Add password and TLS configuration for mosquitto
This commit is contained in:
parent
f447901d3c
commit
75dd07b5bc
7
roles/mosquitto/defaults/main.yml
Normal file
7
roles/mosquitto/defaults/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
mosquitto_user: admin
|
||||
mosquitto_password: use the password, Luke!
|
||||
|
||||
mosquitto_certfile: ""
|
||||
mosquitto_keyfile: ""
|
||||
mosquitto_cafile: ""
|
6
roles/mosquitto/handlers/main.yml
Normal file
6
roles/mosquitto/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: systemctl restart mosquitto
|
||||
systemd:
|
||||
name: mosquitto
|
||||
state: restarted
|
||||
become: true
|
|
@ -4,9 +4,32 @@
|
|||
name:
|
||||
- mosquitto
|
||||
- mosquitto-clients
|
||||
- python3-pexpect
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: create /etc/mosquitto/passwd with user "{{ mosquitto_user }}"
|
||||
expect:
|
||||
command: mosquitto_passwd -c /etc/mosquitto/passwd {{ mosquitto_user }}
|
||||
responses:
|
||||
(?i)password: "{{ mosquitto_password }}"
|
||||
|
||||
- name: ensure /etc/mosquitto/passwd has restrictive persmissions
|
||||
file:
|
||||
path: /etc/mosquitto/passwd
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0640
|
||||
|
||||
- name: set mosquitto config file
|
||||
template:
|
||||
src: etc/mosquitto/conf.d/default.conf.j2
|
||||
dest: /etc/mosquitto/conf.d/default.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0640
|
||||
notify: systemctl restart mosquitto
|
||||
|
||||
- name: ensure mosquitto is running
|
||||
systemd:
|
||||
state: started
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
allow_anonymous false
|
||||
password_file /etc/mosquitto/passwd
|
||||
|
||||
listener 1883
|
||||
|
||||
{% if mosquitto_certfile and mosquitto_keyfile and mosquitto_cafile %}
|
||||
listener 8883
|
||||
certfile {{ mosquitto_certfile }}
|
||||
keyfile {{ mosquitto_keyfile }}
|
||||
cafile {{ mosquitto_cafile }}
|
||||
{% endif %}
|
Loading…
Reference in a new issue