diff --git a/defaults/main.yml b/defaults/main.yml index a83bfd9..72aa208 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,27 +15,31 @@ mosquitto_iptables_enabled: False mosquitto_password_auth_enabled: False mosquitto_password_auth_file: "{{ mosquitto_base_dir }}/passwd" -# mosquitto_password_auth_users: (defaults to not set) -# - admin: -# password: mysecret -# state: present -# - user1: -# password: very_secure -# state: absent +mosquitto_password_auth_users: [] +## Example: +# mosquitto_password_auth_users: +# - name: admin +# password: mysecret +# state: present +# - name: user1 +# password: very_secure +# state: absent mosquitto_acl_enabled: False mosquitto_acl_file: "{{ mosquitto_base_dir }}/aclfile" -# mosquitto_acl: (defaults to not set) -# - iot: -# user: admin -# acl_base: topic # (topic|pattern, defaults to topic) -# acl_topic: "#" -# acl_policy: readwrite -# - readonly_iot: -# user: user1 -# acl_base: topic -# acl_topic: my/devices -# acl_policy: readwrite +mosquitto_acl: [] +## Example: +# mosquitto_acl: +# - name: iot +# user: admin +# acl_base: topic # (topic|pattern, defaults to topic) +# acl_topic: "#" +# acl_policy: readwrite +# - name: readonly_iot +# user: user1 +# acl_base: topic +# acl_topic: my/devices +# acl_policy: readwrite mosquitto_tls_enabled: False mosquitto_tls_ciphers: diff --git a/tasks/config.yml b/tasks/config.yml index 59f0e12..78daca8 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -18,15 +18,19 @@ # TODO: ugly workaround, move this to a custom module - block: - name: Add users to password file - shell: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.key }} {{ item.value.password }}" - with_dict: "{{ mosquitto_password_auth_users | default('{}') }}" + shell: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.name }} {{ item.password }}" + loop: "{{ mosquitto_password_auth_users }}" + loop_control: + label: "{{ item.name }}" when: item.value.state == "present" changed_when: False no_log: True - name: Remove unnecessary users from password file - shell: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.key }}" - with_dict: "{{ mosquitto_password_auth_users | default('{}') }}" + shell: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.name }}" + loop: "{{ mosquitto_password_auth_users }}" + loop_control: + label: "{{ item.name }}" when: item.value.state == "absent" changed_when: False no_log: True diff --git a/tasks/tls.yml b/tasks/tls.yml index dfd1cfb..c681ded 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -7,7 +7,7 @@ owner: root group: root recurse: True - with_items: + loop: - "{{ mosquitto_tls_cert_path | dirname }}" - "{{ mosquitto_tls_key_path | dirname }}" @@ -16,7 +16,7 @@ src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" - with_items: + loop: - { src: "{{ mosquitto_tls_key_source }}", dest: '{{ mosquitto_tls_key_path }}', mode: '0600' } - { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' } loop_control: