1 files changed, 50 insertions, 0 deletions

diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml
index 415e6774..50e625fa 100644
--- a/inventory/host_vars/ch-testvm-prometheus.yml
+++ b/inventory/host_vars/ch-testvm-prometheus.yml
@@ -35,3 +35,53 @@ network:
   - *_network_primary_
 
 ntp_variant: systemd-timesyncd
+
+
+###
+mosquitto_global_config_options:
+  per_listener_settings: "true"
+
+mosquitto_listeners:
+  example:
+    bind: 1884 192.168.32.42
+    hostnames:
+    - mqtt.example.com
+    tls:
+      certificate_provider: selfsigned
+      certificate_config:
+        cert:
+          organization_name: "spreadspace"
+          organizational_unit_name: "ansible"
+          san_extra:
+          - "IP:192.168.32.42"
+          create_subject_key_identifier: yes
+          not_after: +100w
+    options:
+      allow_anonymous: "true"
+      require_certificate: "true"
+      acl_file: /etc/mosquitto/foo.acl
+  foo:
+    bind: 1883
+    options:
+      allow_anonymous: "false"
+      acl_file: /etc/mosquitto/example.acl
+      password_file: /etc/mosquitto/example.passwd
+
+mosquitto_prometheus_listener: true
+
+mosquitto_acl_files:
+  example: |
+    user admin
+    topic read test/+
+    user equinox
+    topic write test/+
+  foo: |
+    user consumer
+    topic read foo/+
+    user producer
+    topic write foo/+
+
+mosquitto_password_files:
+  example: |
+    admin:{{ 'admin' | mosquitto_passwd_hash('admin@mqtt.example.com') }}
+    equinox:{{ 'secret' | mosquitto_passwd_hash('equinox@mqtt.example.com') }}