- block:
    - name: Create service configuration directory for {{ service_user_name }}
      file:
        path: "{{ service_home }}/.config/{{ service_user_name }}"
        state: directory
        mode: 0755

    - name: Synchronise service configuration
      copy:
        src: "./filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/"
        dest: "{{ service_home }}/.config/{{ service_user_name }}"
        directory_mode: 0755
        mode: 0644
      register: rproxy_synchronise

    - name: Generate Diffie Hellman ephemeral parameters
      command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096
      args:
        creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem"
      register: dhparam

    - name: Create the .ssh directory for {{ service_user_name }}
      file:
        path: "{{ service_home }}/.ssh"
        state: directory
        mode: 0700

    - name: Generate SSH keypair for rsync
      openssh_keypair:
        path: "{{ service_home }}/.ssh/valkyrie-pod-rproxy"
        type: ed25519
      register: rsync_keypair

    - name: Configure public key on valkyrie
      delegate_to: valkyrie
      become_user: pod-rproxy
      authorized_key:
        user: pod-rproxy
        state: present
        key: "{{ rsync_keypair.public_key }}"
        key_options: command="rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/",from="{{ vpn_wg0_address}}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding

    - name: Record changes
      set_fact:
        service_changed: true
      when:
        rproxy_synchronise is changed or
        dhparam is changed

  become_user: "{{ service_user_name }}"