From e2e9cfd16ab06d8ad30ebd5cc9f66ac46219b4b2 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Sun, 17 Jun 2018 13:11:47 +0200 Subject: o Adding mosquitto-server. --- .../renewal-hooks/deploy/mosquitto-server | 20 +++++++++++++++ .../files/etc/mosquitto/mosquitto.conf | 29 ++++++++++++++++++++++ .../files/etc/systemd/system/mosquitto.service | 10 ++++++++ ansible/roles/mosquitto-server/handlers/main.yml | 11 ++++++++ ansible/roles/mosquitto-server/tasks/main.yml | 16 ++++++++++++ 5 files changed, 86 insertions(+) create mode 100644 ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server create mode 100644 ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf create mode 100644 ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service create mode 100644 ansible/roles/mosquitto-server/handlers/main.yml create mode 100644 ansible/roles/mosquitto-server/tasks/main.yml (limited to 'ansible/roles/mosquitto-server') diff --git a/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server b/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server new file mode 100644 index 0000000..cf9fc45 --- /dev/null +++ b/ansible/roles/mosquitto-server/files/etc/letsencrypt/renewal-hooks/deploy/mosquitto-server @@ -0,0 +1,20 @@ +#!/bin/bash + +set -e +set -x + +for domain in $RENEWED_DOMAINS; do + case $domain in + trygvis.io) + umask 077 + + cp "$RENEWED_LINEAGE/fullchain.pem" "/etc/mosquitto/certs/$domain-fullchain.pem" + cp "$RENEWED_LINEAGE/privkey.pem" "/etc/mosquitto/certs/$domain-privkey.pem" + + chown mosquitto "/etc/mosquitto/certs/$domain-fullchain.pem" "/etc/mosquitto/certs/$domain-privkey.pem" + chmod 400 "/etc/mosquitto/certs/$domain-fullchain.pem" "/etc/mosquitto/certs/$domain-privkey.pem" + + systemctl restart mosquitto >/dev/null + ;; + esac +done diff --git a/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf b/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf new file mode 100644 index 0000000..7ce3458 --- /dev/null +++ b/ansible/roles/mosquitto-server/files/etc/mosquitto/mosquitto.conf @@ -0,0 +1,29 @@ +# MANAGED BY ANSIBLE + +pid_file /var/run/mosquitto.pid + +persistence true +persistence_location /var/lib/mosquitto/ + +#log_dest syslog +log_dest stdout +#log_dest file /var/log/mosquitto/mosquitto.log + +#websockets_log_level 255 +#log_type debug +#log_type websockets +log_type all +connection_messages true + +port 1883 + +port 8883 +capath /etc/ssl/certs +certfile /etc/mosquitto/certs/trygvis.io-fullchain.pem +keyfile /etc/mosquitto/certs/trygvis.io-privkey.pem +#tls_version tlsv1.1 + +listener 9001 +protocol websockets +certfile /etc/mosquitto/certs/trygvis.io-fullchain.pem +keyfile /etc/mosquitto/certs/trygvis.io-privkey.pem diff --git a/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service b/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service new file mode 100644 index 0000000..cfe1565 --- /dev/null +++ b/ansible/roles/mosquitto-server/files/etc/systemd/system/mosquitto.service @@ -0,0 +1,10 @@ +[Service] +ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf +Restart=always +User=mosquitto + +[Unit] +After=network-online.target + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/mosquitto-server/handlers/main.yml b/ansible/roles/mosquitto-server/handlers/main.yml new file mode 100644 index 0000000..c7e142b --- /dev/null +++ b/ansible/roles/mosquitto-server/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: reload mosquitto + service: + name: mosquitto + state: reloaded +- name: run mosquitto deploy handler + shell: /etc/letsencrypt/renewal-hooks/deploy/mosquitto-server + become: true + environment: + RENEWED_DOMAINS: 'trygvis.io' + RENEWED_LINEAGE: '/etc/letsencrypt/live/trygvis.io' diff --git a/ansible/roles/mosquitto-server/tasks/main.yml b/ansible/roles/mosquitto-server/tasks/main.yml new file mode 100644 index 0000000..2e62c4a --- /dev/null +++ b/ansible/roles/mosquitto-server/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: Copying service unit for mosquitto + copy: + src: etc/systemd/system/mosquitto.service + dest: /etc/systemd/system/mosquitto.service +- name: Mosquitto config + copy: + src: etc/mosquitto/mosquitto.conf + dest: /etc/mosquitto/mosquitto.conf + notify: reload mosquitto +- name: Installing mosquitto server letsencrypt deploy hook + copy: + src: etc/letsencrypt/renewal-hooks/deploy/mosquitto-server + dest: /etc/letsencrypt/renewal-hooks/deploy/mosquitto-server + mode: a+rx,go=r + notify: run mosquitto deploy handler -- cgit v1.2.3