feat(tor-support): add Tor support for terminal nodes

Extends existing Tor functionality to terminal lightning  nodes.

Author: Jem256

docker/litd/Dockerfile

@@ -4,7 +4,7 @@ ARG LITD_VERSION
 ENV PATH=/opt/litd:$PATH
 
 RUN apt-get update -y \
-  && apt-get install -y curl gosu wait-for-it \
+  && apt-get install -y curl gosu wait-for-it tor\
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
@@ -21,7 +21,7 @@ RUN chmod a+x /entrypoint.sh
 
 VOLUME ["/home/litd/.litd"]
 
-EXPOSE 9735 8080 10000
+EXPOSE 9735 8080 10000 9050 9051
 
 ENTRYPOINT ["/entrypoint.sh"]
 

docker/litd/docker-entrypoint.sh

@@ -14,6 +14,65 @@ if ! id litd > /dev/null 2>&1; then
   chown -R $USERID:$GROUPID /home/litd
 fi
 
+usermod -a -G debian-tor litd
+mkdir -p /var/lib/tor/litd-service
+chown -R debian-tor:debian-tor /var/lib/tor
+chmod 755 /var/lib/tor
+chmod 700 /var/lib/tor/litd-service
+
+if [ "${ENABLE_TOR}" = "true" ]; then
+  echo "Starting Tor service..."
+
+   # Set default ports if not provided
+  TOR_SOCKS_PORT=${TOR_SOCKS_PORT:-9050}
+  TOR_CONTROL_PORT=${TOR_CONTROL_PORT:-9051}
+
+  # Generate torrc file with dynamic ports
+  cat > /etc/tor/torrc <<EOF
+# Config
+SocksPort 127.0.0.1:${TOR_SOCKS_PORT}
+ControlPort 127.0.0.1:${TOR_CONTROL_PORT}
+CookieAuthentication 1
+DataDirectory /var/lib/tor
+Log notice stdout
+
+# Hidden service settings (optional - for LND Tor address)
+HiddenServiceDir /var/lib/tor/litd-service
+HiddenServiceVersion 3
+HiddenServicePort 9735 127.0.0.1:9735
+HiddenServicePort 8080 127.0.0.1:8080
+EOF
+
+  gosu debian-tor tor &
+  TOR_PID=$!
+
+  echo "Waiting for Tor to create auth cookie..."
+  COOKIE_FILE="/var/lib/tor/control_auth_cookie"
+  TIMEOUT=30
+  ELAPSED=0
+  
+  while [ ! -f "$COOKIE_FILE" ] && [ $ELAPSED -lt $TIMEOUT ]; do
+    sleep 0.5
+    ELAPSED=$((ELAPSED + 1))
+  done
+  
+  if [ -f "$COOKIE_FILE" ]; then
+    # Get the litd group ID
+    LITD_GID=$(getent group litd | cut -d: -f3)
+    # Change the cookie file's group to litd
+    chown debian-tor:$LITD_GID "$COOKIE_FILE"
+    chmod 640 "$COOKIE_FILE"
+    # Fix directory permissions - Tor sets this to 700, but we need 755 
+    # so litd user can traverse into the directory
+    chmod 755 /var/lib/tor
+    echo "Tor auth cookie created and permissions set for SAFECOOKIE auth"
+  else
+    echo "WARNING: Tor auth cookie not found after ${TIMEOUT} seconds"
+  fi
+else
+  echo "Tor service disabled (ENABLE_TOR != 'true')"
+fi
+
 if [ $(echo "$1" | cut -c1) = "-" ]; then
   echo "$0: assuming arguments for litd"
 

src/components/network/NetworkActions.spec.tsx

@@ -208,7 +208,7 @@ describe('NetworkActions Component', () => {
       expect(await findByText('tor-failed')).toBeInTheDocument();
     });
 
-    it('should display disabled switch when no nodes support Tor', () => {
+    it('should display disabled switch when no nodes support Tor', async () => {
       const network = getNetwork(1, 'test network', Status.Stopped);
       network.nodes.bitcoin = [
         { ...network.nodes.bitcoin[0], implementation: 'btcd' } as any,
@@ -223,7 +223,7 @@ describe('NetworkActions Component', () => {
         },
       };
 
