diff --git a/defaults/main.yml b/defaults/main.yml
index a83bfd9..72aa208 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -15,27 +15,31 @@ mosquitto_iptables_enabled: False
 
 mosquitto_password_auth_enabled: False
 mosquitto_password_auth_file: "{{ mosquitto_base_dir }}/passwd"
-# mosquitto_password_auth_users: (defaults to not set)
-#   - admin:
-#       password: mysecret
-#       state: present
-#   - user1:
-#       password: very_secure
-#       state: absent
+mosquitto_password_auth_users: []
+## Example:
+# mosquitto_password_auth_users:
+#   - name: admin
+#     password: mysecret
+#     state: present
+#   - name: user1
+#     password: very_secure
+#     state: absent
 
 mosquitto_acl_enabled: False
 mosquitto_acl_file: "{{ mosquitto_base_dir }}/aclfile"
-# mosquitto_acl: (defaults to not set)
-#   - iot:
-#       user: admin
-#       acl_base: topic # (topic|pattern, defaults to topic)
-#       acl_topic: "#"
-#       acl_policy: readwrite
-#   - readonly_iot:
-#       user: user1
-#       acl_base: topic
-#       acl_topic: my/devices
-#       acl_policy: readwrite
+mosquitto_acl: []
+## Example:
+# mosquitto_acl:
+#   - name: iot
+#     user: admin
+#     acl_base: topic # (topic|pattern, defaults to topic)
+#     acl_topic: "#"
+#     acl_policy: readwrite
+#   - name: readonly_iot
+#     user: user1
+#     acl_base: topic
+#     acl_topic: my/devices
+#     acl_policy: readwrite
 
 mosquitto_tls_enabled: False
 mosquitto_tls_ciphers:
diff --git a/tasks/config.yml b/tasks/config.yml
index 59f0e12..78daca8 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -18,15 +18,19 @@
 # TODO: ugly workaround, move this to a custom module
 - block:
     - name: Add users to password file
-      shell: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.key }} {{ item.value.password }}"
-      with_dict: "{{ mosquitto_password_auth_users | default('{}') }}"
+      shell: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.name }} {{ item.password }}"
+      loop: "{{ mosquitto_password_auth_users }}"
+      loop_control:
+        label: "{{ item.name }}"
       when: item.value.state == "present"
       changed_when: False
       no_log: True
 
     - name: Remove unnecessary users from password file
-      shell: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.key }}"
-      with_dict: "{{ mosquitto_password_auth_users | default('{}') }}"
+      shell: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.name }}"
+      loop: "{{ mosquitto_password_auth_users }}"
+      loop_control:
+        label: "{{ item.name }}"
       when: item.value.state == "absent"
       changed_when: False
       no_log: True
diff --git a/tasks/tls.yml b/tasks/tls.yml
index dfd1cfb..c681ded 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -7,7 +7,7 @@
         owner: root
         group: root
         recurse: True
-      with_items:
+      loop:
         - "{{ mosquitto_tls_cert_path | dirname }}"
         - "{{ mosquitto_tls_key_path | dirname }}"
 
@@ -16,7 +16,7 @@
         src: "{{ item.src }}"
         dest: "{{ item.dest }}"
         mode: "{{ item.mode }}"
-      with_items:
+      loop:
         - { src: "{{ mosquitto_tls_key_source }}", dest: '{{ mosquitto_tls_key_path }}', mode: '0600' }
         - { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' }
       loop_control: