authentication {
  backend = "built_in_database"
  mechanism = "password_based"
  password_hash_algorithm {
      name = "bcrypt",
  }
  user_id_type = "username"
  bootstrap_file = "/opt/init-user.json"
  bootstrap_type = "plain"
}

authorization {
  sources = [
    {
      type = built_in_database
      enable = true
    }
  ]
  no_match: "deny"
}

authorization.sources.built_in_database.rules = [
  {allow, {user, "jahanson"}, all, ["#"]},
  {allow, {user, "tasmota"}, publish, ["tasmota/discovery/#", "tele/tasmota_+/+", "cmnd/tasmota_+/+"]},
  {allow, {user, "homeassistant"}, subscribe, ["stat/tasmota_+/+", "tele/tasmota_+/+"]},
  {deny, all}
]