diff --git a/roles/mosquitto/files/acl-tls.conf b/roles/mosquitto/files/acl-tls.conf
new file mode 100644
index 0000000..b41e9b2
--- /dev/null
+++ b/roles/mosquitto/files/acl-tls.conf
@@ -0,0 +1,4 @@
+pattern read #
+
+user frigate*.home.foo.sh
+pattern readwrite frigate/%u/#
diff --git a/roles/mosquitto/files/acl.conf b/roles/mosquitto/files/acl.conf
new file mode 100644
index 0000000..5bb8e0a
--- /dev/null
+++ b/roles/mosquitto/files/acl.conf
@@ -0,0 +1,4 @@
+topic deny #
+
+user shellyplug-s-*
+pattern write shellies/%u/#
diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml
index 6343432..a4bbc4f 100644
--- a/roles/mosquitto/tasks/main.yml
+++ b/roles/mosquitto/tasks/main.yml
@@ -38,7 +38,7 @@
 - name: Copy acl file for plaintext server
   ansible.builtin.copy:
     dest: /etc/mosquitto/acl.conf
-    src: "{{ ansible_private }}/files/mosquitto/acl.conf"
+    src: acl.conf
     mode: "0400"
     owner: _mosquitto
     group: _mosquitto
@@ -47,7 +47,7 @@
 - name: Copy acl file for tls server
   ansible.builtin.copy:
     dest: /etc/mosquitto/acl-tls.conf
-    src: "{{ ansible_private }}/files/mosquitto/acl-tls.conf"
+    src: acl-tls.conf
     mode: "0400"
     owner: _mosquitto
     group: _mosquitto