Because an ephemeral filesystem makes sense in my threat model.
Read deploy.sh and tor and maybe change INSTALL_PREFIX and WORKDIR respectively.
Run ./deploy.sh.
tor should now be in your $PATH. So, run tor from a terminal or dmenu et al (or make a tor.desktop shortcut).
Docker, sudo, sakura (terminal for --no-interaction), curl, sha256sum, X.
Customize to your needs.
This Docker setup assumes your user is not in the docker-group, and you are not root. It will try to use sudo to elevate your privileges - you can give your user NOPASSWD sudo access to the tor script. This should be "safe" since it takes no actual user input.
If you want to contribute, feel free to make a pull request on Github, please read CONTRIBUTING and the license first.