---
- name: Install packages
  ansible.builtin.package:
    name: mosquitto
    state: installed

- name: Add mosquitto to hostkey group
  ansible.builtin.user:
    name: _mosquitto
    groups: hostkey
    append: true
  notify:
    - Restart mosquitto
    - Restart mosquitto-tls

- name: Create config directories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: "0750"
    owner: root
    group: _mosquitto
  with_items:
    - /etc/mosquitto/conf.d
    - /etc/mosquitto-tls
    - /etc/mosquitto-tls/conf.d

- name: Include extra configs
  ansible.builtin.lineinfile:
    path: /etc/mosquitto/mosquitto.conf
    line: include_dir /etc/mosquitto/conf.d
    regexp: "^#?include_dir( .*)?$"
  notify: Restart mosquitto

- name: Create custom config for plaintext server
  ansible.builtin.template:
    dest: /etc/mosquitto/conf.d/local.conf
    src: mosquitto.conf.j2
    mode: "0640"
    owner: root
    group: _mosquitto
  notify: Restart mosquitto

- name: Copy acl file for plaintext server
  ansible.builtin.copy:
    dest: /etc/mosquitto/acl.conf
    src: acl.conf
    mode: "0400"
    owner: _mosquitto
    group: _mosquitto
  notify: Restart mosquitto

- name: Copy passwd file for plaintext server
  ansible.builtin.copy:
    dest: /etc/mosquitto/passwd
    src: "{{ ansible_private }}/files/mosquitto/passwd"
    mode: "0400"
    owner: _mosquitto
    group: _mosquitto
  notify: Restart mosquitto

- name: Create default config for tls server
  ansible.builtin.command:
    argv:
      - sed
      - "s|^include_dir .*|include_dir /etc/mosquitto-tls/conf.d|"
      - /etc/mosquitto/mosquitto.conf
  changed_when: false
  register: result

- name: Write default config for tls server
  ansible.builtin.copy:
    dest: /etc/mosquitto-tls/mosquitto.conf
    content: "{{ result.stdout }}\n"
    mode: "0640"
    owner: root
    group: _mosquitto
    remote_src: true
  notify: Restart mosquitto-tls

- name: Create custom config for tls server
  ansible.builtin.template:
    dest: /etc/mosquitto-tls/conf.d/local.conf
    src: mosquitto-tls.conf.j2
    mode: "0640"
    owner: root
    group: _mosquitto
  notify: Restart mosquitto-tls

- name: Create acl file for tls server
  ansible.builtin.template:
    dest: /etc/mosquitto-tls/acl.conf
    src: acl-tls.conf.j2
    mode: "0400"
    owner: _mosquitto
    group: _mosquitto
  notify: Restart mosquitto-tls

- name: Create mosquitto-tls control script
  ansible.builtin.copy:
    dest: /etc/rc.d/mosquitto_tls
    src: mosquitto_tls.ksh
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart mosquitto-tls

- name: Enable services
  ansible.builtin.service:
    name: "{{ item }}"
    enabled: true
    state: started
  with_items:
    - mosquitto
    - mosquitto_tls