- name: Install tor
  apt:
    name: tor
    update_cache: yes

- name: Set torrc file
  template:
    src: torrc.j2
    dest: /etc/tor/torrc

- name: Forward IPv4 TCP traffic to TOR
  become: yes
  iptables:
    ip_version: ipv4
    table: nat
    chain: PREROUTING
    in_interface: "{{ vm_net_interface_name }}"
    ctstate: NEW
    protocol: tcp
    jump: REDIRECT
    to_ports: "{{ tor_trans_port }}"
  notify: persist iptables

- name: Forward IPv6 TCP traffic to TOR
  become: yes
  iptables:
    ip_version: ipv6
    table: nat
    chain: PREROUTING
    in_interface: "{{ vm_net_interface_name }}"
    ctstate: NEW
    protocol: tcp
    jump: REDIRECT
    to_ports: "{{ tor_trans_port }}"
  notify: persist iptables

- name: Forward IPv4 DNS traffic to TOR
  become: yes
  iptables:
    ip_version: ipv4
    table: nat
    chain: PREROUTING
    in_interface: "{{ vm_net_interface_name }}"
    protocol: udp
    jump: REDIRECT
    to_ports: "{{ tor_dns_port }}"
  notify: persist iptables

- name: Forward IPv6 DNS traffic to TOR
  become: yes
  iptables:
    ip_version: ipv6
    table: nat
    chain: PREROUTING
    in_interface: "{{ vm_net_interface_name }}"
    protocol: udp
    jump: REDIRECT
    to_ports: "{{ tor_dns_port }}"
  notify: persist iptables

- name: Ensure log file exists
  file:
    path: "{{ tor_logfile_path }}"
    state: touch
    owner: debian-tor
    mode: 0644

- name: Start and enable tor service
  service:
    name: tor
    state: started
    enabled: yes
    daemon_reload: yes