63 lines
1.4 KiB
YAML
63 lines
1.4 KiB
YAML
---
|
|
- name: Copy passwd files
|
|
template:
|
|
src: "etc/mosquitto/passwd.j2"
|
|
dest: "{{ mosquitto_passwd_file }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: Hash passwd file
|
|
shell: "mosquitto_passwd -U {{ mosquitto_passwd_file }}"
|
|
notify:
|
|
- mosquitto_restart
|
|
|
|
- name: Copy TLS CA Stack
|
|
block:
|
|
- name: Copy tls chained certs
|
|
copy:
|
|
content: "{{ mosquitto_ca_content }}"
|
|
dest: "{{ mosquitto_ca_file }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- mosquitto_restart
|
|
|
|
- name: Copy tls intermediate CA
|
|
copy:
|
|
content: "{{ mosquitto_cert_content }}"
|
|
dest: "{{ mosquitto_cert_file }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- mosquitto_restart
|
|
|
|
- name: Copy tls private key
|
|
copy:
|
|
content: "{{ mosquitto_private_key_content }}"
|
|
dest: "{{ mosquitto_private_key_file }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
notify:
|
|
- mosquitto_restart
|
|
when: mosquitto_tls_enabled
|
|
|
|
- name: Open port for mttq
|
|
iptables_raw:
|
|
name: allow_mttq_port
|
|
state: present
|
|
rules: '-A INPUT -m state --state NEW -p tcp --dport {{ mosquitto_port }} -j ACCEPT'
|
|
|
|
- name: Copy systemd unit files
|
|
template:
|
|
src: "etc/systemd/system/mosquitto.service.j2"
|
|
dest: "/etc/systemd/system/mosquitto.service"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify:
|
|
- mosquitto_restart
|