diff --git a/roles/frigate/tasks/main.yml b/roles/frigate/tasks/main.yml
index a52e7d2..bc539d7 100644
--- a/roles/frigate/tasks/main.yml
+++ b/roles/frigate/tasks/main.yml
@@ -33,6 +33,16 @@
     group: "{{ ansible_wheel }}"
   notify: Reload udev rules
 
+- name: Copy host key
+  ansible.builtin.copy:
+    dest: "{{ tls_private }}/frigate.key"
+    src: "{{ tls_private }}/{{ inventory_hostname }}.key"
+    mode: "0640"
+    owner: root
+    group: frigate
+    remote_src: true
+  notify: Restart frigate
+
 - name: Create config
   ansible.builtin.template:
     dest: /etc/frigate.yml
diff --git a/roles/frigate/templates/frigate-container.service.j2 b/roles/frigate/templates/frigate-container.service.j2
index 3d5a507..8766bb6 100644
--- a/roles/frigate/templates/frigate-container.service.j2
+++ b/roles/frigate/templates/frigate-container.service.j2
@@ -9,6 +9,9 @@ EnvironmentFile=/etc/sysconfig/frigate-container
 ExecStart=/usr/bin/podman run \
     --rm -p 127.0.0.1:8007:5000 \
     --name frigate \
+    --volume {{ tls_certs }}/ca.crt:/etc/ssl/certs/ca.crt:ro \
+    --volume {{ tls_certs }}/{{ inventory_hostname }}.crt:/etc/ssl/certs/{{ inventory_hostname }}.crt:ro \
+    --volume {{ tls_private }}/frigate.key:/etc/ssl/private/{{ inventory_hostname }}.key:ro \
     --volume /srv/frigate/config:/config:rw \
     --volume /etc/frigate.yml:/config/config.yml:ro \
     --volume /srv/frigate/media:/media/frigate:rw \
diff --git a/roles/frigate/templates/frigate.yml.j2 b/roles/frigate/templates/frigate.yml.j2
index 7f98235..b1045d6 100644
--- a/roles/frigate/templates/frigate.yml.j2
+++ b/roles/frigate/templates/frigate.yml.j2
@@ -1,6 +1,13 @@
 ---
 mqtt:
-  enabled: false
+  enabled: true
+  host: mqtt02.home.foo.sh
+  port: 8883
+  topic_prefix: frigate/{{ inventory_hostname }}
+  client_id: {{ inventory_hostname }}
+  tls_ca_certs: /etc/ssl/certs/ca.crt
+  tls_client_cert: /etc/ssl/certs/{{ inventory_hostname }}.crt
+  tls_client_key: /etc/ssl/private/{{ inventory_hostname }}.key
 
 detectors:
   coral: