#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2024 by someone <someone@somenet.org>
#
---
- name: create service-dir for hidden service {{hs}}
  file:
    path: "/var/lib/tor/hidden_{{hs}}"
    state: directory
    recurse: yes
    mode: "u=rwX,go-rwx"
    owner: "debian-tor"
    group: "debian-tor"


- name: copy hidden service {{hs}} private key
  copy:
    src: "{{item}}"
    dest: "/var/lib/tor/hidden_{{hs}}/hs_ed25519_secret_key"
    mode: 0600
    owner: "debian-tor"
    group: "debian-tor"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/hs_ed25519_secret_key_{{hs}}"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/hs_ed25519_secret_key_{{hs}}"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/hs_ed25519_secret_key_{{hs}}"
    - "default/hs_ed25519_secret_key_{{hs}}"
  notify: restart tor.service
  ignore_errors: yes