--- - name: install mosquitto apt: name: - mosquitto - mosquitto-clients state: present - name: install mosquitto acl files loop: "{{ mosquitto_broker_acl_files | dict2items }}" loop_control: label: "{{ item.key }}" copy: content: | # Ansible managed {{ item.value }} dest: "/etc/mosquitto/{{ item.key }}.acl" notify: reload mosquitto - name: install mosquitto password files loop: "{{ mosquitto_broker_password_files | dict2items }}" loop_control: label: "{{ item.key }}" copy: content: | {{ item.value }} dest: "/etc/mosquitto/{{ item.key }}.passwd" owner: root group: mosquitto mode: "0640" notify: reload mosquitto - name: generate Diffie-Hellman parameters when: (mosquitto_broker_listeners | dict2items | selectattr('value.tls', 'defined') | length) > 0 openssl_dhparam: path: /etc/mosquitto/certs/dhparams.pem size: 2048 notify: reload mosquitto - name: generate/install/fetch TLS certificate loop: "{{ mosquitto_broker_listeners | dict2items | selectattr('value.tls', 'defined') }}" loop_control: label: "{{ item.key }}" vars: x509_certificate_name: "mosquitto-broker-{{ item.key }}" x509_certificate_hostnames: "{{ item.value.hostnames }}" x509_certificate_config: "{{ item.value.tls.certificate_config | default({}) }}" x509_certificate_renewal: install: - dest: "/etc/mosquitto/certs/{{ item.key }}-crt.pem" src: - fullchain owner: root group: mosquitto mode: "0644" - dest: "/etc/mosquitto/certs/{{ item.key }}-key.pem" src: - key owner: root group: mosquitto mode: "0640" - dest: "/etc/mosquitto/ca_certificates/{{ item.key }}-ca-crt.pem" src: - ca_cert owner: root group: mosquitto mode: "0644" x509_certificate_reload_services: - mosquitto include_role: name: "x509/{{ item.value.tls.certificate_provider }}/cert" - name: install mosquitto config template: src: config.j2 dest: /etc/mosquitto/conf.d/main.conf notify: restart mosquitto