- name: Déploiement des modules SELinux pour Centos
  copy:
    src: "{{ item }}-centos-8.2.pp"
    dest: /root/
    mode: 0644
  loop:
    - tor-bind-pop_port
    - tor-dac-capabilities
    - tor-set-capabilities
    - tor-bind-unreserved_port
  when: ansible_distribution == "CentOS" and ansible_distribution_major_version|int >= 8

- name: Déploiement des modules SELinux pour Fedora
  copy:
    src: "{{ item }}-fedora-32.pp"
    dest: /root/
    mode: 0644
  loop:
    - tor-bind-pop_port
    - tor-dac-capabilities
    - tor-set-capabilities
    - tor-bind-unreserved_port
  when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 32

- name: Vérification des modules
  shell: semodule -l | grep '{{ item }}'
  args:
    executable: /usr/bin/zsh
  loop:
    - tor-bind-pop_port
    - tor-dac-capabilities
    - tor-set-capabilities
    - tor-bind-unreserved_port
  register: semodulelist
  ignore_errors: yes
  when: ansible_selinux.status != "disabled"

- name: Installation des modules sur Centos
  command: semodule -i /root/'{{ item }}'-centos-8.2.pp
  loop:
    - tor-bind-pop_port
    - tor-dac-capabilities
    - tor-set-capabilities
    - tor-bind-unreserved_port
  when: semodulelist is failed and ansible_selinux.status != "disabled" and ansible_distribution == "CentOS"

- name: Installation des modules sur Fedora
  command: semodule -i /root/'{{ item }}'-fedora-32.pp
  loop:
    - tor-bind-pop_port
    - tor-dac-capabilities
    - tor-set-capabilities
    - tor-bind-unreserved_port
  when: semodulelist is failed and ansible_selinux.status != "disabled" and ansible_distribution == "Fedora"

- name: Activation du booleen SELinux
  seboolean:
    name: tor_can_network_relay
    state: yes
    persistent: yes
  ignore_errors: yes
  when: ansible_selinux.status != "disabled"

- name: Restauration des contextes SELinux pour hidden_services
  command: /sbin/restorecon -R /var/lib/tor/
  when: ansible_selinux.status != "disabled"