---
mosquitto_base_dir: /etc/mosquitto
mosquitto_pid_file: /var/run/mosquitto.pid
mosquitto_user: mosquitto
mosquitto_group: mosquitto

mosquitto_port: 1883
mosquitto_bind_address: "{{ ansible_default_ipv4.address }}"

mosquitto_persistence_enabled: False
mosquitto_persistence_path: /var/lib/mosquitto/mosquitto.db

mosquitto_iptables_enabled: False

mosquitto_password_auth_enabled: False
mosquitto_password_auth_file: "{{ mosquitto_base_dir }}/passwd"
# mosquitto_password_auth_users: (defaults to not set)
#   - admin:
#       password: mysecret
#       state: present
#   - user1:
#       password: very_secure
#       state: absent

mosquitto_acl_enabled: False
mosquitto_acl_file: "{{ mosquitto_base_dir }}/aclfile"
# mosquitto_acl: (defaults to not set)
#   - iot:
#       user: admin
#       acl_base: topic # (topic|pattern, defaults to topic)
#       acl_topic: "#"
#       acl_policy: readwrite
#   - readonly_iot:
#       user: user1
#       acl_base: topic
#       acl_topic: my/devices
#       acl_policy: readwrite

mosquitto_tls_enabled: False
mosquitto_tls_ciphers:
  - DEFAULT
  - "!aNULL"
  - "!eNULL"
  - "!LOW"
  - "!EXPORT"
  - "!SSLv2"
  - "@STRENGTH"
mosquitto_ca_path: /etc/pki/tls/certs/
# You can deploy your certificates from a file or from content.
# If you enable mosquitto_tls_source_use_content you have to put the content of your cert files into
# mosquitto_tls_cert_path and mosquitto_tls_cert_path.
mosquitto_tls_source_use_content: False
# If you enable mosquitto_tls_source_use_files theses variables have to contain the path to your
# certificate files located on the ansible "master" host
mosquitto_tls_source_use_files: True
mosquitto_tls_cert_source: mycert.pem
mosquitto_tls_key_source: mykey.pem
mosquitto_tls_cert_path: "{{ mosquitto_base_dir }}/tls/certs/mycert.pem"
mosquitto_tls_key_path: "{{ mosquitto_base_dir }}/tls/private/mykey.pem"