add full configuration

defaults/main.yml

@@ -3,3 +3,12 @@ mosquitto_accounts:
   - username: user
     password_hash: '$6$abcde1234=='
 open_ufw_to_mosquitto: no
+mosquitto_config:
+  allow_anonymous: false
+  password_file:  /etc/mosquitto/passwd
+  log_dest: stdout
+  pid_file: /var/run/mosquitto/mosquitto.pid
+mosquitto_listeners:
+  - port: 1883
+    address: localhost
+

tasks/configure.yml

@@ -1,31 +1,41 @@
 ---
-- name: Ensure Mosquitto doesn't allow anonymous access
+- name: Configure Mosquitto
-  ansible.builtin.lineinfile:
+  template:
-    path: /etc/mosquitto/conf.d/default.conf
+    dest: /etc/mosquitto/conf.d/default.conf
-    regexp: '^allow_anonymous '
+    src: templates/default.conf.j2
-    line: 'allow_anonymous false'
     owner: mosquitto
     group: root
     mode: 0660
-    create: yes
     backup: yes
   notify: Restart Mosquitto
 
-- name: Ensure Mosquitto log to standard output (journald)
+# - name: Ensure Mosquitto doesn't allow anonymous access
-  ansible.builtin.lineinfile:
+#   ansible.builtin.lineinfile:
-    path: /etc/mosquitto/conf.d/default.conf
+#     path: /etc/mosquitto/conf.d/default.conf
-    regexp: '^log_dest stdout'
+#     regexp: '^allow_anonymous '
-    line: 'log_dest stdout'
+#     line: 'allow_anonymous false'
-    owner: mosquitto
+#     owner: mosquitto
-    group: root
+#     group: root
-    mode: 0660
+#     mode: 0660
-    create: yes
+#     create: yes
-    backup: yes
+#     backup: yes
-  notify: Restart Mosquitto
+#   notify: Restart Mosquitto
+
+# - name: Ensure Mosquitto log to standard output (journald)
+#   ansible.builtin.lineinfile:
+#     path: /etc/mosquitto/conf.d/default.conf
+#     regexp: '^log_dest stdout'
+#     line: 'log_dest stdout'
+#     owner: mosquitto
+#     group: root
+#     mode: 0660
+#     create: yes
+#     backup: yes
+#   notify: Restart Mosquitto
 
 - name: Ensure password file for Mosquitto exists
   template:
-    dest: /etc/mosquitto/passwd
+    dest: "{{ mosquitto_config['password_file'] | default('/etc/mosquitto/passwd')}}"
     src: templates/mosquitto_passwd.j2
     owner: mosquitto
     group: root
@@ -33,20 +43,30 @@
     backup: yes
   notify: Restart Mosquitto
 
-- name: Ensure Mosquitto use password file
+- name: Ensure PID file for Mosquitto exists
-  ansible.builtin.lineinfile:
+  file:
-    path: /etc/mosquitto/conf.d/default.conf
+    path: "{{ mosquitto_config['pid_file'] | default('/var/run/mosquitto.pid')}}"
-    regexp: '^password_file '
+    state: touch
-    line: 'password_file  /etc/mosquitto/passwd'
     owner: mosquitto
-    group: root
     mode: 0660
-    create: yes
+
-    backup: yes
+# - name: Ensure Mosquitto use password file
-  notify: Restart Mosquitto
+#   ansible.builtin.lineinfile:
+#     path: /etc/mosquitto/conf.d/default.conf
+#     regexp: '^password_file '
+#     line: 'password_file  /etc/mosquitto/passwd'
+#     owner: mosquitto
+#     group: root
+#     mode: 0660
+#     create: yes
+#     backup: yes
+#   notify: Restart Mosquitto
 
 - name: Ensure Mosquitto port is accessible
   ufw:
     rule: allow
-    port: 1883
+    port: "{{ item.port }}"
-  when: open_ufw_to_mosquitto
+  when:
+    - open_ufw_to_mosquitto
+    - item.port != 0
+  loop: "{{ mosquitto_listeners }}"

templates/default.conf.j2

@@ -0,0 +1,7 @@
+{{% for key, value in mosquitto_config.items() %}}
+{{ key }} {{ value }}
+{{% endfor %}}
+
+{{% for listener in mosquitto_listeners %}}
+listener {{ listener.port }} {{ listener.address }}
+{{% endfor %}}