ID: ceq0ad
Date: 2025-04-14T01:24:54Z
Authors: Izuru Yakumo <eternal-servant@yakumo.dev>
Categories: Sysadmin
Title: Setting up Tor federation with Prosody

I personally decided to pull this off today, as I had restarted Prosody
a few times earlier for unrelated stuff going around.

Setting this up is relatively simple, but I will describe the steps I
took for Yakumo Laboratories.

# Step 1: Build mkp224o
_Vanity address generator for hidden service version 3 (formerly known
as proposal 224) onion addresses_

<https://github.com/cathugger/mkp224o>

This requires a relatively recent libsodium installed in your system,
but I won't cover this here.

It's also optional, but if you want your address to look cool, worry no
more!

# Step 2: Edit torrc(5)
For XMPP (and anything else under chat.yakumo.dev), I added the
following lines:

```
HiddenServiceDir /var/chroot/tor/ykm45ela6cq3hhv6u5xcvwxesbzoukcztm2oxzk74gdplruzfddfxcqd.onion/
HiddenServicePort 80 127.0.0.1:80 # HTTP
HiddenServicePort 5222 127.0.0.1:5222 # Prosody client-to-server
HiddenServicePort 5269 127.0.0.1:5269 # Prosody server-to-server
HiddenServicePort 6667 127.0.0.1:6667 # Ratbox
HiddenServicePort 6668 127.0.0.1:6668 # Suika
```

In my case I followed step one and the directory already had the
hostname in it, sweet.
However, for the majority of users, you probably have to figure out that
one yourself, a simple `cat [tor data directory]/[jabber service]/hostname` will do.

# Step 3: Install mod_onions
Prosody 0.12 and forward includes a module installer (though you always
have to specify the host as an argument, for whatever reason) which will
do you good.

```
prosodyctl install --server=https://modules.prosody.im/rocks/ mod_onions
```

# Step 4: Configure Prosody
Having already figured out the hostname by now, this is a tricky part,
but worry not, I have an snippet for you.

```
VirtualHost "ykm45ela6cq3hhv6u5xcvwxesbzoukcztm2oxzk74gdplruzfddfxcqd.onion"
modules_enabled = { "onions" }
c2s_require_encryption = false
```

# Step 5: Generate and import certificates

```
prosodyctl cert generate [your onion address]
prosodyctl --root cert import [wherever prosody stores the certificates]
```

# Step 6: Restart!

```
prosodyctl restart
```

# EXTRA: Clearnet federation
Just insert the "onions" module in modules_enabled for your clearnet
virtual hosts (and MUC components, if any).

## Notes:
There's also two forks of mod_onions to date, mod_darknet (maintained by
an i2pd dev), and mod_deepweb (maintained by the owner of kalli.st)