 <app-gitea-ip>:<app-gitea-ssh-port>
-
-# simple-torrent Hidden Service
-HiddenServiceDir /var/lib/tor/app-simple-torrent
-HiddenServicePort 80 <app-simple-torrent-ip>:<app-simple-torrent-port>
-
-# synapse Hidden Service
-HiddenServiceDir /var/lib/tor/app-synapse
-HiddenServicePort 80 <app-synapse-ip>:<app-synapse-port>
-HiddenServicePort <app-synapse-port> <app-synapse-ip>:<app-synapse-port>
--- a/templates/torrc-apps-3-sample
+++ b/templates/torrc-apps-3-sample
@ -1,62 +0,0 @@
-# Apps 3
-
-# element Hidden Service
-HiddenServiceDir /var/lib/tor/app-element
-HiddenServicePort 80 <app-element-ip>:80
-
-# vaultwarden Hidden Service
-HiddenServiceDir /var/lib/tor/app-vaultwarden
-HiddenServicePort 80 <app-vaultwarden-ip>:<app-vaultwarden-port>
-
-# code-server Hidden Service
-HiddenServiceDir /var/lib/tor/app-code-server
-HiddenServicePort 80 <app-code-server-ip>:8080
-
-# squeaknode Hidden Service
-HiddenServiceDir /var/lib/tor/app-squeaknode
-HiddenServicePort 80 <app-squeaknode-ip>:<app-squeaknode-port>
-
-# squeaknode p2p Hidden Service
-HiddenServiceDir /var/lib/tor/app-squeaknode-p2p
-HiddenServicePort <app-squeaknode-p2p-port> <app-squeaknode-ip>:<app-squeaknode-p2p-port>
-HiddenServicePort <app-squeaknode-p2p-testnet-port> <app-squeaknode-ip>:<app-squeaknode-p2p-testnet-port>
-
-# krystal-bull Hidden Service
-HiddenServiceDir /var/lib/tor/app-krystal-bull
-HiddenServicePort 80 <app-krystal-bull-ip>:3001
-
-# node-red Hidden Service
-HiddenServiceDir /var/lib/tor/app-node-red
-HiddenServicePort 80 <app-node-red-ip>:<app-node-red-port>
-
-# lnmarkets Hidden Service
-HiddenServiceDir /var/lib/tor/app-lnmarkets
-HiddenServicePort 80 <app-lnmarkets-ip>:<app-lnmarkets-port>
-
-# electrumx Hidden Service
-HiddenServiceDir /var/lib/tor/app-electrumx
-HiddenServicePort 50001 <app-electrumx-ip>:50001
-
-# tallycoin-connectHidden Service
-HiddenServiceDir /var/lib/tor/app-tallycoin-connect
-HiddenServicePort 80 <app-tallycoin-connect-ip>:<app-tallycoin-connect-port>
-
-# syncthing Hidden Service
-HiddenServiceDir /var/lib/tor/app-syncthing
-HiddenServicePort 80 <app-syncthing-ip>:<app-syncthing-port>
-
-# uptime-kuma Hidden Service
-HiddenServiceDir /var/lib/tor/app-uptime-kuma
-HiddenServicePort 80 <app-uptime-kuma-ip>:3001
-
-# helipad Hidden Service
-HiddenServiceDir /var/lib/tor/app-helipad
-HiddenServicePort 80 <app-helipad-ip>:2112
-
-# itchysats Hidden Service
-HiddenServiceDir /var/lib/tor/app-itchysats
-HiddenServicePort 80 <app-itchysats-ip>:8000
-
-# lightning-shell Hidden Service
-HiddenServiceDir /var/lib/tor/app-lightning-shell
-HiddenServicePort 80 <app-lightning-shell-ip>:7681
--- a/templates/torrc-apps-sample
+++ b/templates/torrc-apps-sample
@ -1,44 +0,0 @@
-# Apps
-
-# btc-rpc-explorer Hidden Service
