---
# Installs Mosquitto MQTT Broker

- name: Install Mosquitto from official repository
  apt:
    name: "{{ packages }}"
    state: present
    update_cache: yes
  vars:
    packages:
    - mosquitto
    - mosquitto-clients
  tags:
    - dependencies

- name: Configure Mosquitto
  template:
    src={{ item.src }}
    dest={{ item.dest }}
    owner=root
    group=root
  with_items:
    - { src: 'etc_mosquitto_conf.d_10-users.j2', dest: '/etc/mosquitto/conf.d/10-users.conf' }
    - { src: 'etc_mosquitto_conf.d_20-default.j2', dest: '/etc/mosquitto/conf.d/20-default.conf' }
    - { src: 'etc_mosquitto_conf.d_21-tls.j2', dest: '/etc/mosquitto/conf.d/21-tls.conf' }
    - { src: 'etc_mosquitto_conf.d_22-ws.j2', dest: '/etc/mosquitto/conf.d/22-ws.conf' }
  notify: restart mosquitto

- name: Ensure mosquitto passwd file exists
  file: path=/etc/mosquitto/passwd state=touch

- name: Create mosquitto users
  shell: mosquitto_passwd -b /etc/mosquitto/passwd {{ item.name }} {{ item.password }}
  with_items: "{{ mosquitto_users }}"

- name: Set firewall rules for Mosquitto
  ufw: rule=allow port={{ item }} proto=tcp
  with_items:
    - 1883 # mqtt (only enable in private networks!)
    - 8883 # mqtts (+ ssl)
    - 8083 # mqtt websocket
  tags: ufw

- name: Register new Mosquitto service
  systemd: name=mosquitto daemon_reload=yes enabled=yes

- name: Start new Mosquitto instance
  service: name=mosquitto state=started