diff --git a/manifests/server.pp b/manifests/server.pp index ae719c8..7292c59 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -18,14 +18,40 @@ class mosquitto::server ( $pid_file = '/var/run/mosquitto.pid', $log_file = '/var/log/mosquitto/mosquitto.log', $persistence_location = '/var/lib/mosquitto/', + $infra_service_username = 'infra', + $infra_service_password, ) { + file {'/etc/mosquitto/infra_service.pw': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + replace => true, + require => Package['mosquitto'], + } + + exec {'passwd_file': + command => "/usr/bin/mosquitto_passwd -b /etc/mosquitto/infra_service.pw ${infra_service_username} ${infra_service_password}", + require => File['/etc/mosquitto/infra_service.pw'] + } + + file {'/etc/mosquitto/infra_service.acl': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + replace => true, + content => template('mosquitto/mosquitto.acl.erb'), + require => Exec['passwd_file'], + } + file {'/etc/mosquitto/mosquitto.conf': ensure => present, owner => 'root', group => 'root', mode => '0644', content => template('mosquitto/mosquitto.conf.erb'), - require => Package['mosquitto'], + require => File['/etc/mosquitto/infra_service.acl'], } } diff --git a/templates/mosquitto.acl.erb b/templates/mosquitto.acl.erb new file mode 100644 index 0000000..ad33789 --- /dev/null +++ b/templates/mosquitto.acl.erb @@ -0,0 +1,4 @@ +topic read # + +user <%= @infra_service_username %> + topic readwrite # diff --git a/templates/mosquitto.conf.erb b/templates/mosquitto.conf.erb index 0112aff..256138d 100644 --- a/templates/mosquitto.conf.erb +++ b/templates/mosquitto.conf.erb @@ -595,7 +595,8 @@ log_dest file <%= @log_file %> # # pattern write sensor/%u/data # -#acl_file +acl_file /etc/mosquitto/infra_service.acl +password_file /etc/mosquitto/infra_service.pw # ----------------------------------------------------------------- # Authentication and topic access plugin options