72 lines
1.8 KiB
YAML
72 lines
1.8 KiB
YAML
---
|
|
- name: Configure Mosquitto
|
|
template:
|
|
dest: /etc/mosquitto/conf.d/default.conf
|
|
src: templates/default.conf.j2
|
|
owner: mosquitto
|
|
group: root
|
|
mode: 0660
|
|
backup: yes
|
|
notify: Restart Mosquitto
|
|
|
|
# - name: Ensure Mosquitto doesn't allow anonymous access
|
|
# ansible.builtin.lineinfile:
|
|
# path: /etc/mosquitto/conf.d/default.conf
|
|
# regexp: '^allow_anonymous '
|
|
# line: 'allow_anonymous false'
|
|
# owner: mosquitto
|
|
# group: root
|
|
# mode: 0660
|
|
# create: yes
|
|
# backup: yes
|
|
# notify: Restart Mosquitto
|
|
|
|
# - name: Ensure Mosquitto log to standard output (journald)
|
|
# ansible.builtin.lineinfile:
|
|
# path: /etc/mosquitto/conf.d/default.conf
|
|
# regexp: '^log_dest stdout'
|
|
# line: 'log_dest stdout'
|
|
# owner: mosquitto
|
|
# group: root
|
|
# mode: 0660
|
|
# create: yes
|
|
# backup: yes
|
|
# notify: Restart Mosquitto
|
|
|
|
- name: Ensure password file for Mosquitto exists
|
|
template:
|
|
dest: "{{ mosquitto_config['password_file'] | default('/etc/mosquitto/passwd')}}"
|
|
src: templates/mosquitto_passwd.j2
|
|
owner: mosquitto
|
|
group: root
|
|
mode: 0660
|
|
backup: yes
|
|
notify: Restart Mosquitto
|
|
|
|
- name: Ensure PID file for Mosquitto exists
|
|
file:
|
|
path: "{{ mosquitto_config['pid_file'] | default('/var/run/mosquitto.pid')}}"
|
|
state: touch
|
|
owner: mosquitto
|
|
mode: 0660
|
|
|
|
# - name: Ensure Mosquitto use password file
|
|
# ansible.builtin.lineinfile:
|
|
# path: /etc/mosquitto/conf.d/default.conf
|
|
# regexp: '^password_file '
|
|
# line: 'password_file /etc/mosquitto/passwd'
|
|
# owner: mosquitto
|
|
# group: root
|
|
# mode: 0660
|
|
# create: yes
|
|
# backup: yes
|
|
# notify: Restart Mosquitto
|
|
|
|
- name: Ensure Mosquitto port is accessible
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ item.port }}"
|
|
when:
|
|
- open_ufw_to_mosquitto
|
|
- item.port != 0
|
|
loop: "{{ mosquitto_listeners }}"
|