Yesterday we set up a new Tor server. I’ve done my part to ensure that researchers can anonymously retrieve supplemental material for the papers that they review.
The tricky bit is setting up a system with encrypted root when the machine is collocated in Germany. Testing your procedure on a local machine first is invaluable. During boot the machine brings up the network and uses socat to open an TLS socket. Then, using a client such as openssl on my laptop, I connect to the server, verify the server certificate, and send the required password to decrypt the root partition. The boot process then continues normally.