-      const { getByRole, getByLabelText } = renderWithProviders(
+      const { getByRole, getByLabelText, findByText } = renderWithProviders(
         <NetworkActions
           network={network}
           onClick={jest.fn()}
@@ -233,7 +233,8 @@ describe('NetworkActions Component', () => {
         />,
         { initialState },
       );
-
+      fireEvent.mouseOver(getByLabelText('more'));
+      await findByText('Rename');
       const torSwitch = getByRole('switch');
       expect(torSwitch).toBeDisabled();
       expect(getByLabelText('unlock')).toBeInTheDocument();

src/lib/docker/composeFile.spec.ts

@@ -263,4 +263,18 @@ describe('ComposeFile', () => {
     const service = composeFile.content.services[eclairNode.name];
     expect(service.environment?.ENABLE_TOR).toBe('false');
   });
+
+  it('should set ENABLE_TOR to true when tor is enabled on litd node', () => {
+    litdNode.enableTor = true;
+    composeFile.addLitd(litdNode, btcNode, litdNode);
+    const service = composeFile.content.services[litdNode.name];
+    expect(service.environment?.ENABLE_TOR).toBe('true');
+  });
+
+  it('should set ENABLE_TOR to false when tor is disabled on litd node', () => {
+    litdNode.enableTor = false;
+    composeFile.addLitd(litdNode, btcNode, litdNode);
+    const service = composeFile.content.services[litdNode.name];
+    expect(service.environment?.ENABLE_TOR).toBe('false');
+  });
 });

src/lib/docker/composeFile.ts

@@ -201,11 +201,18 @@ class ComposeFile {
     // use the node's custom image or the default for the implementation
     const image = node.docker.image || `${dockerConfigs.litd.imageName}:${version}`;
     // use the node's custom command or the default for the implementation
-    const nodeCommand = node.docker.command || getDefaultCommand('litd', version);
+    let nodeCommand = node.docker.command || getDefaultCommand('litd', version);
     // replace the variables in the command
-    const command = this.mergeCommand(nodeCommand, variables);
+    nodeCommand = this.mergeCommand(nodeCommand, variables);
+    // Apply Tor flags if Tor is enabled
+    nodeCommand = applyTorFlags(nodeCommand, !!node.enableTor, 'litd');
     // add the docker service
-    const svc = litd(name, container, image, rest, grpc, p2p, web, command);
+    const svc = litd(name, container, image, rest, grpc, p2p, web, nodeCommand);
+    // add ENABLE_TOR variable
+    svc.environment = {
+      ...svc.environment,
+      ENABLE_TOR: node.enableTor ? 'true' : 'false',
+    };
     this.addService(svc);
   }
 

src/lib/lightning/clightning/clightningService.spec.ts

@@ -463,4 +463,33 @@ describe('CLightningService', () => {
       expect(clightningApiMock.httpPost).toHaveBeenCalledTimes(1);
     });
   });
+
+  it('should get node info using torv3 address for rpcUrl', async () => {
+    const infoResponse: Partial<CLN.GetInfoResponse> = {
+      id: 'asdf',
+      alias: '',
+      address: [
+        {
+          type: 'torv3',
+          address: 'toraddress1234567890.onion',
+          port: 9735,
+        },
+      ],
+      binding: [{ type: 'ipv4', address: '0.0.0.0', port: 9735 }],
+      blockheight: 0,
+      numActiveChannels: 0,
+      numPendingChannels: 0,
+      numInactiveChannels: 0,
+      warningLightningdSync: 'blah',
+    };
+
+    clightningApiMock.httpPost.mockResolvedValue(infoResponse);
+    const expected = defaultStateInfo({
+      pubkey: 'asdf',
+      rpcUrl: 'asdf@toraddress1234567890.onion:9735',
+    });
+
+    const actual = await clightningService.getInfo(node);
+    expect(actual).toEqual(expected);
+  });
 });

src/utils/network.ts

@@ -720,6 +720,14 @@ const getTorFlags = (implementation: NodeImplementation): string[] => {
         '--socks5.enabled=true',
         '--socks5.proxy=127.0.0.1:9050',
       ];
+    case 'litd':
+      return [
+        '--lnd.tor.active',
+        '--lnd.tor.socks=127.0.0.1:9050',
+        '--lnd.tor.control=127.0.0.1:9051',
+        '--lnd.tor.v3',
+        '--lnd.listen=localhost',
+      ];
     case 'bitcoind':
       return ['-proxy=127.0.0.1:9050', '-torcontrol=127.0.0.1:9051', '-bind=127.0.0.1'];
     default:
@@ -756,6 +764,16 @@ export const applyTorFlags = (
     });
   }
 
+  if (implementation === 'litd' && enableTor) {
+    lines = lines.filter(line => {
+      const trimmed = line.trim();
+      return !(
+        trimmed.startsWith('--lnd.listen=0.0.0.0') ||
+        trimmed.startsWith('--lnd.externalip=')
+      );
+    });
+  }
+
   if (implementation === 'c-lightning' && enableTor) {
     lines = lines.filter(line => {
       const trimmed = line.trim();
@@ -815,7 +833,8 @@ export const supportsTor = (node: CommonNode): boolean => {
     return (
       lnNode.implementation === 'LND' ||
       lnNode.implementation === 'c-lightning' ||
-      lnNode.implementation === 'eclair'
+      lnNode.implementation === 'eclair' ||
+      lnNode.implementation === 'litd'
     );
   }
   if (node.type === 'bitcoin') {