|
|
@@ -0,0 +1,58 @@
|
|
|
+---
|
|
|
+- name: Install unattended-upgrades
|
|
|
+ apt:
|
|
|
+ name: unattended-upgrades
|
|
|
+ state: present
|
|
|
+
|
|
|
+
|
|
|
+- name: Create custom APT automatic timer directory
|
|
|
+ file:
|
|
|
+ state: directory
|
|
|
+ path: /etc/systemd/system/apt-daily-upgrade.timer.d
|
|
|
+ owner: root
|
|
|
+ group: root
|
|
|
+ mode: '0755'
|
|
|
+
|
|
|
+
|
|
|
+- name: Ensure APT auto installs updates at {{ apt_update_time }}
|
|
|
+ template:
|
|
|
+ src: time.conf.j2
|
|
|
+ dest: /etc/systemd/system/apt-daily-upgrade.timer.d/time.conf
|
|
|
+ owner: root
|
|
|
+ group: root
|
|
|
+ mode: '0644'
|
|
|
+ notify: daemon reload
|
|
|
+
|
|
|
+
|
|
|
+- name: Enable unattended upgrades in debconf
|
|
|
+ debconf:
|
|
|
+ name: 'unattended-upgrades'
|
|
|
+ question: 'unattended-upgrades/enable_auto_updates'
|
|
|
+ vtype: 'boolean'
|
|
|
+ value: 'true'
|
|
|
+
|
|
|
+
|
|
|
+- name: Copy default config for local changes
|
|
|
+ copy:
|
|
|
+ src: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
|
+ dest: /etc/apt/apt.conf.d/52unattended-upgrades-local
|
|
|
+ owner: root
|
|
|
+ group: root
|
|
|
+ mode: '0644'
|
|
|
+ remote_src: True
|
|
|
+
|
|
|
+
|
|
|
+- name: Configure auto reboots for unattended upgrades
|
|
|
+ ansible.builtin.lineinfile:
|
|
|
+ path: /etc/apt/apt.conf.d/52unattended-upgrades-local
|
|
|
+ regexp: 'Unattended-Upgrade::Automatic-Reboot'
|
|
|
+ line: 'Unattended-Upgrade::Automatic-Reboot "true";'
|
|
|
+
|
|
|
+
|
|
|
+- name: Enable regular updates for unattended upgrades
|
|
|
+ ansible.builtin.lineinfile:
|
|
|
+ path: /etc/apt/apt.conf.d/52unattended-upgrades-local
|
|
|
+ regexp: 'origin=Debian,codename=\$\{distro_codename\}-updates'
|
|
|
+ line: ' "origin=Debian,codename=${distro_codename}-updates";'
|
|
|
+
|
|
|
+
|
Blaine Story