aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/mosquitto-server/files
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/mosquitto-server/files')
-rw-r--r--ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server20
-rw-r--r--ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf29
-rw-r--r--ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service10
3 files changed, 59 insertions, 0 deletions
diff --git a/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server b/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server
new file mode 100644
index 0000000..cf9fc45
--- /dev/null
+++ b/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+set -x
+
+for domain in $RENEWED_DOMAINS; do
+ case $domain in
+ trygvis.io)
+ umask 077
+
+ cp "$RENEWED_LINEAGE/fullchain.pem" "/etc/mosquitto/certs/$domain-fullchain.pem"
+ cp "$RENEWED_LINEAGE/privkey.pem" "/etc/mosquitto/certs/$domain-privkey.pem"
+
+ chown mosquitto "/etc/mosquitto/certs/$domain-fullchain.pem" "/etc/mosquitto/certs/$domain-privkey.pem"
+ chmod 400 "/etc/mosquitto/certs/$domain-fullchain.pem" "/etc/mosquitto/certs/$domain-privkey.pem"
+
+ systemctl restart mosquitto >/dev/null
+ ;;
+ esac
+done
diff --git a/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf b/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf
new file mode 100644
index 0000000..7ce3458
--- /dev/null
+++ b/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf
@@ -0,0 +1,29 @@
+# MANAGED BY ANSIBLE
+
+pid_file /var/run/mosquitto.pid
+
+persistence true
+persistence_location /var/lib/mosquitto/
+
+#log_dest syslog
+log_dest stdout
+#log_dest file /var/log/mosquitto/mosquitto.log
+
+#websockets_log_level 255
+#log_type debug
+#log_type websockets
+log_type all
+connection_messages true
+
+port 1883
+
+port 8883
+capath /etc/ssl/certs
+certfile /etc/mosquitto/certs/trygvis.io-fullchain.pem
+keyfile /etc/mosquitto/certs/trygvis.io-privkey.pem
+#tls_version tlsv1.1
+
+listener 9001
+protocol websockets
+certfile /etc/mosquitto/certs/trygvis.io-fullchain.pem
+keyfile /etc/mosquitto/certs/trygvis.io-privkey.pem
diff --git a/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service b/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service
new file mode 100644
index 0000000..cfe1565
--- /dev/null
+++ b/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service
@@ -0,0 +1,10 @@
+[Service]
+ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
+Restart=always
+User=mosquitto
+
+[Unit]
+After=network-online.target
+
+[Install]
+WantedBy=multi-user.target