Initial commit with previous code
This commit is contained in:
commit
158474f948
6 changed files with 77 additions and 0 deletions
5
defaults/main.yml
Normal file
5
defaults/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
mosquitto_accounts:
|
||||||
|
- username: user
|
||||||
|
password_hash: '$6$abcde1234=='
|
||||||
|
open_ufw_to_mosquitto: no
|
||||||
5
handlers/main.yml
Normal file
5
handlers/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Restart Mosquitto
|
||||||
|
service:
|
||||||
|
name: mosquitto
|
||||||
|
state: restarted
|
||||||
52
tasks/configure.yml
Normal file
52
tasks/configure.yml
Normal file
|
|
@ -0,0 +1,52 @@
|
||||||
|
---
|
||||||
|
- name: Ensure Mosquitto doesn't allow anonymous access
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/mosquitto/conf.d/default.conf
|
||||||
|
regexp: '^allow_anonymous '
|
||||||
|
line: 'allow_anonymous false'
|
||||||
|
owner: mosquitto
|
||||||
|
group: root
|
||||||
|
mode: 0660
|
||||||
|
create: yes
|
||||||
|
backup: yes
|
||||||
|
notify: Restart Mosquitto
|
||||||
|
|
||||||
|
- name: Ensure Mosquitto log to standard output (journald)
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/mosquitto/conf.d/default.conf
|
||||||
|
regexp: '^log_dest stdout'
|
||||||
|
line: 'log_dest stdout'
|
||||||
|
owner: mosquitto
|
||||||
|
group: root
|
||||||
|
mode: 0660
|
||||||
|
create: yes
|
||||||
|
backup: yes
|
||||||
|
notify: Restart Mosquitto
|
||||||
|
|
||||||
|
- name: Ensure password file for Mosquitto exists
|
||||||
|
template:
|
||||||
|
dest: /etc/mosquitto/passwd
|
||||||
|
src: templates/mosquitto_passwd.j2
|
||||||
|
owner: mosquitto
|
||||||
|
group: root
|
||||||
|
mode: 0660
|
||||||
|
backup: yes
|
||||||
|
notify: Restart Mosquitto
|
||||||
|
|
||||||
|
- name: Ensure Mosquitto use password file
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/mosquitto/conf.d/default.conf
|
||||||
|
regexp: '^password_file '
|
||||||
|
line: 'password_file /etc/mosquitto/passwd'
|
||||||
|
owner: mosquitto
|
||||||
|
group: root
|
||||||
|
mode: 0660
|
||||||
|
create: yes
|
||||||
|
backup: yes
|
||||||
|
notify: Restart Mosquitto
|
||||||
|
|
||||||
|
- name: Ensure Mosquitto port is accessible
|
||||||
|
ufw:
|
||||||
|
rule: allow
|
||||||
|
port: 1883
|
||||||
|
when: open_ufw_to_mosquitto
|
||||||
6
tasks/install.yml
Normal file
6
tasks/install.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Ensure Mosquitto is installed
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- mosquitto
|
||||||
|
- mosquitto-clients
|
||||||
5
tasks/main.yml
Normal file
5
tasks/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Ensure installation
|
||||||
|
include_tasks: install.yml
|
||||||
|
- name: Ensure configuration
|
||||||
|
include_tasks: configure.yml
|
||||||
4
templates/mosquitto_passwd.j2
Normal file
4
templates/mosquitto_passwd.j2
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
{% for user in mosquitto_accounts %}
|
||||||
|
{{ user.username }}:{{ user.password_hash }}
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
Loading…
Reference in a new issue