version: '3.8' # Happy Family Setup (Tor 0.4.9+): # # Option A - Generate a new key: # 1. Start relay-1, then run: docker exec guard-relay-1 gen-family MyRelays # 2. Copy the .secret_family_key to all relay volumes: # docker cp guard-relay-1:/var/lib/tor/keys/MyRelays.secret_family_key . # docker cp MyRelays.secret_family_key guard-relay-2:/var/lib/tor/keys/ # docker cp MyRelays.secret_family_key guard-relay-3:/var/lib/tor/keys/ # 3. Fix ownership: docker exec -u 0 chown 100:101 /var/lib/tor/keys/MyRelays.secret_family_key # 4. Add 'FamilyId ' to each relay's torrc # 5. Keep MyFamily lines during the transition period # 6. Restart all relays # # Option B - Import an existing key from a non-Docker setup: # 1. Copy your .secret_family_key to the Docker host # 2. docker cp MyRelays.secret_family_key guard-relay-1:/var/lib/tor/keys/ # (repeat for each relay container) # 3. Fix ownership: docker exec -u 0 chown 100:101 /var/lib/tor/keys/MyRelays.secret_family_key # 4. Add 'FamilyId ' to each relay's torrc # 5. Restart all relays services: tor-relay-1: image: r3bo0tbx1/onion-relay:latest container_name: guard-relay-1 restart: unless-stopped network_mode: host security_opt: - no-new-privileges:true cap_add: - NET_BIND_SERVICE - CHOWN - SETUID - SETGID - DAC_OVERRIDE cap_drop: - ALL volumes: - ./relays/relay1.conf:/etc/tor/torrc:ro - tor-guard-data-1:/var/lib/tor - tor-guard-logs-1:/var/log/tor healthcheck: test: ["CMD-SHELL", "/usr/local/bin/healthcheck.sh"] interval: 10m timeout: 15s start_period: 30s retries: 3 deploy: resources: limits: cpus: '1.5' memory: 768M reservations: cpus: '0.5' memory: 512M logging: driver: json-file options: max-size: "10m" max-file: "3" tor-relay-2: image: r3bo0tbx1/onion-relay:latest container_name: guard-relay-2 restart: unless-stopped network_mode: host security_opt: - no-new-privileges:true cap_add: - NET_BIND_SERVICE - CHOWN - SETUID - SETGID - DAC_OVERRIDE cap_drop: - ALL volumes: - ./relays/relay2.conf:/etc/tor/torrc:ro - tor-guard-data-2:/var/lib/tor - tor-guard-logs-2:/var/log/tor healthcheck: test: ["CMD-SHELL", "/usr/local/bin/healthcheck.sh"] interval: 10m timeout: 15s start_period: 30s retries: 3 deploy: resources: limits: cpus: '1.5' memory: 768M reservations: cpus: '0.5' memory: 512M logging: driver: json-file options: max-size: "10m" max-file: "3" tor-relay-3: image: r3bo0tbx1/onion-relay:latest container_name: guard-relay-3 restart: unless-stopped network_mode: host security_opt: - no-new-privileges:true cap_add: - NET_BIND_SERVICE - CHOWN - SETUID - SETGID - DAC_OVERRIDE cap_drop: - ALL volumes: - ./relays/relay3.conf:/etc/tor/torrc:ro - tor-guard-data-3:/var/lib/tor - tor-guard-logs-3:/var/log/tor healthcheck: test: ["CMD-SHELL", "/usr/local/bin/healthcheck.sh"] interval: 10m timeout: 15s start_period: 30s retries: 3 deploy: resources: limits: cpus: '1.5' memory: 768M reservations: cpus: '0.5' memory: 512M logging: driver: json-file options: max-size: "10m" max-file: "3" volumes: tor-guard-data-1: name: tor-guard-data-1 driver: local tor-guard-logs-1: name: tor-guard-logs-1 driver: local tor-guard-data-2: name: tor-guard-data-2 driver: local tor-guard-logs-2: name: tor-guard-logs-2 driver: local tor-guard-data-3: name: tor-guard-data-3 driver: local tor-guard-logs-3: name: tor-guard-logs-3 driver: local