require "base64"

resource_name :tor_service
provides :tor_service

property :name,       [String], name_property: true
property :hostname,   [String], required: true
property :public_key, [String], required: true # base64 encoded content of generated key file
property :secret_key, [String], required: true # base64 encoded content of generated key file
property :ports,      [Array],  required: true

default_action :create

action :create do
  name = new_resource.name
  ports = Array(new_resource.ports)
  service_dir = "#{node['tor']['DataDirectory']}/#{name}"
  user = "debian-tor"
  group = "debian-tor"

  node.normal['tor']['HiddenServices'][name]['HiddenServicePorts'] = ports

  directory service_dir do
    recursive true
    owner user
    group group
    mode '4700'
  end

  file "#{service_dir}/hostname" do
    content new_resource.hostname
    owner user
    group group
    mode '0600'
  end

  file "#{service_dir}/hs_ed25519_public_key" do
    content Base64.decode64(new_resource.public_key)
    owner user
    group group
    mode '0600'
    sensitive true
  end

  file "#{service_dir}/hs_ed25519_secret_key" do
    content Base64.decode64(new_resource.secret_key)
    owner user
    group group
    mode '0600'
    sensitive true
  end
end