115 lines
2.7 KiB
YAML
115 lines
2.7 KiB
YAML
---
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: mosquitto
|
|
state: installed
|
|
|
|
- name: Add mosquitto to hostkey group
|
|
ansible.builtin.user:
|
|
name: _mosquitto
|
|
groups: hostkey
|
|
append: true
|
|
notify:
|
|
- Restart mosquitto
|
|
- Restart mosquitto-tls
|
|
|
|
- name: Create config directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: "0750"
|
|
owner: root
|
|
group: _mosquitto
|
|
with_items:
|
|
- /etc/mosquitto/conf.d
|
|
- /etc/mosquitto-tls
|
|
- /etc/mosquitto-tls/conf.d
|
|
|
|
- name: Include extra configs
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/mosquitto/mosquitto.conf
|
|
line: include_dir /etc/mosquitto/conf.d
|
|
regexp: "^#?include_dir( .*)?$"
|
|
notify: Restart mosquitto
|
|
|
|
- name: Create custom config for plaintext server
|
|
ansible.builtin.template:
|
|
dest: /etc/mosquitto/conf.d/local.conf
|
|
src: mosquitto.conf.j2
|
|
mode: "0640"
|
|
owner: root
|
|
group: _mosquitto
|
|
notify: Restart mosquitto
|
|
|
|
- name: Copy acl file for plaintext server
|
|
ansible.builtin.copy:
|
|
dest: /etc/mosquitto/acl.conf
|
|
src: acl.conf
|
|
mode: "0400"
|
|
owner: _mosquitto
|
|
group: _mosquitto
|
|
notify: Restart mosquitto
|
|
|
|
- name: Copy passwd file for plaintext server
|
|
ansible.builtin.copy:
|
|
dest: /etc/mosquitto/passwd
|
|
src: "{{ ansible_private }}/files/mosquitto/passwd"
|
|
mode: "0400"
|
|
owner: _mosquitto
|
|
group: _mosquitto
|
|
notify: Restart mosquitto
|
|
|
|
- name: Create default config for tls server
|
|
ansible.builtin.command:
|
|
argv:
|
|
- sed
|
|
- "s|^include_dir .*|include_dir /etc/mosquitto-tls/conf.d|"
|
|
- /etc/mosquitto/mosquitto.conf
|
|
changed_when: false
|
|
register: result
|
|
|
|
- name: Write default config for tls server
|
|
ansible.builtin.copy:
|
|
dest: /etc/mosquitto-tls/mosquitto.conf
|
|
content: "{{ result.stdout }}\n"
|
|
mode: "0640"
|
|
owner: root
|
|
group: _mosquitto
|
|
remote_src: true
|
|
notify: Restart mosquitto-tls
|
|
|
|
- name: Create custom config for tls server
|
|
ansible.builtin.template:
|
|
dest: /etc/mosquitto-tls/conf.d/local.conf
|
|
src: mosquitto-tls.conf.j2
|
|
mode: "0640"
|
|
owner: root
|
|
group: _mosquitto
|
|
notify: Restart mosquitto-tls
|
|
|
|
- name: Create acl file for tls server
|
|
ansible.builtin.template:
|
|
dest: /etc/mosquitto-tls/acl.conf
|
|
src: acl-tls.conf.j2
|
|
mode: "0400"
|
|
owner: _mosquitto
|
|
group: _mosquitto
|
|
notify: Restart mosquitto-tls
|
|
|
|
- name: Create mosquitto-tls control script
|
|
ansible.builtin.copy:
|
|
dest: /etc/rc.d/mosquitto_tls
|
|
src: mosquitto_tls.ksh
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: Restart mosquitto-tls
|
|
|
|
- name: Enable services
|
|
ansible.builtin.service:
|
|
name: "{{ item }}"
|
|
enabled: true
|
|
state: started
|
|
with_items:
|
|
- mosquitto
|
|
- mosquitto_tls
|