---
- name: Copy passwd files
  template:
    src: "etc/mosquitto/passwd.j2"
    dest: "{{ mosquitto_passwd_file }}"
    owner: root
    group: root
    mode: 0600

- name: Hash passwd file
  shell: "mosquitto_passwd -U {{ mosquitto_passwd_file }}"
  notify:
    - mosquitto_restart

- name: Copy TLS CA Stack
  block:
  - name: Copy tls chained certs
    copy:
      content: "{{ mosquitto_ca_content }}"
      dest: "{{ mosquitto_ca_file }}"
      owner: root
      group: root
      mode: 0644
    notify:
      - mosquitto_restart

  - name: Copy tls intermediate CA
    copy:
      content: "{{ mosquitto_cert_content }}"
      dest: "{{ mosquitto_cert_file }}"
      owner: root
      group: root
      mode: 0644
    notify:
      - mosquitto_restart

  - name: Copy tls private key
    copy:
      content: "{{ mosquitto_private_key_content }}"
      dest: "{{ mosquitto_private_key_file }}"
      owner: root
      group: root
      mode: 0600
    notify:
      - mosquitto_restart
  when: mosquitto_tls_enabled

- name: Open port for mttq
  iptables_raw:
    name: allow_mttq_port
    state: present
    rules: '-A INPUT -m state --state NEW -p tcp --dport {{ mosquitto_port }} -j ACCEPT'

- name: Copy systemd unit files
  template:
    src: "etc/systemd/system/mosquitto.service.j2"
    dest: "/etc/systemd/system/mosquitto.service"
    owner: root
    group: root
    mode: 0644
  notify:
    - mosquitto_restart