Initial commit with previous code

2022-10-11 10:19:00 +03:00 · 2022-10-11 10:19:00 +03:00 · 158474f948
commit 158474f948
6 changed files with 77 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,5 @@
+---
+mosquitto_accounts:
+  - username: user
+    password_hash: '$6$abcde1234=='
+open_ufw_to_mosquitto: no
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: Restart Mosquitto
+  service:
+    name: mosquitto
+    state: restarted
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -0,0 +1,52 @@
+---
+- name: Ensure Mosquitto doesn't allow anonymous access
+  ansible.builtin.lineinfile:
+    path: /etc/mosquitto/conf.d/default.conf
+    regexp: '^allow_anonymous '
+    line: 'allow_anonymous false'
+    owner: mosquitto
+    group: root
+    mode: 0660
+    create: yes
+    backup: yes
+  notify: Restart Mosquitto
+
+- name: Ensure Mosquitto log to standard output (journald)
+  ansible.builtin.lineinfile:
+    path: /etc/mosquitto/conf.d/default.conf
+    regexp: '^log_dest stdout'
+    line: 'log_dest stdout'
+    owner: mosquitto
+    group: root
+    mode: 0660
+    create: yes
+    backup: yes
+  notify: Restart Mosquitto
+
+- name: Ensure password file for Mosquitto exists
+  template:
+    dest: /etc/mosquitto/passwd
+    src: templates/mosquitto_passwd.j2
+    owner: mosquitto
+    group: root
+    mode: 0660
+    backup: yes
+  notify: Restart Mosquitto
+
+- name: Ensure Mosquitto use password file
+  ansible.builtin.lineinfile:
+    path: /etc/mosquitto/conf.d/default.conf
+    regexp: '^password_file '
+    line: 'password_file  /etc/mosquitto/passwd'
+    owner: mosquitto
+    group: root
+    mode: 0660
+    create: yes
+    backup: yes
+  notify: Restart Mosquitto
+
+- name: Ensure Mosquitto port is accessible
+  ufw:
+    rule: allow
+    port: 1883
+  when: open_ufw_to_mosquitto
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -0,0 +1,6 @@
+---
+- name: Ensure Mosquitto is installed
+  package:
+    name:
+      - mosquitto
+      - mosquitto-clients
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,5 @@
+---
+- name: Ensure installation
+  include_tasks: install.yml
+- name: Ensure configuration
+  include_tasks: configure.yml
--- a/templates/mosquitto_passwd.j2
+++ b/templates/mosquitto_passwd.j2
@ -0,0 +1,4 @@
+{% for user in mosquitto_accounts %}
+{{ user.username }}:{{ user.password_hash }}
+
+{% endfor %}