Use mosquitto_become and mosquitto_become_user

roles/mosquitto/tasks/main.yml

@@ -1,36 +1,41 @@
 ---
-- name: install mosquitto
+- block:
-  apt:
-    name:
-      - mosquitto
-      - mosquitto-clients
-      - python3-pexpect
-    update_cache: true
-    cache_valid_time: 3600
 
-- name: create /etc/mosquitto/passwd with user "{{ mosquitto_user }}"
+  - name: install mosquitto
-  expect:
+    apt:
-    command: mosquitto_passwd -c /etc/mosquitto/passwd {{ mosquitto_user }}
+      name:
-    responses:
+        - mosquitto
-      (?i)password: "{{ mosquitto_password }}"
+        - mosquitto-clients
+        - python3-pexpect
+      update_cache: true
+      cache_valid_time: 3600
 
-- name: ensure /etc/mosquitto/passwd has restrictive persmissions
+  - name: create /etc/mosquitto/passwd with user "{{ mosquitto_user }}"
-  file:
+    expect:
-    path: /etc/mosquitto/passwd
+      command: mosquitto_passwd -c /etc/mosquitto/passwd {{ mosquitto_user }}
-    owner: root
+      responses:
-    group: root
+        (?i)password: "{{ mosquitto_password }}"
-    mode: 0640
 
-- name: set mosquitto config file
+  - name: ensure /etc/mosquitto/passwd has restrictive persmissions
-  template:
+    file:
-    src: etc/mosquitto/conf.d/default.conf.j2
+      path: /etc/mosquitto/passwd
-    dest: /etc/mosquitto/conf.d/default.conf
+      owner: root
-    owner: root
+      group: root
-    group: root
+      mode: 0640
-    mode: 0640
-  notify: systemctl restart mosquitto
 
-- name: ensure mosquitto is running
+  - name: set mosquitto config file
-  systemd:
+    template:
-    state: started
+      src: etc/mosquitto/conf.d/default.conf.j2
-    name: mosquitto
+      dest: /etc/mosquitto/conf.d/default.conf
+      owner: root
+      group: root
+      mode: 0640
+    notify: systemctl restart mosquitto
+
+  - name: ensure mosquitto is running
+    systemd:
+      state: started
+      name: mosquitto
+
+  become: "{{ mosquitto_become }}"
+  become_user: "{{ mosquitto_become_user }}"