# use different settings for plaintext and tls listeners
per_listener_settings true

# listen to mqtt
listener 1883
protocol mqtt

acl_file /etc/mosquitto/acl.conf
password_file /etc/mosquitto/passwd
allow_anonymous false

# listen to mqtt over websockets
listener 8883
protocol mqtt

certfile {{ tls_certs }}/{{ inventory_hostname }}.crt
keyfile {{ tls_private }}/{{ inventory_hostname }}.key
cafile {{ tls_certs }}/ca.crt
tls_version tlsv1.3

acl_file /etc/mosquitto/acl-tls.conf
require_certificate true
use_identity_as_username true