mosquitto: Configure TLS listener authorization

2024-12-23 09:47:01 +00:00 · 2024-12-23 09:47:01 +00:00 · aa4b46465c
commit aa4b46465c
parent 0adad8fa18
2 changed files with 20 additions and 6 deletions
--- a/roles/mosquitto/tasks/main.yml
+++ b/roles/mosquitto/tasks/main.yml
@ -35,7 +35,7 @@
    group: _mosquitto
  notify: Restart mosquitto

- name: Copy acl file
+- name: Copy acl file for plaintext server
  ansible.builtin.copy:
    dest: /etc/mosquitto/acl.conf
    src: "{{ ansible_private }}/files/mosquitto/acl.conf"
@ -44,6 +44,15 @@
    group: _mosquitto
  notify: Restart mosquitto

+- name: Copy acl file for tls server
+  ansible.builtin.copy:
+    dest: /etc/mosquitto/acl-tls.conf
+    src: "{{ ansible_private }}/files/mosquitto/acl-tls.conf"
+    mode: "0400"
+    owner: _mosquitto
+    group: _mosquitto
+  notify: Restart mosquitto
+
 - name: Copy passwd file
  ansible.builtin.copy:
    dest: /etc/mosquitto/passwd