ansible-role-mosquitto/tasks/configure.yml

---
- name: Configure Mosquitto
  template:
    dest: /etc/mosquitto/conf.d/default.conf
    src: templates/default.conf.j2
    owner: mosquitto
    group: root
    mode: 0660
    backup: yes
  notify: Restart Mosquitto

# - name: Ensure Mosquitto doesn't allow anonymous access
#   ansible.builtin.lineinfile:
#     path: /etc/mosquitto/conf.d/default.conf
#     regexp: '^allow_anonymous '
#     line: 'allow_anonymous false'
#     owner: mosquitto
#     group: root
#     mode: 0660
#     create: yes
#     backup: yes
#   notify: Restart Mosquitto

# - name: Ensure Mosquitto log to standard output (journald)
#   ansible.builtin.lineinfile:
#     path: /etc/mosquitto/conf.d/default.conf
#     regexp: '^log_dest stdout'
#     line: 'log_dest stdout'
#     owner: mosquitto
#     group: root
#     mode: 0660
#     create: yes
#     backup: yes
#   notify: Restart Mosquitto

- name: Ensure password file for Mosquitto exists
  template:
    dest: "{{ mosquitto_config['password_file'] | default('/etc/mosquitto/passwd')}}"
    src: templates/mosquitto_passwd.j2
    owner: mosquitto
    group: root
    mode: 0660
    backup: yes
  notify: Restart Mosquitto

- name: Ensure PID file for Mosquitto exists
  file:
    path: "{{ mosquitto_config['pid_file'] | default('/var/run/mosquitto.pid')}}"
    state: touch
    owner: mosquitto
    mode: 0660

# - name: Ensure Mosquitto use password file
#   ansible.builtin.lineinfile:
#     path: /etc/mosquitto/conf.d/default.conf
#     regexp: '^password_file '
#     line: 'password_file  /etc/mosquitto/passwd'
#     owner: mosquitto
#     group: root
#     mode: 0660
#     create: yes
#     backup: yes
#   notify: Restart Mosquitto

- name: Ensure Mosquitto port is accessible
  ufw:
    rule: allow
    port: "{{ item.port }}"
  when:
    - open_ufw_to_mosquitto
    - item.port != 0
  loop: "{{ mosquitto_listeners }}"
Initial commit with previous code 2022-10-11 09:19:00 +02:00			`---`
add full configuration 2023-01-10 08:47:03 +01:00			`- name: Configure Mosquitto`
			`template:`
			`dest: /etc/mosquitto/conf.d/default.conf`
			`src: templates/default.conf.j2`
Initial commit with previous code 2022-10-11 09:19:00 +02:00			`owner: mosquitto`
			`group: root`
			`mode: 0660`
			`backup: yes`
			`notify: Restart Mosquitto`

add full configuration 2023-01-10 08:47:03 +01:00			`# - name: Ensure Mosquitto doesn't allow anonymous access`
			`# ansible.builtin.lineinfile:`
			`# path: /etc/mosquitto/conf.d/default.conf`
			`# regexp: '^allow_anonymous '`
			`# line: 'allow_anonymous false'`
			`# owner: mosquitto`
			`# group: root`
			`# mode: 0660`
			`# create: yes`
			`# backup: yes`
			`# notify: Restart Mosquitto`

			`# - name: Ensure Mosquitto log to standard output (journald)`
			`# ansible.builtin.lineinfile:`
			`# path: /etc/mosquitto/conf.d/default.conf`
			`# regexp: '^log_dest stdout'`
			`# line: 'log_dest stdout'`
			`# owner: mosquitto`
			`# group: root`
			`# mode: 0660`
			`# create: yes`
			`# backup: yes`
			`# notify: Restart Mosquitto`
Initial commit with previous code 2022-10-11 09:19:00 +02:00
			`- name: Ensure password file for Mosquitto exists`
			`template:`
add full configuration 2023-01-10 08:47:03 +01:00			`dest: "{{ mosquitto_config['password_file'] \| default('/etc/mosquitto/passwd')}}"`
Initial commit with previous code 2022-10-11 09:19:00 +02:00			`src: templates/mosquitto_passwd.j2`
			`owner: mosquitto`
			`group: root`
			`mode: 0660`
			`backup: yes`
			`notify: Restart Mosquitto`

add full configuration 2023-01-10 08:47:03 +01:00			`- name: Ensure PID file for Mosquitto exists`
			`file:`
			`path: "{{ mosquitto_config['pid_file'] \| default('/var/run/mosquitto.pid')}}"`
			`state: touch`
Initial commit with previous code 2022-10-11 09:19:00 +02:00			`owner: mosquitto`
			`mode: 0660`
add full configuration 2023-01-10 08:47:03 +01:00
			`# - name: Ensure Mosquitto use password file`
			`# ansible.builtin.lineinfile:`
			`# path: /etc/mosquitto/conf.d/default.conf`
			`# regexp: '^password_file '`
			`# line: 'password_file /etc/mosquitto/passwd'`
			`# owner: mosquitto`
			`# group: root`
			`# mode: 0660`
			`# create: yes`
			`# backup: yes`
			`# notify: Restart Mosquitto`
Initial commit with previous code 2022-10-11 09:19:00 +02:00
			`- name: Ensure Mosquitto port is accessible`
			`ufw:`
			`rule: allow`
add full configuration 2023-01-10 08:47:03 +01:00			`port: "{{ item.port }}"`
			`when:`
			`- open_ufw_to_mosquitto`
			`- item.port != 0`
			`loop: "{{ mosquitto_listeners }}"`