From e7cc5866c88a93b2a7c4a45c68263673604da28d Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 6 Oct 2022 17:33:00 +0000
Subject: [PATCH] mosquitto: Initial version of role

---
 roles/mosquitto/handlers/main.yml           |  5 ++
 roles/mosquitto/tasks/main.yml              | 58 +++++++++++++++++++++
 roles/mosquitto/templates/mosquitto.conf.j2 | 17 ++++++
 3 files changed, 80 insertions(+)
 create mode 100644 roles/mosquitto/handlers/main.yml
 create mode 100644 roles/mosquitto/tasks/main.yml
 create mode 100644 roles/mosquitto/templates/mosquitto.conf.j2

diff --git a/roles/mosquitto/handlers/main.yml b/roles/mosquitto/handlers/main.yml
new file mode 100644
index 0000000..4a4e5b9
--- /dev/null
+++ b/roles/mosquitto/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart mosquitto
+  ansible.builtin.service:
+    name: mosquitto
+    state: restarted
diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml
new file mode 100644
index 0000000..c99a592
--- /dev/null
+++ b/roles/mosquitto/tasks/main.yml
@@ -0,0 +1,58 @@
+---
+- name: install packages
+  ansible.builtin.package:
+    name: mosquitto
+    state: installed
+
+- name: add mosquitto to hostkey group
+  ansible.builtin.user:
+    name: _mosquitto
+    groups: hostkey
+    append: true
+  notify: restart mosquitto
+
+- name: create include directory for config
+  ansible.builtin.file:
+    path: /etc/mosquitto/conf.d
+    state: directory
+    mode: 0750
+    owner: root
+    group: _mosquitto
+
+- name: include extra configs
+  ansible.builtin.lineinfile:
+    path: /etc/mosquitto/mosquitto.conf
+    line: include_dir /etc/mosquitto/conf.d
+    regexp: "^#?include_dir( .*)?$"
+  notify: restart mosquitto
+
+- name: create custom config
+  ansible.builtin.template:
+    dest: /etc/mosquitto/conf.d/local.conf
+    src: mosquitto.conf.j2
+    mode: 0640
+    owner: root
+    group: _mosquitto
+  notify: restart mosquitto
+
+- name: copy acl file
+  ansible.builtin.copy:
+    dest: /etc/mosquitto/acl.conf
+    src: "{{ ansible_private }}/files/mosquitto/acl.conf"
+    mode: 0640
+    owner: root
+    group: _mosquitto
+
+- name: copy passwd file
+  ansible.builtin.copy:
+    dest: /etc/mosquitto/passwd
+    src: "{{ ansible_private }}/files/mosquitto/acl.conf"
+    mode: 0640
+    owner: root
+    group: _mosquitto
+
+- name: enable service
+  ansible.builtin.service:
+    name: mosquitto
+    enabled: true
+    state: started
diff --git a/roles/mosquitto/templates/mosquitto.conf.j2 b/roles/mosquitto/templates/mosquitto.conf.j2
new file mode 100644
index 0000000..f0bc82a
--- /dev/null
+++ b/roles/mosquitto/templates/mosquitto.conf.j2
@@ -0,0 +1,17 @@
+# authentication
+acl_file /etc/mosquitto/acl.conf
+password_file /etc/mosquitto/passwd
+allow_anonymous false
+
+# listen to mqtt
+listener 1883
+protocol mqtt
+
+# listen to mqtt over websockets
+listener 8883
+protocol websockets
+
+# tls options
+certfile {{ tls_certs }}/{{ inventory_hostname }}.crt
+keyfile {{ tls_private }}/{{ inventory_hostname }}.key
+cafile {{ tls_certs }}/ca.crt