From f7f266b994a1b7d0e3b54e49e640be35b8078bf0 Mon Sep 17 00:00:00 2001
From: Astounds <kirito@disroot.org>
Date: Fri, 29 May 2026 21:28:22 -0500
Subject: Add hardened Docker support and multi-arch CI

Multi-stage Dockerfile (non-root, Tor-ready), compose file, and
entrypoints. Forgejo CI builds linux/amd64+arm64, scans with
checksum-verified Grype, and pins all actions to commit SHA.
Makefile gains venv bootstrap and docker targets; server.py gains
a --bind flag.
---
 entrypoint-tor.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 entrypoint-tor.sh

(limited to 'entrypoint-tor.sh')

diff --git a/entrypoint-tor.sh b/entrypoint-tor.sh
new file mode 100644
index 0000000..0aaa030
--- /dev/null
+++ b/entrypoint-tor.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -eu
+
+TORRC="/var/lib/tor/torrc"
+
+# Generate a minimal torrc if none is mounted
+if [ ! -f "$TORRC" ]; then
+    echo "[tor] No torrc found, generating default..."
+    cat > "$TORRC" <<EOF
+SocksPort 0.0.0.0:9050
+DataDirectory /var/lib/tor
+Log notice file /var/log/tor/notices.log
+EOF
+fi
+
+echo "[tor] Starting Tor..."
+exec tor -f "$TORRC"
-- 
cgit v1.2.3