From 1c363a140e3cbc2ed96eeb372cf3abfdb642d3f0 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Fri, 11 Aug 2023 09:17:50 +0200 Subject: apt: configure unattended-upgrades --- roles/apt/tasks/main.yml | 3 +++ roles/apt/tasks/unattended_upgrades.yml | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 roles/apt/tasks/unattended_upgrades.yml (limited to 'roles/apt/tasks') diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml index 1d07a7f..6511c44 100644 --- a/roles/apt/tasks/main.yml +++ b/roles/apt/tasks/main.yml @@ -25,3 +25,6 @@ install_recommends: false name: '{{ apt_extra_packages }}' state: present + +- name: Configure unattended-upgrades + ansible.builtin.include_tasks: unattended_upgrades.yml diff --git a/roles/apt/tasks/unattended_upgrades.yml b/roles/apt/tasks/unattended_upgrades.yml new file mode 100644 index 0000000..79327d5 --- /dev/null +++ b/roles/apt/tasks/unattended_upgrades.yml @@ -0,0 +1,33 @@ +- name: Install unattended-upgrades + become: + ansible.builtin.apt: + install_recommends: false + name: unattended-upgrades + state: present + +- name: 50unattended-upgrades + become: true + ansible.builtin.template: + src: 50unattended-upgrades.j2 + dest: /etc/apt/apt.conf.d/50unattended-upgrades + owner: root + group: root + mode: '644' + +# https://wiki.debian.org/UnattendedUpgrades says that 20auto-upgrades and +# 02periodic are _alternatives_ (and, presumably, not mechanisms that can be +# used together). +- name: 20auto-upgrades + become: true + ansible.builtin.file: + path: /etc/apt/apt.conf.d/20auto-upgrades + state: absent + +- name: 02periodic + become: true + ansible.builtin.template: + src: 02periodic.j2 + dest: /etc/apt/apt.conf.d/02periodic + owner: root + group: root + mode: '644' -- cgit v1.2.3