📝 docs(v1.1.1): Add Cosmos config templates and clarify docs

- 🧩 Added two JSON templates for Cosmos deployments: - Tor Guard Relay config template - obfs4 Bridge Relay config template - 📘 Updated README.md to include configuration examples, network-mode guidance, and improved formatting - 🔒 Revised SECURITY.md to clarify security considerations and correct inaccuracies - ✨ Fixed minor typos and improved example consistency
2026-04-06 00:32:04 +02:00 · 2025-11-14 22:48:21 +08:00
parent 4e088c8015
commit f7a9ed9bd4
4 changed files with 123 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -100,11 +100,11 @@ The script will:

 ### Manual Deployment

-**Step 1:** Create your relay configuration (or use our [example](examples/relay.conf)):
+**Step 1:** Create your relay configuration (or use our [example](examples/relay-guard.conf)):

 ```bash
 mkdir -p ~/tor-relay && cd ~/tor-relay
-curl -O https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/main/examples/relay.conf
+curl -o relay.conf https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/examples/relay-guard.conf
 nano relay.conf
 ```

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -413,8 +413,9 @@ echo "relay.conf" >> .gitignore

 ### Host Network Mode

-**What:** Container uses `--network host`
-**Why:** Enables Tor dual-stack (IPv4 + IPv6) support and eliminates NAT overhead
+**What‼️:** Container uses `--network host`
+
+**Why ⁉️:** Enables Tor dual-stack (IPv4 + IPv6) support and eliminates NAT overhead

 **Security Impact:**
 * ✅ Container runs as non-root user (`tor` UID 100)
--- a/templates/cosmos-bind-config-guard-relay.json
+++ b/templates/cosmos-bind-config-guard-relay.json
@@ -0,0 +1,59 @@
+{
+  "minVersion": "0.8.0",
+  "services": {
+    "TorGuardRelay": {
+      "image": "r3bo0tbx1/onion-relay:latest",
+      "container_name": "TorGuardRelay",
+      "restart": "unless-stopped",
+      "environment": [
+        "TZ=Asia/Tokyo"
+      ],
+      "network_mode": "host",
+      "volumes": [
+        {
+          "type": "volume",
+          "source": "tor-guard-data",
+          "target": "/var/lib/tor"
+        },
+        {
+          "type": "volume",
+          "source": "tor-guard-logs",
+          "target": "/var/log/tor"
+        },
+        {
+          "type": "bind",
+          "source": "/home/<user>/relay.conf",
+          "target": "/etc/tor/torrc",
+          "read_only": true
+        }
+      ],
+      "security_opt": [
+        "no-new-privileges:true"
+      ],
+      "cap_add": [
+        "NET_BIND_SERVICE",
+        "CHOWN",
+        "SETUID",
+        "SETGID",
+        "DAC_OVERRIDE"
+      ],
+      "labels": {
+        "cosmos-auto-update": "true",
+        "cosmos-auto-update-type": "registry",
+        "cosmos-auto-update-notify": "true",
+        "cosmos-auto-update-restart": "true",
+        "cosmos-description": "🛡️ Tor Guard Relay",
+        "cosmos-force-network-secured": "false",
+        "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/onion.png",
+        "cosmos-stack": "TorGuardRelay",
+        "cosmos-stack-main": "TorGuardRelay",
+        "cosmos-version": "1.1.1",
+        "maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
+      }
+    }
+  },
+  "volumes": {
+    "tor-guard-data": {},
+    "tor-guard-logs": {}
+  }
+}
--- a/templates/cosmos-bind-confing-bridge.json
+++ b/templates/cosmos-bind-confing-bridge.json
@@ -0,0 +1,59 @@
+{
+  "minVersion": "0.8.0",
+  "services": {
+    "TorGuardRelay": {
+      "image": "r3bo0tbx1/onion-relay:latest",
+      "container_name": "obfs4-bridge",
+      "restart": "unless-stopped",
+      "environment": [
+        "TZ=Asia/Tokyo"
+      ],
+      "network_mode": "host",
+      "volumes": [
+        {
+          "type": "volume",
+          "source": "obfs4-data",
+          "target": "/var/lib/tor"
+        },
+        {
+          "type": "volume",
+          "source": "obfs4-logs",
+          "target": "/var/log/tor"
+        },
+        {
+          "type": "bind",
+          "source": "/home/<user>/bridge.conf",
+          "target": "/etc/tor/torrc",
+          "read_only": true
+        }
+      ],
+      "security_opt": [
+        "no-new-privileges:true"
+      ],
+      "cap_add": [
+        "NET_BIND_SERVICE",
+        "CHOWN",
+        "SETUID",
+        "SETGID",
+        "DAC_OVERRIDE"
+      ],
+      "labels": {
+        "cosmos-auto-update": "true",
+        "cosmos-auto-update-type": "registry",
+        "cosmos-auto-update-notify": "true",
+        "cosmos-auto-update-restart": "true",
+        "cosmos-description": "🌉 Tor Bridge Relay",
+        "cosmos-force-network-secured": "false",
+        "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/obfs4.png",
+        "cosmos-stack": "obfs4-bridge",
+        "cosmos-stack-main": "obfs4-bridge",
+        "cosmos-version": "1.1.1",
+        "maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
+      }
+    }
+  },
+  "volumes": {
+    "obfs4-data": {},
+    "obfs4-logs": {}
+  }
+}