-HiddenServiceDir /var/lib/tor/app-btc-rpc-explorer
-HiddenServicePort 80 <app-btc-rpc-explorer-ip>:<app-btc-rpc-explorer-port>
-
-# thunderhub Hidden Service
-HiddenServiceDir /var/lib/tor/app-thunderhub
-HiddenServicePort 80 <app-thunderhub-ip>:<app-thunderhub-port>
-
-# sphinx-relay Hidden Service
-# We expose 80 for the connection string UI and <app-sphinx-relay-port> for the
-# actual server connection
-HiddenServiceDir /var/lib/tor/app-sphinx-relay
-HiddenServicePort 80 <app-sphinx-relay-ip>:<app-sphinx-relay-port>
-HiddenServicePort <app-sphinx-relay-port> <app-sphinx-relay-ip>:<app-sphinx-relay-port>
-
-# ride-the-lightning Hidden Service
-HiddenServiceDir /var/lib/tor/app-ride-the-lightning
-HiddenServicePort 80 <app-ride-the-lightning-ip>:<app-ride-the-lightning-port>
-
-# lightning-terminal Hidden Service
-HiddenServiceDir /var/lib/tor/app-lightning-terminal
-HiddenServicePort 80 <app-lightning-terminal-ip>:<app-lightning-terminal-port>
-
-# specter-desktop Hidden Service
-HiddenServiceDir /var/lib/tor/app-specter-desktop
-HiddenServicePort 80 <app-specter-desktop-ip>:<app-specter-desktop-port>
-
-# btcpay-server Hidden Service
-HiddenServiceDir /var/lib/tor/app-btcpay-server
-HiddenServicePort 80 <app-btcpay-server-ip>:<app-btcpay-server-port>
-
-# lnbits Hidden Service
-HiddenServiceDir /var/lib/tor/app-lnbits
-HiddenServicePort 80 <app-lnbits-ip>:<app-lnbits-port>
-
-# photoprism Hidden Service
-HiddenServiceDir /var/lib/tor/app-photoprism
-HiddenServicePort 80 <app-photoprism-ip>:<app-photoprism-port>
-
-# mempool Hidden Service
-HiddenServiceDir /var/lib/tor/app-mempool
-HiddenServicePort 80 <app-mempool-ip>:<app-mempool-port>
--- a/templates/torrc-proxy-sample
+++ b/templates/torrc-proxy-sample
@ -0,0 +1,17 @@
+# Warning: it's not recommended to modify these files directly. Any
+# modifications you make can break the functionality of your umbrel. These files
+# are automatically reset with every Umbrel update.
+
+# Bind only to "<tor-proxy-ip>" which is the tor IP within the container
+SocksPort   <tor-proxy-ip>:<tor-proxy-port>
+ControlPort <tor-proxy-ip>:29051
+
+# Dashboard Hidden Service
+#
+# We include the dashboard hs in the proxy torrc because it's the only hs entry and so more
+# Tor acts much more reliably and there is a higher chance the dashboard hs will come back
+# online quickly after an update.
+HiddenServiceDir /var/lib/tor/web
+HiddenServicePort 80 <nginx-ip>:80
+
+HashedControlPassword <password>
--- a/templates/torrc-server-sample
+++ b/templates/torrc-server-sample
@ -0,0 +1,174 @@
+# Warning: it's not recommended to modify these files directly. Any
+# modifications you make can break the functionality of your umbrel. These files
+# are automatically reset with every Umbrel update.
