add(app): Tor Socks Proxy

[ayushsharma82]

Added latest version of Tor Socks Proxy. Repo: here

It's socks5 proxy over Tor network which quite handy in a "arr" (prowlarr, radarr, sonarr) setup if your ISP is blocking certain indexers.

Summary by CodeRabbit

• New Features
  • Introduced a new configuration for the Tor Socks Proxy application, detailing its properties and operational parameters.
  • Added a Docker Compose configuration for easy deployment of the Tor Socks Proxy service.
  • Created a comprehensive markdown description file, providing setup instructions, usage guidelines, and support information for the application.

These enhancements streamline the setup and usage of the Tor Socks Proxy, making it more accessible for users.

[coderabbitai]

Walkthrough

A new configuration for the "Tor Socks Proxy" application has been introduced, including a JSON file defining its properties, a Docker Compose file for service management, and a markdown description file. The configuration specifies the application as a Tor Socks5 proxy within a Docker container, detailing its operational parameters, service setup, and user instructions.

Changes

File Path	Change Summary
apps/tor-socks-proxy/config.json	New configuration file added, defining application properties, including name, ID, port, etc.
apps/tor-socks-proxy/docker-compose.yml	New Docker Compose file created for tor-socks-proxy service, specifying image and network setup.
apps/tor-socks-proxy/metadata/description.md	New markdown file added, providing an overview, usage instructions, and project support details.

Possibly related PRs

• app: homer #5171: The changes in the config.json file for the "Homer" application are similar to the new configuration file introduced for the "Tor Socks Proxy," as both involve the addition of metadata fields that define application properties, including name, ID, availability status, and port number.

Suggested reviewers

• JigSawFr
• DireMunchkin

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (6)

apps/tor-socks-proxy/docker-compose.yml (1)

4-11: Add security hardening configurations.

Consider adding security-related configurations to enhance container security:

   tor-socks-proxy:
     container_name: tor-socks-proxy
     image: peterdavehello/tor-socks-proxy:latest
     restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
+    cap_drop:
+      - ALL
     ports:
       - ${APP_PORT}:9150/tcp
     networks:
       - tipi_main_network

apps/tor-socks-proxy/metadata/description.md (5)

1-11: Enhance accessibility and update status badges

Please add alt text to images for better accessibility and consider updating the CI badge:

 <p align="center">
-  <img width="300px" src="https://upload.wikimedia.org/wikipedia/commons/8/8f/Tor_project_logo_hq.png">
+  <img width="300px" alt="Tor Project Logo" src="https://upload.wikimedia.org/wikipedia/commons/8/8f/Tor_project_logo_hq.png">
 </p>

Consider replacing Travis CI with GitHub Actions status badge as Travis CI is less commonly used now.

🧰 Tools

🪛 Markdownlint

2-2: null
Images should have alternate text (alt text)

(MD045, no-alt-text)

---

28-66: Add proxy validation steps

The usage instructions are clear, but consider adding steps to verify the proxy is working correctly:

• How to verify Tor connectivity
• How to check if traffic is actually routing through Tor
• How to verify DNS is not leaking

Add the following example:

 curl --socks5-hostname 127.0.0.1:9150 https://ipinfo.tw/ip
+
+# Verify Tor connectivity
+curl --socks5-hostname 127.0.0.1:9150 https://check.torproject.org/api/ip
+
+# Check for DNS leaks
+curl --socks5-hostname 127.0.0.1:9150 https://dnsleaktest.com/

🧰 Tools

🪛 LanguageTool

[uncategorized] ~36-~36: Loose punctuation mark.
Context: ...s-proxy:latest ``` - --restart=always: This ensures the container automaticall...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~37-~37: Loose punctuation mark.
Context: ... reboots. - -p 127.0.0.1:9150:9150/tcp: This binds the container to localhost, ...

(UNLIKELY_OPENING_PUNCTUATION)

---

68-82: Enhance DNS security guidance and IP renewal details

The DNS configuration needs additional security context:

• Warn about potential DNS leaks if not configured correctly
• Explain why using Tor's DNS might be necessary
• Document the implications of different IP renewal intervals

Also, consider adding information about Tor circuit renewal:

 ## IP Renewal

 By default, Tor automatically changes IPs every 10 minutes. You can manually renew the IP by restarting the container:
+
+The IP renewal process creates a new Tor circuit, which:
+- Provides a new exit node IP address
+- Helps maintain anonymity
+- May be necessary if the current exit node is blocked

---

83-93: Fix markdown formatting issues

Please address the following markdown issues:

-<a href="https://m.do.co/c/1fdd0a1d695a"><img src="https://opensource.nyc3.cdn.digitaloceanspaces.com/attribution/assets/SVG/DO_Logo_horizontal_blue.svg" width="201px"></a>
+<a href="https://m.do.co/c/1fdd0a1d695a"><img alt="DigitalOcean Logo" src="https://opensource.nyc3.cdn.digitaloceanspaces.com/attribution/assets/SVG/DO_Logo_horizontal_blue.svg" width="201px"></a>

-For cloud VPS hosting with $200 in free credit, consider using my DigitalOcean referral link: https://m.do.co/c/1fdd0a1d695a
+For cloud VPS hosting with $200 in free credit, consider using my [DigitalOcean referral link](https://m.do.co/c/1fdd0a1d695a)

🧰 Tools

🪛 Markdownlint

89-89: null
Bare URL used

(MD034, no-bare-urls)

---

85-85: null
Images should have alternate text (alt text)

(MD045, no-alt-text)

---

1-93: Documentation provides good coverage but needs security emphasis

The documentation comprehensively covers setup and usage. However, given that this is a Tor proxy intended for sensitive applications (as mentioned in PR objectives for "arr" applications), consider:

• Adding a dedicated "Security Considerations" section
• Providing guidance on monitoring for potential security issues
• Including troubleshooting steps for common problems

🧰 Tools

🪛 LanguageTool

[uncategorized] ~36-~36: Loose punctuation mark.
Context: ...s-proxy:latest ``` - --restart=always: This ensures the container automaticall...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~37-~37: Loose punctuation mark.
Context: ... reboots. - -p 127.0.0.1:9150:9150/tcp: This binds the container to localhost, ...

