aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
-rw-r--r--roles/apt/templates/50unattended-upgrades.j220
1 files changed, 20 insertions, 0 deletions
diff --git a/roles/apt/templates/50unattended-upgrades.j2 b/roles/apt/templates/50unattended-upgrades.j2
index 389bb2b..57c8d20 100644
--- a/roles/apt/templates/50unattended-upgrades.j2
+++ b/roles/apt/templates/50unattended-upgrades.j2
@@ -1,5 +1,25 @@
{{ ansible_managed | comment }}
+// Lines below have the format format is "keyword=value,...". A
+// package will be upgraded only if the values in its metadata match
+// all the supplied keywords in a line. (In other words, omitted
+// keywords are wild cards.) The keywords originate from the Release
+// file, but several aliases are accepted. The accepted keywords are:
+// a,archive,suite (eg, "stable")
+// c,component (eg, "main", "contrib", "non-free")
+// l,label (eg, "Debian", "Debian-Security")
+// o,origin (eg, "Debian", "Unofficial Multimedia Packages")
+// n,codename (eg, "jessie", "jessie-updates")
+// site (eg, "http.debian.net")
+// The available values on the system are printed by the command
+// "apt-cache policy", and can be debugged by running
+// "unattended-upgrades -d" and looking at the log file.
+//
+// Within lines unattended-upgrades allows 2 macros whose values are
+// derived from /etc/debian_version:
+// ${distro_id} Installed origin.
+// ${distro_codename} Installed codename (eg, "buster")
+
Unattended-Upgrade::Origins-Pattern {
"origin=${distro_id},codename=${distro_codename}";
"origin=${distro_id},codename=${distro_codename}-security";