+
+# Umbrel
+
+# Bitcoin Core P2P Hidden Service
+HiddenServiceDir /data/bitcoin-p2p
+HiddenServicePort <bitcoin-p2p-port> <bitcoin-ip>:<bitcoin-p2p-port>
+
+# Bitcoin Core RPC Hidden Service
+HiddenServiceDir /data/bitcoin-rpc
+HiddenServicePort <bitcoin-rpc-port> <bitcoin-ip>:<bitcoin-rpc-port>
+
+# Electrum Hidden Service
+HiddenServiceDir /data/electrum
+HiddenServicePort <electrum-port> <electrum-ip>:<electrum-port>
+
+# LND REST Hidden Service
+HiddenServiceDir /data/lnd-rest
+HiddenServicePort <lnd-rest-port> <lnd-ip>:<lnd-rest-port>
+
+# LND gRPC Hidden Service
+HiddenServiceDir /data/lnd-grpc
+HiddenServicePort <lnd-grpc-port> <lnd-ip>:<lnd-grpc-port>
+
+
+# Apps
+
+# btc-rpc-explorer Hidden Service
+HiddenServiceDir /data/app-btc-rpc-explorer
+HiddenServicePort 80 <app-btc-rpc-explorer-ip>:<app-btc-rpc-explorer-port>
+
+# thunderhub Hidden Service
+HiddenServiceDir /data/app-thunderhub
+HiddenServicePort 80 <app-thunderhub-ip>:<app-thunderhub-port>
+
+# sphinx-relay Hidden Service
+# We expose 80 for the connection string UI and <app-sphinx-relay-port> for the
+# actual server connection
+HiddenServiceDir /data/app-sphinx-relay
+HiddenServicePort 80 <app-sphinx-relay-ip>:<app-sphinx-relay-port>
+HiddenServicePort <app-sphinx-relay-port> <app-sphinx-relay-ip>:<app-sphinx-relay-port>
+
+# ride-the-lightning Hidden Service
+HiddenServiceDir /data/app-ride-the-lightning
+HiddenServicePort 80 <app-ride-the-lightning-ip>:<app-ride-the-lightning-port>
+
+# lightning-terminal Hidden Service
+HiddenServiceDir /data/app-lightning-terminal
+HiddenServicePort 80 <app-lightning-terminal-ip>:<app-lightning-terminal-port>
+
+# specter-desktop Hidden Service
+HiddenServiceDir /data/app-specter-desktop
+HiddenServicePort 80 <app-specter-desktop-ip>:<app-specter-desktop-port>
+
+# btcpay-server Hidden Service
+HiddenServiceDir /data/app-btcpay-server
+HiddenServicePort 80 <app-btcpay-server-ip>:<app-btcpay-server-port>
+
+# lnbits Hidden Service
+HiddenServiceDir /data/app-lnbits
+HiddenServicePort 80 <app-lnbits-ip>:<app-lnbits-port>
+
+# photoprism Hidden Service
+HiddenServiceDir /data/app-photoprism
+HiddenServicePort 80 <app-photoprism-ip>:<app-photoprism-port>
+
+# mempool Hidden Service
+HiddenServiceDir /data/app-mempool
+HiddenServicePort 80 <app-mempool-ip>:<app-mempool-port>
+
+# samourai-server dojo Hidden Service
+HiddenServiceDir /data/app-samourai-server-dojo
+HiddenServicePort 80 <app-samourai-server-ip>:80
+
+# samourai-server connect Hidden Service
+HiddenServiceDir /data/app-samourai-server
+HiddenServicePort 80 <app-samourai-server-ip>:8081
+
+# samourai-server whirlpool Hidden Service
+HiddenServiceDir /data/app-samourai-server-whirlpool
+HiddenServicePort 80 <app-samourai-server-whirlpool-ip>:<app-samourai-server-whirlpool-port>
+
+# LndHub Hidden Service
+HiddenServiceDir /data/app-bluewallet
+HiddenServicePort 80 <app-bluewallet-lndhub-ip>:<app-bluewallet-lndhub-port>
+
+# nextcloud Hidden Service
+HiddenServiceDir /data/app-nextcloud
+HiddenServicePort 80 <app-nextcloud-ip>:80
+
+# pi-hole Hidden Service
+HiddenServiceDir /data/app-pi-hole
+HiddenServicePort 80 <app-pi-hole-ip>:80
+
+# home-assistant Hidden Service
+HiddenServiceDir /data/app-home-assistant
+HiddenServicePort 80 <app-home-assistant-ip>:8123
+
+# gitea Hidden Service
+HiddenServiceDir /data/app-gitea
+HiddenServicePort 80 <app-gitea-ip>:<app-gitea-port>
+HiddenServicePort 22 <app-gitea-ip>:<app-gitea-ssh-port>
+
+# simple-torrent Hidden Service
+HiddenServiceDir /data/app-simple-torrent
