diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2018-06-17 13:11:47 +0200 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-06-17 13:11:47 +0200 |
commit | e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2 (patch) | |
tree | 09f527771ffb9af015d05f494ec7ccbccbe62793 /ansible | |
parent | 0f9a79c433f26ef12c8e22a97c41d755ce3b8590 (diff) | |
download | infra-e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2.tar.gz infra-e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2.tar.bz2 infra-e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2.tar.xz infra-e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2.zip |
o Adding mosquitto-server.
Diffstat (limited to 'ansible')
7 files changed, 93 insertions, 0 deletions
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 0da44ae..2b06a16 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -3,3 +3,4 @@ become_method = sudo inventory = ./inventory connection_plugins = ./connection_plugins vault_password_file = vault-password +nocows = True diff --git a/ansible/knot.yml b/ansible/knot.yml index fa70876..1ceb2d4 100644 --- a/ansible/knot.yml +++ b/ansible/knot.yml @@ -5,3 +5,9 @@ - secrets.yml roles: - mw-frontend + tasks: + - name: mosquitto-server + import_role: name=mosquitto-server + tags: mosquitto-server + become: true + become_user: root diff --git a/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server b/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server new file mode 100644 index 0000000..cf9fc45 --- /dev/null +++ b/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server @@ -0,0 +1,20 @@ +#!/bin/bash + +set -e +set -x + +for domain in $RENEWED_DOMAINS; do + case $domain in + trygvis.io) + umask 077 + + cp "$RENEWED_LINEAGE/fullchain.pem" "/etc/mosquitto/certs/$domain-fullchain.pem" + cp "$RENEWED_LINEAGE/privkey.pem" "/etc/mosquitto/certs/$domain-privkey.pem" + + chown mosquitto "/etc/mosquitto/certs/$domain-fullchain.pem" "/etc/mosquitto/certs/$domain-privkey.pem" + chmod 400 "/etc/mosquitto/certs/$domain-fullchain.pem" "/etc/mosquitto/certs/$domain-privkey.pem" + + systemctl restart mosquitto >/dev/null + ;; + esac +done diff --git a/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf b/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf new file mode 100644 index 0000000..7ce3458 --- /dev/null +++ b/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf @@ -0,0 +1,29 @@ +# MANAGED BY ANSIBLE + +pid_file /var/run/mosquitto.pid + +persistence true +persistence_location /var/lib/mosquitto/ + +#log_dest syslog +log_dest stdout +#log_dest file /var/log/mosquitto/mosquitto.log + +#websockets_log_level 255 +#log_type debug +#log_type websockets +log_type all +connection_messages true + +port 1883 + +port 8883 +capath /etc/ssl/certs +certfile /etc/mosquitto/certs/trygvis.io-fullchain.pem +keyfile /etc/mosquitto/certs/trygvis.io-privkey.pem +#tls_version tlsv1.1 + +listener 9001 +protocol websockets +certfile /etc/mosquitto/certs/trygvis.io-fullchain.pem +keyfile /etc/mosquitto/certs/trygvis.io-privkey.pem diff --git a/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service b/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service new file mode 100644 index 0000000..cfe1565 --- /dev/null +++ b/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service @@ -0,0 +1,10 @@ +[Service] +ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf +Restart=always +User=mosquitto + +[Unit] +After=network-online.target + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/mosquitto-server/handlers/main.yml b/ansible/roles/mosquitto-server/handlers/main.yml new file mode 100644 index 0000000..c7e142b --- /dev/null +++ b/ansible/roles/mosquitto-server/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: reload mosquitto + service: + name: mosquitto + state: reloaded +- name: run mosquitto deploy handler + shell: /etc/letsencrypt/renewal-hooks/deploy/mosquitto-server + become: true + environment: + RENEWED_DOMAINS: 'trygvis.io' + RENEWED_LINEAGE: '/etc/letsencrypt/live/trygvis.io' diff --git a/ansible/roles/mosquitto-server/tasks/main.yml b/ansible/roles/mosquitto-server/tasks/main.yml new file mode 100644 index 0000000..2e62c4a --- /dev/null +++ b/ansible/roles/mosquitto-server/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: Copying service unit for mosquitto + copy: + src: etc/systemd/system/mosquitto.service + dest: /etc/systemd/system/mosquitto.service +- name: Mosquitto config + copy: + src: etc/mosquitto/mosquitto.conf + dest: /etc/mosquitto/mosquitto.conf + notify: reload mosquitto +- name: Installing mosquitto server letsencrypt deploy hook + copy: + src: etc/letsencrypt/renewal-hooks/deploy/mosquitto-server + dest: /etc/letsencrypt/renewal-hooks/deploy/mosquitto-server + mode: a+rx,go=r + notify: run mosquitto deploy handler |