infra-ansible

commit 4a671791716af395d21797a29c0209d1d447aa53
parent abb509dee13ea7156e9aa04e5ea02bf6511d4df4
Author: Jul <jul@9o.is>
Date:   Mon, 13 May 2024 20:23:05 +0800

set apt upgrade and periodic, unattended upgrades

Diffstat:
A
host/roles/setup/tasks/apt-upgrades.yml
 | 
22
++++++++++++++++++++++
M
host/roles/setup/tasks/main.yml
 | 
1
+
A
host/roles/setup/templates/10periodic.j2
 | 
4
++++
A
host/roles/setup/templates/50unattended-upgrades.j2
 | 
5
+++++

4 files changed, 32 insertions(+), 0 deletions(-)
diff --git a/host/roles/setup/tasks/apt-upgrades.yml b/host/roles/setup/tasks/apt-upgrades.yml
@@ -0,0 +1,22 @@
+---
+- name: Update and upgrade apt packages
+  apt:
+    upgrade: yes
+    autoremove: yes
+    update_cache: yes
+
+- name: Install unattended upgrades package
+  package:
+    name: unattended-upgrades
+    state: present
+
+- name: Copy unattended-upgrades configuration files in place
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/apt/apt.conf.d/{{ item }}"
+    owner: root
+    group: root
+    mode: '0644'
+  with_items:
+    - 10periodic
+    - 50unattended-upgrades
diff --git a/host/roles/setup/tasks/main.yml b/host/roles/setup/tasks/main.yml
@@ -1,4 +1,5 @@
 ---
 - include_tasks: networking.yml
 - include_tasks: hostname.yml
+- include_tasks: apt-upgrades.yml
 - include_tasks: user.yml
diff --git a/host/roles/setup/templates/10periodic.j2 b/host/roles/setup/templates/10periodic.j2
@@ -0,0 +1,4 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";
diff --git a/host/roles/setup/templates/50unattended-upgrades.j2 b/host/roles/setup/templates/50unattended-upgrades.j2
@@ -0,0 +1,5 @@
+Unattended-Upgrade::MinimalSteps "true";
+Unattended-Upgrade::Automatic-Reboot "true";
+Unattended-Upgrade::Automatic-Reboot-Time "{{ autoupdate_reboot_time }}";
+Unattended-Upgrade::MailOnlyOnError "true";
+Unattended-Upgrade::Remove-Unused-Dependencies "true";