Refactor tor usage, set up new tor proxy on draco

site-cookbooks/kosmos-base/recipes/tor_services.rb

@@ -0,0 +1,13 @@
+#
+# Cookbook Name:: kosmos-base
+# Recipe:: tor_services
+#
+
+tor_services = data_bag_item('credentials', 'tor')['services']
+
+tor_service "web" do
+  hostname   tor_services['web']['hostname']
+  public_key tor_services['web']['public_key']
+  secret_key tor_services['web']['secret_key']
+  ports      ['80 127.0.0.1:80', '443 127.0.0.1:443']
+end

site-cookbooks/kosmos-base/resources/tor_service.rb

@@ -0,0 +1,52 @@
+require "base64"
+
+resource_name :tor_service
+provides :tor_service
+
+property :name,       [String], name_property: true
+property :hostname,   [String], required: true
+property :public_key, [String], required: true
+property :secret_key, [String], required: true
+property :ports,      [Array],  required: true
+
+default_action :create
+
+action :create do
+  name = new_resource.name
+  ports = Array(new_resource.ports)
+  service_dir = "#{node['tor']['DataDirectory']}/#{name}"
+  user = "debian-tor"
+  group = "debian-tor"
+
+  node.normal['tor']['HiddenServices'][name]['HiddenServicePorts'] = ports
+
+  directory service_dir do
+    recursive true
+    owner user
+    group group
+    mode '4700'
+  end
+
+  file "#{service_dir}/hostname" do
+    content new_resource.hostname
+    owner user
+    group group
+    mode '0600'
+  end
+
+  file "#{service_dir}/hs_ed25519_public_key" do
+    content Base64.decode64(new_resource.public_key)
+    owner user
+    group group
+    mode '0600'
+    sensitive true
+  end
+
+  file "#{service_dir}/hs_ed25519_secret_key" do
+    content Base64.decode64(new_resource.secret_key)
+    owner user
+    group group
+    mode '0600'
+    sensitive true
+  end
+end