| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 |
- ---
- - name: Install unattended-upgrades
- apt:
- name: unattended-upgrades
- state: present
- - name: Create custom APT automatic timer directory
- file:
- state: directory
- path: /etc/systemd/system/apt-daily-upgrade.timer.d
- owner: root
- group: root
- mode: '0755'
- - name: Ensure APT auto installs updates at {{ apt_update_time }}
- template:
- src: time.conf.j2
- dest: /etc/systemd/system/apt-daily-upgrade.timer.d/time.conf
- owner: root
- group: root
- mode: '0644'
- notify: daemon reload
- - name: Enable unattended upgrades in debconf
- debconf:
- name: 'unattended-upgrades'
- question: 'unattended-upgrades/enable_auto_updates'
- vtype: 'boolean'
- value: 'true'
- - name: Copy default config for local changes
- copy:
- src: /etc/apt/apt.conf.d/50unattended-upgrades
- dest: /etc/apt/apt.conf.d/52unattended-upgrades-local
- owner: root
- group: root
- mode: '0644'
- remote_src: True
- - name: Configure auto reboots for unattended upgrades
- ansible.builtin.lineinfile:
- path: /etc/apt/apt.conf.d/52unattended-upgrades-local
- regexp: 'Unattended-Upgrade::Automatic-Reboot'
- line: 'Unattended-Upgrade::Automatic-Reboot "true";'
- - name: Enable regular updates for unattended upgrades
- ansible.builtin.lineinfile:
- path: /etc/apt/apt.conf.d/52unattended-upgrades-local
- regexp: 'origin=Debian,codename=\$\{distro_codename\}-updates'
- line: ' "origin=Debian,codename=${distro_codename}-updates";'
|
