---
- name: Check if password file '{{ mosquitto_password_auth_file }}' exists
  stat:
    path: "{{ mosquitto_password_auth_file }}"
  register: __mosquitto_passwd
  become: True
  become_user: root

- name: Create password file if not exist
  file:
    path: "{{ mosquitto_password_auth_file }}"
    mode: 0600
    state: touch
  become: True
  become_user: root
  when: not __mosquitto_passwd.stat.exists

# TODO: ugly workaround, move this to a custom module
- block:
    - name: Add users to password file
      command: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.name }} {{ item.password }}"
      loop: "{{ mosquitto_password_auth_users }}"
      loop_control:
        label: "{{ item.name }}"
      when: item.state == "present"
      changed_when: False
      no_log: True

    - name: Remove unnecessary users from password file
      command: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.name }}"
      loop: "{{ mosquitto_password_auth_users }}"
      loop_control:
        label: "{{ item.name }}"
      when: item.state == "absent"
      changed_when: False
      no_log: True

    - name: Create acl file at '{{ mosquitto_acl_file }}'
      template:
        src: "etc/mosquitto/aclfile.j2"
        dest: "{{ mosquitto_acl_file }}"
        owner: root
        group: root
        mode: 0600
      when:
        - mosquitto_acl_enabled | bool
        - mosquitto_acl is defined
      notify: __mosquitto_restart
  become: True
  become_user: root