Add hardened Docker support and multi-arch CI

Multi-stage Dockerfile (non-root, Tor-ready), compose file, and entrypoints. Forgejo CI builds linux/amd64+arm64, scans with checksum-verified Grype, and pins all actions to commit SHA. Makefile gains venv bootstrap and docker targets; server.py gains a --bind flag.
author: Astounds <kirito@disroot.org> 2026-05-29 21:28:22 -0500
committer: Astounds <kirito@disroot.org> 2026-05-29 21:28:22 -0500
commit: f7f266b994a1b7d0e3b54e49e640be35b8078bf0 (patch)
tree: e36c487dff881801724b2829f685bf02b3b8cc77 /entrypoint-tor.sh
parent: 10a101b226e8bcb4797c04c5619386396ed6efa0 (diff)
download: yt-local-f7f266b994a1b7d0e3b54e49e640be35b8078bf0.tar.lz
yt-local-f7f266b994a1b7d0e3b54e49e640be35b8078bf0.tar.xz
yt-local-f7f266b994a1b7d0e3b54e49e640be35b8078bf0.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/entrypoint-tor.sh b/entrypoint-tor.sh
new file mode 100644
index 0000000..0aaa030
--- /dev/null
+++ b/entrypoint-tor.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -eu
+
+TORRC="/var/lib/tor/torrc"
+
+# Generate a minimal torrc if none is mounted
+if [ ! -f "$TORRC" ]; then
+    echo "[tor] No torrc found, generating default..."
+    cat > "$TORRC" <<EOF
+SocksPort 0.0.0.0:9050
+DataDirectory /var/lib/tor
+Log notice file /var/log/tor/notices.log
+EOF
+fi
+
+echo "[tor] Starting Tor..."
+exec tor -f "$TORRC"
author	Astounds <kirito@disroot.org>	2026-05-29 21:28:22 -0500
committer	Astounds <kirito@disroot.org>	2026-05-29 21:28:22 -0500
commit	f7f266b994a1b7d0e3b54e49e640be35b8078bf0 (patch)
tree	e36c487dff881801724b2829f685bf02b3b8cc77 /entrypoint-tor.sh
parent	10a101b226e8bcb4797c04c5619386396ed6efa0 (diff)
download	yt-local-f7f266b994a1b7d0e3b54e49e640be35b8078bf0.tar.lz yt-local-f7f266b994a1b7d0e3b54e49e640be35b8078bf0.tar.xz yt-local-f7f266b994a1b7d0e3b54e49e640be35b8078bf0.zip