From 7379b01aa15026e00f43f0ffd0dd07af85760c8d Mon Sep 17 00:00:00 2001
From: Dmitriy Safronov <zimniy@cyberbrain.pw>
Date: Fri, 12 Jan 2024 05:27:20 +0300
Subject: [PATCH] initial (#1)

Signed-off-by: Dmitriy Safronov <zimniy@cyberbrain.pw>
---
 README.md         |  4 ++-
 defaults/main.yml | 10 ++++++
 handlers/main.yml | 11 ++++++
 tasks/main.yml    | 89 +++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 113 insertions(+), 1 deletion(-)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/main.yml

diff --git a/README.md b/README.md
index 72b0e5d..68ba444 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,3 @@
-# ansible-role-template
+# ansible_role-unattended_upgrades
+
+Install & configure `unattended-upgrades` package and configure systemd apt timers.
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..c9c3576
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,10 @@
+unattended_upgrades_enable: true
+
+unattended_upgrades_reboot: true
+unattended_upgrades_reboot_time: "06:45"
+
+unattended_upgrades_update_calendar: "*-*-* 6,18:00"
+unattended_upgrades_update_delay: "12h"
+
+unattended_upgrades_upgrade_calendar: "*-*-* 22:00"
+unattended_upgrades_upgrade_delay: "60m"
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..0628294
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,11 @@
+- name: Restart unattended-upgrades service
+  ansible.builtin.systemd:
+    state: restarted
+    enabled: true
+    masked: false
+    daemon_reload: true
+    name: unattended-upgrades.service
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..a3ae838
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,89 @@
+- name: Install packages
+  ansible.builtin.apt:
+    state: present
+    update_cache: true
+    install_recommends: false
+    pkg:
+      - unattended-upgrades
+      - powermgmt-base
+      - python3-gi
+  tags:
+    - unattended_upgrades
+
+- name: Template a file to /etc/apt/apt.conf.d/20auto-upgrades
+  ansible.builtin.copy:
+    content: |
+      APT::Periodic::Update-Package-Lists "1";
+      APT::Periodic::Unattended-Upgrade "{{ unattended_upgrades_enable | ternary('1', '0') }}";
+    dest: /etc/apt/apt.conf.d/20auto-upgrades
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart unattended-upgrades service
+  tags:
+    - unattended_upgrades
+
+- name: Template a file to /etc/apt/apt.conf.d/50unattended-upgrades
+  ansible.builtin.copy:
+    content: |
+      Unattended-Upgrade::Origins-Pattern {
+          "o=*";
+      };
+      Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+      Unattended-Upgrade::MinimalSteps "true";
+      Unattended-Upgrade::InstallOnShutdown "false";
+      Unattended-Upgrade::Mail "root";
+      Unattended-Upgrade::MailOnlyOnError "false";
+      Unattended-Upgrade::Remove-Unused-Dependencies "true";
+      Unattended-Upgrade::Automatic-Reboot-Time "{{ unattended_upgrades_reboot_time | default('06:45') }}";
+      Unattended-Upgrade::Automatic-Reboot "{{ unattended_upgrades_reboot | default(true) | bool }}";
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart unattended-upgrades service
+  tags:
+    - unattended_upgrades
+
+- name: Template a file to /etc/systemd/system/apt-daily.timer
+  ansible.builtin.copy:
+    content: |
+      [Unit]
+      Description=Daily apt download activities
+
+      [Timer]
+      OnCalendar={{ unattended_upgrades_update_calendar }}
+      RandomizedDelaySec={{ unattended_upgrades_update_delay }}
+      Persistent=true
+
+      [Install]
+      WantedBy=timers.target
+    dest: /etc/systemd/system/apt-daily.timer
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Reload systemd
+  tags:
+    - unattended_upgrades
+
+- name: Template a file to /etc/systemd/system/apt-daily-upgrade.timer
+  ansible.builtin.copy:
+    content: |
+      [Unit]
+      Description=Daily apt upgrade and clean activities
+      After=apt-daily.timer
+
+      [Timer]
+      OnCalendar={{ unattended_upgrades_upgrade_calendar }}
+      RandomizedDelaySec={{ unattended_upgrades_upgrade_delay }}
+      Persistent=true
+
+      [Install]
+      WantedBy=timers.target
+    dest: /etc/systemd/system/apt-daily-upgrade.timer
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Reload systemd
+  tags:
+    - unattended_upgrades
-- 
GitLab