Add Makefile and docker-compose v3

Makefile

@@ -0,0 +1,23 @@
+test:
+	tox
+
+check:
+	pre-commit run --all-files
+
+build:
+	docker-compose build
+
+run: build
+	docker-compose up
+
+build-v2:
+	docker-compose -f docker-compose.v2.yml build
+
+run-v2: build-v2
+	docker-compose -f docker-compose.v2.yml up
+
+build-v3:
+	docker-compose -f docker-compose.v3.yml build
+
+run-v3: build-v3
+	docker-compose -f docker-compose.v3.yml up

README.md

@@ -122,6 +122,14 @@ __Warning__: Be carefull to not use the same exposed ports for grouped services.
 
 Links setting are required when using docker-compose v2. See `docker-compose.v2.yml` for example.
 
+### Copose v3 support and secrets
+
+Links setting are required when using docker-compose v3. See `docker-compose.v3.yml` for example.
+
+#### Secrets
+
+Secret key can be set through docker `secrets`, see `docker-compose.v3.yml` for example.
+
 ### Tools
 
 A command line tool `onions` is available in container to get `.onion` url when container is running.

assets/entrypoint-config.yml

@@ -6,12 +6,12 @@ group: tor
 secret_env:
     - '*_KEY'
     - '*_PORTS'
+    - '*_SERVICE_NAME'
 
 pre_conf_commands:
     - onions --setup-hosts
 
 post_conf_commands:
-    - onions
     - chown -R tor:tor $HOME
 
 reload:

assets/onions/onions/Service.py

@@ -118,6 +118,8 @@ class ServicesGroup(object):
     def load_key_from_secrets(self):
         'Load key from docker secret using service name'
         secret_file = os.path.join('/run/secrets', self.name)
+        if not os.path.exists(secret_file):
+            return
         try:
             self._load_key(secret_file)
             self._key_in_secrets = True

docker-compose.v3.yml

@@ -0,0 +1,53 @@
+# docker version 3 example
+
+version: "3.1"
+
+services:
+  tor:
+    image: goldy/tor-hidden-service
+    build: .
+    links:
+      - hello
+      - world
+      - again
+    environment:
+        # Set mapping ports
+        HELLO_PORTS: 80:80,800:80,8888:80
+
+        WORLD_PORTS: 8000:80
+
+        AGAIN_PORTS: 88:80
+
+        # hello and again will share the same onion_adress
+        AGAIN_SERVICE_NAME: foo
+        HELLO_SERVICE_NAME: foo
+
+    # Keep keys in volumes
+    volumes:
+      - tor-keys:/var/lib/tor/hidden_service/
+
+    # Set secret for key, use the same name as the service
+    secrets:
+      - source: foo
+        target: foo
+        mode: 0400
+
+  hello:
+    image: tutum/hello-world
+    hostname: hello
+
+  world:
+    image: tutum/hello-world
+    hostname: world
+
+  again:
+    image: tutum/hello-world
+    hostname: again
+
+volumes:
+    tor-keys:
+        driver: local
+
+secrets:
+    foo:
+        file: ./foo_private_key

foo_private_key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C
+NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH
+dnFnHEcsllSEqD1hPAAvMUWwSMJaNmBEFtl8DUMS9tPX5fWGX4w5Xx8dZwIDAQAB
+AoGBAMb20jMHxaZHWg2qTRYYJa8LdHgS0BZxkWYefnBUbZn7dOz7mM+tddpX6raK
+8OSqyQu3Tc1tB9GjPLtnVr9KfVwhUVM7YXC/wOZo+u72bv9+4OMrEK/R8xy30XWj
+GePXEu95yArE4NucYphxBLWMMu2E4RodjyJpczsl0Lohcn4BAkEA+XPaEKnNA3AL
+1DXRpSpaa0ukGUY/zM7HNUFMW3UP00nxNCpWLSBmrQ56Suy7iSy91oa6HWkDD/4C
+k0HslnMW5wJBANdz4ehByMJZmJu/b5y8wnFSqep2jmJ1InMvd18BfVoBTQJwGMAr
++qwSwNXXK2YYl9VJmCPCfgN0o7h1AEzvdYECQAM5UxUqDKNBvHVmqKn4zShb1ugY
+t1RfS8XNbT41WhoB96MT9P8qTwlniX8UZiwUrvNp1Ffy9n4raz8Z+APNwvsCQQC9
+AuaOsReEmMFu8VTjNh2G+TQjgvqKmaQtVNjuOgpUKYv7tYehH3P7/T+62dcy7CRX
+cwbLaFbQhUUUD2DCHdkBAkB6CbB+qhu67oE4nnBCXllI9EXktXgFyXv/cScNvM9Y
+FDzzNAAfVc5Nmbmx28Nw+0w6pnpe/3m0Tudbq3nHdHfQ
+-----END RSA PRIVATE KEY-----