--- - name: Ensure tor is installed apt: name: tor state: present default_release: "{{ ansible_distribution_release }}-backports" - name: Ensure torrc.d directory is present file: path: /etc/tor/torrc.d/ state: directory owner: root group: root mode: 0755 - name: Include custom apparmor profile copy: src: local_system_tor_apparmor dest: /etc/apparmor.d/local/system_tor owner: root group: root mode: 0644 force: yes register: apparmor_profile - name: Ensure apparmor reads the latest config systemd: name: apparmor.service state: reloaded when: apparmor_profile is defined and apparmor_profile.changed - name: Ensure include directive is present in torrc lineinfile: path: /etc/tor/torrc insertafter: EOF line: "%include /etc/tor/torrc.d/*.conf" - name: Add hidden services to torrc template: src: hidden_services.conf.j2 dest: /etc/tor/torrc.d/hidden_services.conf owner: root group: root mode: 0644 register: config - name: Ensure tor service is enabled and restarted systemd: name: tor.service state: restarted enabled: yes when: config is defined and config.changed - name: Ensure tor@.service override directory is present file: state: directory path: /etc/systemd/system/tor@.service.d/ mode: 0700 owner: root group: root - name: Ensure tor@default unit is properly overloaded copy: src: tor_unit_override.conf dest: /etc/systemd/system/tor@.service.d/override.conf mode: 0600 owner: root group: root register: override - name: Ensure tor@default.service is enabled and restarted systemd: name: tor@default.service state: restarted daemon_reload: yes enabled: yes when: override is defined and override.changed - name: Register each hidden service onion address shell: "cat /var/lib/tor/{{ item.name }}/hostname" loop: "{{ tor_node_services }}" register: hostnames - name: Display hostnames debug: msg: "{{ dict(hostnames.results | map(attribute='item') | map(attribute='name') | zip(hostnames.results | map(attribute='stdout'))) }}"