Description
- Gitea version (or commit ref): 1.14.1
- Git version: 2.31.0
- Operating system: Debian GNU/Linux
It is currently possible, however a little difficult, to run Gitea safely as a service on privacy-protecting overlay networks like Tor and I2P. I would like to add the ability to host Gitea using Tor and I2P without additional configuration by using the existing libraries for both networks which implement the neccesary Go network interfaces, net.Listener, net.Addr, and net.Conn. This is of course beneficial to privacy-sensitive project hosting, but it also lowers the barrier for self-hosters in general since it can be easier and safer to host services in one's own residence when using Tor or I2P to obfuscate the location. Other benefits are easier HTTPS support for hidden services.
It would suggest possibly adding some flags to the command, perhaps --tor to indicate that it should run as a Tor service, --i2p to run as an I2P service. When using those, the gitea web interface should normally be inaccessible anywhere but the localhost to prevent correlating a non-anonymous and anonymous service. Therefore it should also have a --bridged to run as a non-private web service at the same time, as in a situation where a service wishes to exist on many networks at the same time and does not need to maintain anonymity. I believe that both --tor and --i2p should be strings and not booleans, which should reflect the respective control interfaces for their routers, for example --tor=127.0.0.1:9050 and --i2p=127.0.0.1:7656. Keys will then be generated, which will need to be stored somewhere. This could be specified with yet-another flag or with a config option. In the event that --i2p or --tor is specified, then an SSH listener for the respective service should be started automatically as well.
Adding this support is roughly one evening's worth of work at my best guess, and I'd like to add this feature in the near future.