(UNLIKELY_OPENING_PUNCTUATION)

🪛 Markdownlint

89-89: null
Bare URL used

(MD034, no-bare-urls)

---

2-2: null
Images should have alternate text (alt text)

(MD045, no-alt-text)

---

85-85: null
Images should have alternate text (alt text)

(MD045, no-alt-text)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between bc2972b and f46eda3.

⛔ Files ignored due to path filters (1)

• apps/tor-socks-proxy/metadata/logo.jpg is excluded by !**/*.jpg

📒 Files selected for processing (3)

• apps/tor-socks-proxy/config.json (1 hunks)
• apps/tor-socks-proxy/docker-compose.yml (1 hunks)
• apps/tor-socks-proxy/metadata/description.md (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• apps/tor-socks-proxy/config.json

🧰 Additional context used

🪛 yamllint

apps/tor-socks-proxy/docker-compose.yml

[error] 12-12: no new line character at the end of file

(new-line-at-end-of-file)

---

[error] 12-12: trailing spaces

(trailing-spaces)

🪛 LanguageTool

apps/tor-socks-proxy/metadata/description.md

[uncategorized] ~36-~36: Loose punctuation mark.
Context: ...s-proxy:latest ``` - --restart=always: This ensures the container automaticall...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~37-~37: Loose punctuation mark.
Context: ... reboots. - -p 127.0.0.1:9150:9150/tcp: This binds the container to localhost, ...

(UNLIKELY_OPENING_PUNCTUATION)

🪛 Markdownlint

apps/tor-socks-proxy/metadata/description.md

89-89: null
Bare URL used

(MD034, no-bare-urls)

---

2-2: null
Images should have alternate text (alt text)

(MD045, no-alt-text)

---

85-85: null
Images should have alternate text (alt text)

(MD045, no-alt-text)

🔇 Additional comments (2)

apps/tor-socks-proxy/docker-compose.yml (1)

1-12: Verify network configuration with arr applications.

The service is connected to tipi_main_network. Let's verify if this network is properly configured and accessible by the arr applications that will use this proxy.

✅ Verification successful

Let me examine the actual network configurations of these arr applications to verify if they're properly connected to the same network as the tor-socks-proxy.

---

Network configuration is properly set up for all arr applications

All the arr applications (Sonarr, Radarr, and Prowlarr) are correctly configured to use the tipi_main_network network, which matches the network configuration of the tor-socks-proxy service. This ensures proper network connectivity between these services and the proxy.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check network configuration in other arr application compose files

# Search for network configuration in arr application compose files
echo "Checking network configuration in arr applications:"
fd -e yml -e yaml . apps/ --exec grep -l "tipi_main_network" {} \;

# Search for potential arr applications that might use this proxy
echo -e "\nChecking for arr applications:"
fd -e yml -e yaml . apps/ --exec grep -l "prowlarr\|radarr\|sonarr" {} \;

Length of output: 9286

---

Script:

#!/bin/bash
# Let's check the network configuration in the arr applications to verify connectivity

echo "Checking Sonarr network configuration:"
cat apps/sonarr/docker-compose.yml

echo -e "\nChecking Radarr network configuration:"
cat apps/radarr/docker-compose.yml

echo -e "\nChecking Prowlarr network configuration:"
cat apps/prowlarr/docker-compose.yml

Length of output: 5960

🧰 Tools

🪛 yamllint

[error] 12-12: no new line character at the end of file

(new-line-at-end-of-file)

---

[error] 12-12: trailing spaces

(trailing-spaces)

apps/tor-socks-proxy/metadata/description.md (1)

13-27: Add security advisory section

The introduction clearly explains the purpose, but consider adding a security advisory section warning users about:

• The importance of binding to localhost only
• Risks of exposing the SOCKS proxy to the network
• Recommendations for securing the proxy if network access is required

Let's check if there are any existing security advisories in the repository:

[coderabbitai]

⚠️ Potential issue

Pin the image to a specific version for security and stability.

Using latest tag can lead to unexpected changes and potential security issues. Consider pinning to a specific version.

-    image: peterdavehello/tor-socks-proxy:latest
+    image: peterdavehello/tor-socks-proxy:0.4.7.13

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	image: peterdavehello/tor-socks-proxy:latest
	image: peterdavehello/tor-socks-proxy:0.4.7.13

[coderabbitai]

🛠️ Refactor suggestion

Consider restricting port access to specific networks.

The Tor SOCKS proxy port is currently exposed to all interfaces. For better security, consider binding to specific networks or localhost if possible.

     ports:
-      - ${APP_PORT}:9150/tcp
+      - 127.0.0.1:${APP_PORT}:9150/tcp

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ports:
	- ${APP_PORT}:9150/tcp
	ports:
	- 127.0.0.1:${APP_PORT}:9150/tcp

[coderabbitai]

⚠️ Potential issue

Fix formatting issues.

There are two formatting issues that should be addressed:

1. Remove trailing spaces
2. Add a newline at the end of file

     networks:
-      - tipi_main_network
-    
+      - tipi_main_network
+

Committable suggestion was skipped due to low confidence.

🧰 Tools

🪛 yamllint

[error] 12-12: no new line character at the end of file

(new-line-at-end-of-file)

---

[error] 12-12: trailing spaces

(trailing-spaces)