52 lines
1.2 KiB
YAML
52 lines
1.2 KiB
YAML
---
|
|
- name: Ensure Mosquitto doesn't allow anonymous access
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/mosquitto/conf.d/default.conf
|
|
regexp: '^allow_anonymous '
|
|
line: 'allow_anonymous false'
|
|
owner: mosquitto
|
|
group: root
|
|
mode: 0660
|
|
create: yes
|
|
backup: yes
|
|
notify: Restart Mosquitto
|
|
|
|
- name: Ensure Mosquitto log to standard output (journald)
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/mosquitto/conf.d/default.conf
|
|
regexp: '^log_dest stdout'
|
|
line: 'log_dest stdout'
|
|
owner: mosquitto
|
|
group: root
|
|
mode: 0660
|
|
create: yes
|
|
backup: yes
|
|
notify: Restart Mosquitto
|
|
|
|
- name: Ensure password file for Mosquitto exists
|
|
template:
|
|
dest: /etc/mosquitto/passwd
|
|
src: templates/mosquitto_passwd.j2
|
|
owner: mosquitto
|
|
group: root
|
|
mode: 0660
|
|
backup: yes
|
|
notify: Restart Mosquitto
|
|
|
|
- name: Ensure Mosquitto use password file
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/mosquitto/conf.d/default.conf
|
|
regexp: '^password_file '
|
|
line: 'password_file /etc/mosquitto/passwd'
|
|
owner: mosquitto
|
|
group: root
|
|
mode: 0660
|
|
create: yes
|
|
backup: yes
|
|
notify: Restart Mosquitto
|
|
|
|
- name: Ensure Mosquitto port is accessible
|
|
ufw:
|
|
rule: allow
|
|
port: 1883
|
|
when: open_ufw_to_mosquitto
|