From 1c363a140e3cbc2ed96eeb372cf3abfdb642d3f0 Mon Sep 17 00:00:00 2001
From: Egor Tensin <Egor.Tensin@gmail.com>
Date: Fri, 11 Aug 2023 09:17:50 +0200
Subject: apt: configure unattended-upgrades

---
 roles/apt/tasks/main.yml                |  3 +++
 roles/apt/tasks/unattended_upgrades.yml | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 roles/apt/tasks/unattended_upgrades.yml

(limited to 'roles/apt/tasks')

diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml
index 1d07a7f..6511c44 100644
--- a/roles/apt/tasks/main.yml
+++ b/roles/apt/tasks/main.yml
@@ -25,3 +25,6 @@
     install_recommends: false
     name: '{{ apt_extra_packages }}'
     state: present
+
+- name: Configure unattended-upgrades
+  ansible.builtin.include_tasks: unattended_upgrades.yml
diff --git a/roles/apt/tasks/unattended_upgrades.yml b/roles/apt/tasks/unattended_upgrades.yml
new file mode 100644
index 0000000..79327d5
--- /dev/null
+++ b/roles/apt/tasks/unattended_upgrades.yml
@@ -0,0 +1,33 @@
+- name: Install unattended-upgrades
+  become:
+  ansible.builtin.apt:
+    install_recommends: false
+    name: unattended-upgrades
+    state: present
+
+- name: 50unattended-upgrades
+  become: true
+  ansible.builtin.template:
+    src: 50unattended-upgrades.j2
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
+    owner: root
+    group: root
+    mode: '644'
+
+# https://wiki.debian.org/UnattendedUpgrades says that 20auto-upgrades and
+# 02periodic are _alternatives_ (and, presumably, not mechanisms that can be
+# used together).
+- name: 20auto-upgrades
+  become: true
+  ansible.builtin.file:
+    path: /etc/apt/apt.conf.d/20auto-upgrades
+    state: absent
+
+- name: 02periodic
+  become: true
+  ansible.builtin.template:
+    src: 02periodic.j2
+    dest: /etc/apt/apt.conf.d/02periodic
+    owner: root
+    group: root
+    mode: '644'
-- 
cgit v1.2.3