From bc001d962bccf2faff6eecfbbace44cc6d6e7a27 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 20 Dec 2023 16:26:28 +0100
Subject: mosqitto: rename to mosquitto/broker and add mosquitto/client

---
 inventory/host_vars/ch-testvm-prometheus.yml | 29 ++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

(limited to 'inventory/host_vars/ch-testvm-prometheus.yml')

diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml
index de31921f..ff36f733 100644
--- a/inventory/host_vars/ch-testvm-prometheus.yml
+++ b/inventory/host_vars/ch-testvm-prometheus.yml
@@ -55,11 +55,17 @@ managed_ca_authorities:
       not_after: +520w
 
 
-mosquitto_global_config_options:
+mosquitto_broker_global_config_options:
   per_listener_settings: "true"
 
-mosquitto_listeners:
+mosquitto_broker_listeners:
   example:
+    bind: 1883
+    options:
+      allow_anonymous: "false"
+      acl_file: /etc/mosquitto/example.acl
+      password_file: /etc/mosquitto/example.passwd
+  foo:
     bind: 1884 192.168.32.42
     hostnames:
     - mqtt.example.com
@@ -74,22 +80,21 @@ mosquitto_listeners:
           organizational_unit_name: "ansible"
           san_extra:
           - "IP:192.168.32.42"
+          extended_key_usage:
+          - serverAuth
+          extended_key_usage_critical: yes
           create_subject_key_identifier: yes
           not_after: +100w
     options:
-      allow_anonymous: "true"
+      allow_anonymous: "false"
       require_certificate: "true"
+      cafile: /etc/mosquitto/ca_certificates/foo-ca-crt.pem
+      use_identity_as_username: "true"
       acl_file: /etc/mosquitto/foo.acl
-  foo:
-    bind: 1883
-    options:
-      allow_anonymous: "false"
-      acl_file: /etc/mosquitto/example.acl
-      password_file: /etc/mosquitto/example.passwd
 
-mosquitto_prometheus_listener: true
+mosquitto_broker_prometheus_listener: true
 
-mosquitto_acl_files:
+mosquitto_broker_acl_files:
   example: |
     user admin
     topic read test/+
@@ -101,7 +106,7 @@ mosquitto_acl_files:
     user producer
     topic write foo/+
 
-mosquitto_password_files:
+mosquitto_broker_password_files:
   example: |
     admin:{{ 'admin' | mosquitto_passwd_hash('admin@mqtt.example.com') }}
     equinox:{{ 'secret' | mosquitto_passwd_hash('equinox@mqtt.example.com') }}
-- 
cgit v1.2.3