I wrote a little ucspi-onion program, along the lines of ucspi-tcp and friends, to configure an onion service and serve it with any program that follows the UCSPI. Hg repository: https://mumble.net/~campbell/hg/ucspi-onion/ (The UCSPI is the `Unix client-server program interface', created for various djb tools: <https://cr.yp.to/proto/ucspi.txt>. It can also usually run any connection-oriented programs designed for inetd.) This can be combined with programs following the UCSPI, such as publicfile, to dynamically configure onions slightly more easily than <https://trac.torproject.org/projects/tor/wiki/doc/Publicfile>. This also avoids the TCP/IP stack altogether so that you can use Unix file system permissions to control access and limit leaks. This was an evening hack which I have not used in anger yet. If you feel inclined to try it and find it useful or encounter problems with it, I would be curious to hear. (I don't have a securedrop set up for you to post anonymous feedback, though, sorry!)