diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-12-20 16:26:28 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-12-20 16:26:28 +0100 |
| commit | bc001d962bccf2faff6eecfbbace44cc6d6e7a27 (patch) | |
| tree | 3e6b8484493df8d62ad4785da3e629a838086707 /roles/mosquitto/broker/tasks/main.yml | |
| parent | x509: make ca-certificates accessable for role users (diff) | |
mosqitto: rename to mosquitto/broker and add mosquitto/client
Diffstat (limited to 'roles/mosquitto/broker/tasks/main.yml')
| -rw-r--r-- | roles/mosquitto/broker/tasks/main.yml | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/roles/mosquitto/broker/tasks/main.yml b/roles/mosquitto/broker/tasks/main.yml new file mode 100644 index 00000000..3afffd71 --- /dev/null +++ b/roles/mosquitto/broker/tasks/main.yml @@ -0,0 +1,77 @@ +--- +- name: install mosquitto + apt: + name: + - mosquitto + - mosquitto-clients + state: present + +- name: install mosquitto acl files + loop: "{{ mosquitto_broker_acl_files | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + content: | + # Ansible managed + {{ item.value }} + dest: "/etc/mosquitto/{{ item.key }}.acl" + notify: reload mosquitto + +- name: install mosquitto password files + loop: "{{ mosquitto_broker_password_files | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + content: | + {{ item.value }} + dest: "/etc/mosquitto/{{ item.key }}.passwd" + owner: root + group: mosquitto + mode: "0640" + notify: reload mosquitto + +- name: generate Diffie-Hellman parameters + when: (mosquitto_broker_listeners | dict2items | selectattr('value.tls', 'defined') | length) > 0 + openssl_dhparam: + path: /etc/mosquitto/certs/dhparams.pem + size: 2048 + notify: reload mosquitto + +- name: generate/install/fetch TLS certificate + loop: "{{ mosquitto_broker_listeners | dict2items | selectattr('value.tls', 'defined') }}" + loop_control: + label: "{{ item.key }}" + vars: + x509_certificate_name: "mosquitto-broker-{{ item.key }}" + x509_certificate_hostnames: "{{ item.value.hostnames }}" + x509_certificate_config: "{{ item.value.tls.certificate_config | default({}) }}" + x509_certificate_renewal: + install: + - dest: "/etc/mosquitto/certs/{{ item.key }}-crt.pem" + src: + - fullchain + owner: root + group: mosquitto + mode: "0644" + - dest: "/etc/mosquitto/certs/{{ item.key }}-key.pem" + src: + - key + owner: root + group: mosquitto + mode: "0640" + - dest: "/etc/mosquitto/ca_certificates/{{ item.key }}-ca-crt.pem" + src: + - ca_cert + owner: root + group: mosquitto + mode: "0644" + x509_certificate_reload_services: + - mosquitto + include_role: + name: "x509/{{ item.value.tls.certificate_provider }}/cert" + +- name: install mosquitto config + template: + src: config.j2 + dest: /etc/mosquitto/conf.d/main.conf + notify: restart mosquitto |