Osservatorio Nessuno via tor-relays wrote:
Hi everyone!
A while back, we announced[1] our project to set up a server facility in Italy to host Tor exit nodes. After several weeks of testing, we’re excited to share that our first nodes are now in production, running on our autonomous system. [2]
Four of these nodes operate diskless thanks to System Transparency [3] and Patela [4], a small, pull-based tool we developed to configure exit nodes efficiently. To optimize this infrastructure, we’ve worked on multiple fronts, including mTLS for nodes authentication, TPM for crypto operation and nftables rules.
In this post[5], we’ll explain how the system works, and we’d love to hear your thoughts and feedback via the mailing list.
Now that we’ve completed this initial testing phase, our next goal is to acquire suitable hardware to increase bandwidth capacity. Stay tuned for updates!
Bye
b
[1] - https://osservatorionessuno.org/blog/2024/12/how-to-bgp-from-your- basement-and-other-tales/ [2] - https://metrics.torproject.org/rs.html#search/as:AS214094 [3] - https://docs.system-transparency.org/st-1.0.0/ [4] - https://github.com/osservatorionessuno/patela [5] - https://osservatorionessuno.org/blog/2025/05/patela-a-basement- full-of-amnesic-servers/
Amazing work - it's about time someone found a neat use case for the TPM chip. Nodes look really good with native IPv6 and everything. Would it be possible in the future to extend the tool to use the TPM in the same diskless way for: - bridges that use obfs4 cert - onion services I was thinking if we could have deterministic (based on a seed word string from a dictionary) onion addresses. Same way like you restore a Bitcoin wallet using a seed phrase (secp256k1 ecdsa key) should be possible with curve25519 (Tor v3 Onion Service), but this requires a cryptographer to test it for entropy and security, it's not something we want to play with. Theoretically, it should be possible. Right now the only way to back-up an onion service identity is to copy-paste the key file somewhere.