mosquitto: Initial version of role

2022-10-06 17:33:00 +00:00 · 2022-10-06 17:33:00 +00:00 · e7cc5866c8
commit e7cc5866c8
parent b61781bd94
3 changed files with 80 additions and 0 deletions
--- a/roles/mosquitto/handlers/main.yml
+++ b/roles/mosquitto/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: restart mosquitto
+  ansible.builtin.service:
+    name: mosquitto
+    state: restarted
--- a/roles/mosquitto/tasks/main.yml
+++ b/roles/mosquitto/tasks/main.yml
@ -0,0 +1,58 @@
+---
+- name: install packages
+  ansible.builtin.package:
+    name: mosquitto
+    state: installed
+
+- name: add mosquitto to hostkey group
+  ansible.builtin.user:
+    name: _mosquitto
+    groups: hostkey
+    append: true
+  notify: restart mosquitto
+
+- name: create include directory for config
+  ansible.builtin.file:
+    path: /etc/mosquitto/conf.d
+    state: directory
+    mode: 0750
+    owner: root
+    group: _mosquitto
+
+- name: include extra configs
+  ansible.builtin.lineinfile:
+    path: /etc/mosquitto/mosquitto.conf
+    line: include_dir /etc/mosquitto/conf.d
+    regexp: "^#?include_dir( .*)?$"
+  notify: restart mosquitto
+
+- name: create custom config
+  ansible.builtin.template:
+    dest: /etc/mosquitto/conf.d/local.conf
+    src: mosquitto.conf.j2
+    mode: 0640
+    owner: root
+    group: _mosquitto
+  notify: restart mosquitto
+
+- name: copy acl file
+  ansible.builtin.copy:
+    dest: /etc/mosquitto/acl.conf
+    src: "{{ ansible_private }}/files/mosquitto/acl.conf"
+    mode: 0640
+    owner: root
+    group: _mosquitto
+
+- name: copy passwd file
+  ansible.builtin.copy:
+    dest: /etc/mosquitto/passwd
+    src: "{{ ansible_private }}/files/mosquitto/acl.conf"
+    mode: 0640
+    owner: root
+    group: _mosquitto
+
+- name: enable service
+  ansible.builtin.service:
+    name: mosquitto
+    enabled: true
+    state: started
--- a/roles/mosquitto/templates/mosquitto.conf.j2
+++ b/roles/mosquitto/templates/mosquitto.conf.j2
@ -0,0 +1,17 @@
+# authentication
+acl_file /etc/mosquitto/acl.conf
+password_file /etc/mosquitto/passwd
+allow_anonymous false
+
+# listen to mqtt
+listener 1883
+protocol mqtt
+
+# listen to mqtt over websockets
+listener 8883
+protocol websockets
+
+# tls options
+certfile {{ tls_certs }}/{{ inventory_hostname }}.crt
+keyfile {{ tls_private }}/{{ inventory_hostname }}.key
+cafile {{ tls_certs }}/ca.crt