ansible-role-mosquitto/tasks/configure.yml

---
- name: Ensure Mosquitto doesn't allow anonymous access
  ansible.builtin.lineinfile:
    path: /etc/mosquitto/conf.d/default.conf
    regexp: '^allow_anonymous '
    line: 'allow_anonymous false'
    owner: mosquitto
    group: root
    mode: 0660
    create: yes
    backup: yes
  notify: Restart Mosquitto

- name: Ensure Mosquitto log to standard output (journald)
  ansible.builtin.lineinfile:
    path: /etc/mosquitto/conf.d/default.conf
    regexp: '^log_dest stdout'
    line: 'log_dest stdout'
    owner: mosquitto
    group: root
    mode: 0660
    create: yes
    backup: yes
  notify: Restart Mosquitto

- name: Ensure password file for Mosquitto exists
  template:
    dest: /etc/mosquitto/passwd
    src: templates/mosquitto_passwd.j2
    owner: mosquitto
    group: root
    mode: 0660
    backup: yes
  notify: Restart Mosquitto

- name: Ensure Mosquitto use password file
  ansible.builtin.lineinfile:
    path: /etc/mosquitto/conf.d/default.conf
    regexp: '^password_file '
    line: 'password_file  /etc/mosquitto/passwd'
    owner: mosquitto
    group: root
    mode: 0660
    create: yes
    backup: yes
  notify: Restart Mosquitto

- name: Ensure Mosquitto port is accessible
  ufw:
    rule: allow
    port: 1883
  when: open_ufw_to_mosquitto
Initial commit with previous code 2022-10-11 09:19:00 +02:00			`---`
			`- name: Ensure Mosquitto doesn't allow anonymous access`
			`ansible.builtin.lineinfile:`
			`path: /etc/mosquitto/conf.d/default.conf`
			`regexp: '^allow_anonymous '`
			`line: 'allow_anonymous false'`
			`owner: mosquitto`
			`group: root`
			`mode: 0660`
			`create: yes`
			`backup: yes`
			`notify: Restart Mosquitto`

			`- name: Ensure Mosquitto log to standard output (journald)`
			`ansible.builtin.lineinfile:`
			`path: /etc/mosquitto/conf.d/default.conf`
			`regexp: '^log_dest stdout'`
			`line: 'log_dest stdout'`
			`owner: mosquitto`
			`group: root`
			`mode: 0660`
			`create: yes`
			`backup: yes`
			`notify: Restart Mosquitto`

			`- name: Ensure password file for Mosquitto exists`
			`template:`
			`dest: /etc/mosquitto/passwd`
			`src: templates/mosquitto_passwd.j2`
			`owner: mosquitto`
			`group: root`
			`mode: 0660`
			`backup: yes`
			`notify: Restart Mosquitto`

			`- name: Ensure Mosquitto use password file`
			`ansible.builtin.lineinfile:`
			`path: /etc/mosquitto/conf.d/default.conf`
			`regexp: '^password_file '`
			`line: 'password_file /etc/mosquitto/passwd'`
			`owner: mosquitto`
			`group: root`
			`mode: 0660`
			`create: yes`
			`backup: yes`
			`notify: Restart Mosquitto`

			`- name: Ensure Mosquitto port is accessible`
			`ufw:`
			`rule: allow`
			`port: 1883`
			`when: open_ufw_to_mosquitto`