@cassidyclown @ryo @neet @ne @Tadano
Pinging a bunch of admins that I think might be interested in what I'm about to offer.

So, it's no secret that the backbone of Internet as we know it is quite fragile. Love or hate Kiwi Farms, but the events happening around it show that even Tier 1 ISPs aren't safe from malicious actors willing to take down anything over personal disagreements without any court orders or other legal bindings. This could happen to *you* once they taste the blood. One man couldn't do much on their own, so rather than trying to change human nature, I think we should adopt technical solutions that eliminate that factor.

Here's where darknets come to play, namely Tor and I2P. Technical differences aside, both are rather effective at doing their job at hiding their user's and server's physical endpoints, and both can be integrated into fediverse in some capacity with relative ease thanks to the fact ActivityPub primarily federates through HTTP. As such, it is possible to create instances in Tor/I2P and make clearnet instances federate with former. The more instances there are that can federate with Tor, the more incentive for hosting Tor-only instances there is. And that's what I want to ask you.

Printed below is a short instruction on how to get your existing instance to federate with Tor without scarificing existing connectivity. It assumes you're running Debian-based distro; if you're running anything else, I expect you to know what init and package manager your distro uses and adjust the commands if necessary. Let's begin.

1. Install and enable Tor
$ apt install tor
$ systemctl enable tor
$ systemctl start TorAfter that Tor should be running and accepting connections on 127.0.0.1:9050, similarly to what Tor Browser bundle already does, but without the browser. You won't become an exit node with default config, don't worry.

2. Install and configure Privoxy, this is proxy we're going to use to route *.onion traffic through Tor and everything else over regular connections
$ apt install privoxyNext move or delete default config (/etc/privoxy/config) and make a new one consisting of following:
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
max-client-connections 65535
buffer-limit 4096

logfile /dev/null

forward / .
forward-socks5t .onion 127.0.0.1:9050 .
Finally, enable and restart the service.
$ systemctl enable privoxy
$ systemctl start privoxyOptionally, you can test if the proxy is working with the following:
$ http_proxy=http://127.0.0.1:8118 curl http://rawrxd4mden7rmbobaftao3qjyxbrvj4rrooehkqxlqcsdtnnn2hndid.onion/api/v1/instanceIf it returns a bunch of JSON, it should be good to go.

3. Locate your Pleroma's config file: /opt/pleroma/config/prod.secret.exs for source installs, /etc/pleroma/config for OTP. Then add the following to it:
config :pleroma, :http,
proxy_url: "127.0.0.1:8118"
Optionally, it wouldn't hurt to increase timeouts, since Tor is rather slow and your instance might not catch up with default parameters. Replace Ю and Ъ with opening and closing square brackets, respectively; Pleroma bug with BBcode still isn't fixed and using Markup fucks up the whole list instead.
config :pleroma, :hackney_pools,
federation: Ю
timeout: 300_000
Ъ
config :pleroma, :pools,
federation: Ю
recv_timeout: 30_000
Ъ
4. Restart Pleroma, and you're good to go! Try to ping @mint, this is my alt on a Tor-only Pleroma instance that can federate with clearnet. Click "preview" a few times until the profile gets fetched and the ping link becomes clickable. That instance is hosted on a rather slow server and might take a while to catch up, but we with an operator will resolve that sometime in the future.

Feel free to ask me for additional support in case you're confused, as there might be a few caveats you could go through. I2P federation can be enabled similarly, and I'll provide the instructions if anyone is interested.
random image from gelbooru with…