From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 25 Jun 2023 09:52:36 -0400
Subject: Initial Commit

---
 roles/services/unattended_upgrades/tasks/main.yml | 63 +++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 roles/services/unattended_upgrades/tasks/main.yml

(limited to 'roles/services/unattended_upgrades')

diff --git a/roles/services/unattended_upgrades/tasks/main.yml b/roles/services/unattended_upgrades/tasks/main.yml
new file mode 100644
index 0000000..bad3c02
--- /dev/null
+++ b/roles/services/unattended_upgrades/tasks/main.yml
@@ -0,0 +1,63 @@
+- name: install packages
+  package:
+    name: "{{ unattended_upgrades_packages }}"
+    state: latest
+
+- name: edit apt update timer
+  lineinfile:
+    path: /etc/systemd/system/timers.target.wants/apt-daily.timer
+    regexp: "OnCalendar.*"
+    line: "OnCalendar=*-*-* 0,4,8,12,16,20:00"
+
+- name: edit apt update timer
+  lineinfile:
+    path: /etc/systemd/system/timers.target.wants/apt-daily.timer
+    regexp: "RandomizedDelaySec.*"
+    line: "RandomizedDelaySec=10m"
+
+- name: edit apt upgrade timer
+  lineinfile:
+    path: /etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer
+    regexp: "OnCalendar.*"
+    line: "OnCalendar=*-*-* 0,4,8,12,16,20:30"
+
+- name: edit apt upgrade timer
+  lineinfile:
+    path: /etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer
+    regexp: "RandomizedDelaySec.*"
+    line: "RandomizedDelaySec=5m"
+
+- name: edit APT::Periodic settings
+  lineinfile:
+    path: /etc/apt/apt.conf.d/20auto-upgrades
+    regexp: "APT::Periodic::Update.*"
+    line: 'APT::Periodic::Update-Package-Lists "always";'
+
+- name: edit APT::Periodic settings
+  lineinfile:
+    path: /etc/apt/apt.conf.d/20auto-upgrades
+    regexp: "APT::Periodic::Unattended.*"
+    line: 'APT::Periodic::Unattended-Upgrade "always";'
+
+- name: configure unattended upgrades
+  lineinfile:
+    path: /etc/apt/apt.conf.d/50unattended-upgrades
+    regexp: ".*Unattended-Upgrade::Mail.*"
+    line: 'Unattended-Upgrade::Mail "{{ uu_mail_to }}";'
+
+- name: configure unattended upgrades
+  lineinfile:
+    path: /etc/apt/apt.conf.d/50unattended-upgrades
+    insertafter: 'Unattended-Upgrade::Mail "{{ uu_mail_to }}";'
+    line: 'Unattended-Upgrade::Sender "{{ uu_mail_from }}";'
+
+- name: configure unattended upgrades
+  lineinfile:
+    path: /etc/apt/apt.conf.d/50unattended-upgrades
+    regexp: ".*Unattended-Upgrade::MailReport.*"
+    line: 'Unattended-Upgrade::MailReport "always";'
+
+- name: restart service
+  service:
+    name: unattended-upgrades
+    state: restarted
-- 
cgit v1.2.3