Upload 11 files

.github/dependabot.yml

@@ -0,0 +1,8 @@
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/docker.yml

@@ -0,0 +1,39 @@
+name: CI
+
+on:
+  push:
+    branches: [ master ]
+  workflow_dispatch:
+  schedule:
+  - cron: "0 8 * * 1"
+
+jobs:
+  buildx:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker Login
+        uses: docker/login-action@v3.0.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push latest
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
+          push: true
+          tags: |
+            walt3rl/proton-privoxy:latest
+            walt3rl/proton-privoxy:0.4.2

Dockerfile

@@ -0,0 +1,27 @@
+FROM alpine:3.16
+LABEL maintainer="Walter Leibbrandt"
+LABEL version="0.4.3"
+# XXX Copy version to Docker image tag in .github/workflows/docker.yml when changing!
+
+EXPOSE 8080
+
+ARG PVPN_CLI_VER=2.2.12
+ENV PVPN_USERNAME= \
+    PVPN_USERNAME_FILE= \
+    PVPN_PASSWORD= \
+    PVPN_PASSWORD_FILE= \
+    PVPN_TIER=2 \
+    PVPN_PROTOCOL=udp \
+    PVPN_CMD_ARGS="connect --fastest" \
+    PVPN_DEBUG= \
+    HOST_NETWORK= \
+    DNS_SERVERS_OVERRIDE=
+
+COPY app /app
+COPY pvpn-cli /root/.pvpn-cli
+
+RUN apk --update add coreutils openvpn privoxy procps python3 runit git \
+    && python3 -m ensurepip \
+    && pip3 install git+https://github.com/Rafficer/linux-cli-community.git@v$PVPN_CLI_VER
+
+CMD ["runsvdir", "/app"]

LICENSE.md

@@ -0,0 +1,25 @@
+The MIT License (MIT)
+=====================
+
+Copyright © 2020 Walter Leibbrandt
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the “Software”), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

app/proton-privoxy/config

@@ -0,0 +1,6 @@
+confdir /app/proton-privoxy
+logdir /var/log/privoxy
+listen-address  0.0.0.0:8080
+
+#debug   1    # show each GET/POST/CONNECT request
+debug   4096 # Startup banner and warnings

app/proton-privoxy/run

@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# Create the necessary file structure for /dev/net/tun
+# required to run on docker swarm, as there are no devices available
+if ( [ ! -c /dev/net/tun ] ); then
+  if ( [ ! -d /dev/net ] ); then
+    mkdir -m 755 /dev/net
+  fi
+  mknod /dev/net/tun c 10 200
+  chmod 0755 /dev/net/tun
+  echo "Created /dev/net/tun."
+fi
+
+PVDIR=/root/.pvpn-cli
+
+if [ -z "$PVPN_USERNAME" ] && [ -z "$PVPN_USERNAME_FILE" ]; then
+	echo "Error: Either env var \$PVPN_USERNAME or \$PVPN_USERNAME_FILE is required."
+	exit 1
+fi
+
+if [ -z "$PVPN_PASSWORD" ] && [ -z "$PVPN_PASSWORD_FILE" ]; then
+	echo "Error: Either env var \$PVPN_PASSWORD or \$PVPN_PASSWORD_FILE is required."
+	exit 1
+fi
+
+[ -f "$PVPN_USERNAME_FILE" ] && PVPN_USERNAME=$(cat "$PVPN_USERNAME_FILE")
+[ -f "$PVPN_PASSWORD_FILE" ] && PVPN_PASSWORD=$(cat "$PVPN_PASSWORD_FILE")
+
+# Initialize config
+if [ ! -f $PVDIR/pvpn-cli.cfg ]; then
+	cp $PVDIR/pvpn-cli.cfg.clean $PVDIR/pvpn-cli.cfg
+	sed -i \
+		-e "s/PVPN_USERNAME/$PVPN_USERNAME/" \
+		-e "s/PVPN_PROTOCOL/$PVPN_PROTOCOL/" \
+		-e "s/PVPN_TIER/$PVPN_TIER/" \
+		$PVDIR/pvpn-cli.cfg
+fi
+
+echo "$PVPN_USERNAME" > $PVDIR/pvpnpass
+echo "$PVPN_PASSWORD" >> $PVDIR/pvpnpass
+chmod 0600 $PVDIR/pvpnpass
+
+# Connect to ProtonVPN
+protonvpn refresh
+# shellcheck disable=SC2086
+protonvpn $PVPN_CMD_ARGS
+
+if ! ip link show proton0 > /dev/null; then
+	echo "Failed to bring up VPN :("
+	exit 1
+fi
+
+if [ -n "$DNS_SERVERS_OVERRIDE" ]; then
+	# This needs to run at this point, because ProtonVPN will have changed the
+	# DNS servers in /etc/resolv.conf.
+	cp /etc/resolv.conf /etc/resolv.conf.bak
+	echo "$DNS_SERVERS_OVERRIDE" | sed -e 's/^/nameserver /' -e 's/,/\nnameserver /' > /etc/resolv.conf
+fi
+
+# Setup route for host network
+if [ -n "$HOST_NETWORK" ]; then
+	gw=$(ip route | awk '$1 == "default" { print $3 }')
+	ip route add "$HOST_NETWORK" via "$gw"
+fi
+
+# Start Privoxy
+ln -s /etc/privoxy/templates /app/proton-privoxy/
+exec privoxy --no-daemon

pvpn-cli/pvpn-cli.cfg.clean

@@ -0,0 +1,14 @@
+[USER]
+username = PVPN_USERNAME
+tier = PVPN_TIER
+default_protocol = PVPN_PROTOCOL
+initialized = 1
+dns_leak_protection = 1
+custom_dns = None
+check_update_interval = 3
+killswitch = 0
+
+[metadata]
+last_api_pull = 1587943789
+last_update_check = 1587943788
+

test/docker_secrets_test/creds/password

@@ -0,0 +1 @@
+password from file

test/docker_secrets_test/creds/username

@@ -0,0 +1 @@
+username from file

test/docker_secrets_test/docker-compose.yml

@@ -0,0 +1,18 @@
+version: "3"
+services:
+  proton-privoxy:
+    image: walt3rl/proton-privoxy:0.4.2-dev
+    container_name: proton-privoxy
+    environment:
+      - PVPN_USERNAME_FILE=/test/creds/username
+      - PVPN_PASSWORD_FILE=/test/creds/password
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - .:/test
+    ports:
+      - 8888:8080
+    restart: unless-stopped
+    devices:
+      - /dev/net/tun
+    cap_add:
+      - NET_ADMIN

test/docker_secrets_test/test.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+#docker build -t walt3rl/proton-privoxy:0.4.2-dev ../..
+docker-compose up -d
+pvpnpass=$(docker-compose exec proton-privoxy cat /root/.pvpn-cli/pvpnpass)
+docker-compose down
+
+username=$(echo "$pvpnpass" | head -n 1 | sed 's/\s*$//g')
+password=$(echo "$pvpnpass" | tail -n 1 | sed 's/\s*$//g')
+errcode=0
+
+if [ "$username" == "$(cat creds/username)" ]; then
+    echo "✅ Username is correct"
+else
+    echo "❌ Username does NOT match creds/username: $username"
+    command -v xxd &> /dev/null && echo "$username" | xxd
+    errcode=1
+fi
+
+if [ "$password" == "$(cat creds/password)" ]; then
+    echo "✅ Password is correct"
+else
+    echo "❌ Password does NOT match creds/password: $password"
+    command -v xxd &> /dev/null && echo "$password" | xxd
+    errcode=1
+fi
+
+exit $errcode