+HiddenServicePort 80 <app-simple-torrent-ip>:<app-simple-torrent-port>
+
+# synapse Hidden Service
+HiddenServiceDir /data/app-synapse
+HiddenServicePort 80 <app-synapse-ip>:<app-synapse-port>
+HiddenServicePort <app-synapse-port> <app-synapse-ip>:<app-synapse-port>
+
+# element Hidden Service
+HiddenServiceDir /data/app-element
+HiddenServicePort 80 <app-element-ip>:80
+
+# vaultwarden Hidden Service
+HiddenServiceDir /data/app-vaultwarden
+HiddenServicePort 80 <app-vaultwarden-ip>:<app-vaultwarden-port>
+
+# code-server Hidden Service
+HiddenServiceDir /data/app-code-server
+HiddenServicePort 80 <app-code-server-ip>:8080
+
+# squeaknode Hidden Service
+HiddenServiceDir /data/app-squeaknode
+HiddenServicePort 80 <app-squeaknode-ip>:<app-squeaknode-port>
+
+# squeaknode p2p Hidden Service
+HiddenServiceDir /data/app-squeaknode-p2p
+HiddenServicePort <app-squeaknode-p2p-port> <app-squeaknode-ip>:<app-squeaknode-p2p-port>
+HiddenServicePort <app-squeaknode-p2p-testnet-port> <app-squeaknode-ip>:<app-squeaknode-p2p-testnet-port>
+
+# krystal-bull Hidden Service
+HiddenServiceDir /data/app-krystal-bull
+HiddenServicePort 80 <app-krystal-bull-ip>:3001
+
+# node-red Hidden Service
+HiddenServiceDir /data/app-node-red
+HiddenServicePort 80 <app-node-red-ip>:<app-node-red-port>
+
+# lnmarkets Hidden Service
+HiddenServiceDir /data/app-lnmarkets
+HiddenServicePort 80 <app-lnmarkets-ip>:<app-lnmarkets-port>
+
+# electrumx Hidden Service
+HiddenServiceDir /data/app-electrumx
+HiddenServicePort 50001 <app-electrumx-ip>:50001
+
+# tallycoin-connectHidden Service
+HiddenServiceDir /data/app-tallycoin-connect
+HiddenServicePort 80 <app-tallycoin-connect-ip>:<app-tallycoin-connect-port>
+
+# syncthing Hidden Service
+HiddenServiceDir /data/app-syncthing
+HiddenServicePort 80 <app-syncthing-ip>:<app-syncthing-port>
+
+# uptime-kuma Hidden Service
+HiddenServiceDir /data/app-uptime-kuma
+HiddenServicePort 80 <app-uptime-kuma-ip>:3001
+
+# helipad Hidden Service
+HiddenServiceDir /data/app-helipad
+HiddenServicePort 80 <app-helipad-ip>:2112
+
+# itchysats Hidden Service
+HiddenServiceDir /data/app-itchysats
+HiddenServicePort 80 <app-itchysats-ip>:8000
+
+# lightning-shell Hidden Service
+HiddenServiceDir /data/app-lightning-shell
+HiddenServicePort 80 <app-lightning-shell-ip>:7681
--- a/templates/torrc-umbrel-sample
+++ b/templates/torrc-umbrel-sample
@ -1,35 +0,0 @@
-# Warning: it's not recommended to modify these files directly. Any
-# modifications you make can break the functionality of your umbrel. These files
-# are automatically reset with every Umbrel update.
-
-# Bind only to "<tor-proxy-ip>" which is the tor IP within the container
-SocksPort   <tor-proxy-ip>:<tor-proxy-port>
-ControlPort <tor-proxy-ip>:29051
-
-# Umbrel
-
-# Dashboard Hidden Service
-HiddenServiceDir /var/lib/tor/web
-HiddenServicePort 80 <nginx-ip>:80
-
-# Bitcoin Core P2P Hidden Service
-HiddenServiceDir /var/lib/tor/bitcoin-p2p
-HiddenServicePort <bitcoin-p2p-port> <bitcoin-ip>:<bitcoin-p2p-port>
-
-# Bitcoin Core RPC Hidden Service
-HiddenServiceDir /var/lib/tor/bitcoin-rpc
-HiddenServicePort <bitcoin-rpc-port> <bitcoin-ip>:<bitcoin-rpc-port>
-
-# Electrum Hidden Service
-HiddenServiceDir /var/lib/tor/electrum
-HiddenServicePort <electrum-port> <electrum-ip>:<electrum-port>
-
-# LND REST Hidden Service
-HiddenServiceDir /var/lib/tor/lnd-rest
-HiddenServicePort <lnd-rest-port> <lnd-ip>:<lnd-rest-port>
-
-# LND gRPC Hidden Service
-HiddenServiceDir /var/lib/tor/lnd-grpc
-HiddenServicePort <lnd-grpc-port> <lnd-ip>:<lnd-grpc-port>
-
-HashedControlPassword <password>