aboutsummaryrefslogtreecommitdiff
path: root/ansible
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2018-06-17 13:11:47 +0200
committerTrygve Laugstøl <trygvis@inamo.no>2018-06-17 13:11:47 +0200
commite2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2 (patch)
tree09f527771ffb9af015d05f494ec7ccbccbe62793 /ansible
parent0f9a79c433f26ef12c8e22a97c41d755ce3b8590 (diff)
downloadinfra-e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2.tar.gz
infra-e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2.tar.bz2
infra-e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2.tar.xz
infra-e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2.zip
o Adding mosquitto-server.
Diffstat (limited to 'ansible')
-rw-r--r--ansible/ansible.cfg1
-rw-r--r--ansible/knot.yml6
-rw-r--r--ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server20
-rw-r--r--ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf29
-rw-r--r--ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service10
-rw-r--r--ansible/roles/mosquitto-server/handlers/main.yml11
-rw-r--r--ansible/roles/mosquitto-server/tasks/main.yml16
7 files changed, 93 insertions, 0 deletions
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index 0da44ae..2b06a16 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -3,3 +3,4 @@ become_method = sudo
inventory = ./inventory
connection_plugins = ./connection_plugins
vault_password_file = vault-password
+nocows = True
diff --git a/ansible/knot.yml b/ansible/knot.yml
index fa70876..1ceb2d4 100644
--- a/ansible/knot.yml
+++ b/ansible/knot.yml
@@ -5,3 +5,9 @@
- secrets.yml
roles:
- mw-frontend
+ tasks:
+ - name: mosquitto-server
+ import_role: name=mosquitto-server
+ tags: mosquitto-server
+ become: true
+ become_user: root
diff --git a/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server b/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server
new file mode 100644
index 0000000..cf9fc45
--- /dev/null
+++ b/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+set -x
+
+for domain in $RENEWED_DOMAINS; do
+ case $domain in
+ trygvis.io)
+ umask 077
+
+ cp "$RENEWED_LINEAGE/fullchain.pem" "/etc/mosquitto/certs/$domain-fullchain.pem"
+ cp "$RENEWED_LINEAGE/privkey.pem" "/etc/mosquitto/certs/$domain-privkey.pem"
+
+ chown mosquitto "/etc/mosquitto/certs/$domain-fullchain.pem" "/etc/mosquitto/certs/$domain-privkey.pem"
+ chmod 400 "/etc/mosquitto/certs/$domain-fullchain.pem" "/etc/mosquitto/certs/$domain-privkey.pem"
+
+ systemctl restart mosquitto >/dev/null
+ ;;
+ esac
+done
diff --git a/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf b/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf
new file mode 100644
index 0000000..7ce3458
--- /dev/null
+++ b/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf
@@ -0,0 +1,29 @@
+# MANAGED BY ANSIBLE
+
+pid_file /var/run/mosquitto.pid
+
+persistence true
+persistence_location /var/lib/mosquitto/
+
+#log_dest syslog
+log_dest stdout
+#log_dest file /var/log/mosquitto/mosquitto.log
+
+#websockets_log_level 255
+#log_type debug
+#log_type websockets
+log_type all
+connection_messages true
+
+port 1883
+
+port 8883
+capath /etc/ssl/certs
+certfile /etc/mosquitto/certs/trygvis.io-fullchain.pem
+keyfile /etc/mosquitto/certs/trygvis.io-privkey.pem
+#tls_version tlsv1.1
+
+listener 9001
+protocol websockets
+certfile /etc/mosquitto/certs/trygvis.io-fullchain.pem
+keyfile /etc/mosquitto/certs/trygvis.io-privkey.pem
diff --git a/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service b/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service
new file mode 100644
index 0000000..cfe1565
--- /dev/null
+++ b/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service
@@ -0,0 +1,10 @@
+[Service]
+ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
+Restart=always
+User=mosquitto
+
+[Unit]
+After=network-online.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/roles/mosquitto-server/handlers/main.yml b/ansible/roles/mosquitto-server/handlers/main.yml
new file mode 100644
index 0000000..c7e142b
--- /dev/null
+++ b/ansible/roles/mosquitto-server/handlers/main.yml
@@ -0,0 +1,11 @@
+---
+- name: reload mosquitto
+ service:
+ name: mosquitto
+ state: reloaded
+- name: run mosquitto deploy handler
+ shell: /etc/letsencrypt/renewal-hooks/deploy/mosquitto-server
+ become: true
+ environment:
+ RENEWED_DOMAINS: 'trygvis.io'
+ RENEWED_LINEAGE: '/etc/letsencrypt/live/trygvis.io'
diff --git a/ansible/roles/mosquitto-server/tasks/main.yml b/ansible/roles/mosquitto-server/tasks/main.yml
new file mode 100644
index 0000000..2e62c4a
--- /dev/null
+++ b/ansible/roles/mosquitto-server/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: Copying service unit for mosquitto
+ copy:
+ src: etc/systemd/system/mosquitto.service
+ dest: /etc/systemd/system/mosquitto.service
+- name: Mosquitto config
+ copy:
+ src: etc/mosquitto/mosquitto.conf
+ dest: /etc/mosquitto/mosquitto.conf
+ notify: reload mosquitto
+- name: Installing mosquitto server letsencrypt deploy hook
+ copy:
+ src: etc/letsencrypt/renewal-hooks/deploy/mosquitto-server
+ dest: /etc/letsencrypt/renewal-hooks/deploy/mosquitto-server
+ mode: a+rx,go=r
+ notify: run mosquitto deploy handler