initial (#1)

Signed-off-by: Dmitriy Safronov <zimniy@cyberbrain.pw>

initial (#1)
7379b01a · Dmitriy Safronov · GitHub · 33974954 · 7379b01a · 7379b01a
Unverified Commit 7379b01a authored 1 year ago by Dmitriy Safronov Committed by GitHub 1 year ago
--- a/README.md
+++ b/README.md
-# ansible-role-template
+# ansible_role-unattended_upgrades
+Install & configure `unattended-upgrades` package and configure systemd apt timers.
--- a/defaults/main.yml
+++ b/defaults/main.yml
+unattended_upgrades_enable: true
+unattended_upgrades_reboot: true
+unattended_upgrades_reboot_time: "06:45"
+unattended_upgrades_update_calendar: "*-*-* 6,18:00"
+unattended_upgrades_update_delay: "12h"
+unattended_upgrades_upgrade_calendar: "*-*-* 22:00"
+unattended_upgrades_upgrade_delay: "60m"
--- a/handlers/main.yml
+++ b/handlers/main.yml
+- name: Restart unattended-upgrades service
+  ansible.builtin.systemd:
+    state: restarted
+    enabled: true
+    masked: false
+    daemon_reload: true
+    name: unattended-upgrades.service
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
+- name: Install packages
+  ansible.builtin.apt:
+    state: present
+    update_cache: true
+    install_recommends: false
+    pkg:
+      - unattended-upgrades
+      - powermgmt-base
+      - python3-gi
+  tags:
+    - unattended_upgrades
+- name: Template a file to /etc/apt/apt.conf.d/20auto-upgrades
+  ansible.builtin.copy:
+    content: |
+      APT::Periodic::Update-Package-Lists "1";
+      APT::Periodic::Unattended-Upgrade "{{ unattended_upgrades_enable | ternary('1', '0') }}";
+    dest: /etc/apt/apt.conf.d/20auto-upgrades
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart unattended-upgrades service
+  tags:
+    - unattended_upgrades
+- name: Template a file to /etc/apt/apt.conf.d/50unattended-upgrades
+  ansible.builtin.copy:
+    content: |
+      Unattended-Upgrade::Origins-Pattern {
+          "o=*";
+      };
+      Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+      Unattended-Upgrade::MinimalSteps "true";
+      Unattended-Upgrade::InstallOnShutdown "false";
+      Unattended-Upgrade::Mail "root";
+      Unattended-Upgrade::MailOnlyOnError "false";
+      Unattended-Upgrade::Remove-Unused-Dependencies "true";
+      Unattended-Upgrade::Automatic-Reboot-Time "{{ unattended_upgrades_reboot_time | default('06:45') }}";
+      Unattended-Upgrade::Automatic-Reboot "{{ unattended_upgrades_reboot | default(true) | bool }}";
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart unattended-upgrades service
+  tags:
+    - unattended_upgrades
+- name: Template a file to /etc/systemd/system/apt-daily.timer
+  ansible.builtin.copy:
+    content: |
+      [Unit]
+      Description=Daily apt download activities
+      [Timer]
+      OnCalendar={{ unattended_upgrades_update_calendar }}
+      RandomizedDelaySec={{ unattended_upgrades_update_delay }}
+      Persistent=true
+      [Install]
+      WantedBy=timers.target
+    dest: /etc/systemd/system/apt-daily.timer
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Reload systemd
+  tags:
+    - unattended_upgrades
+- name: Template a file to /etc/systemd/system/apt-daily-upgrade.timer
+  ansible.builtin.copy:
+    content: |
+      [Unit]
+      Description=Daily apt upgrade and clean activities
+      After=apt-daily.timer
+      [Timer]
+      OnCalendar={{ unattended_upgrades_upgrade_calendar }}
+      RandomizedDelaySec={{ unattended_upgrades_upgrade_delay }}
+      Persistent=true
+      [Install]
+      WantedBy=timers.target
+    dest: /etc/systemd/system/apt-daily-upgrade.timer
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Reload systemd
+  tags:
+    - unattended_upgrades