diff options
4 files changed, 44 insertions, 16 deletions
diff --git a/ansible/group_vars/all/unattended-upgrades.yml b/ansible/group_vars/all/unattended-upgrades.yml index b3ca37a..1091149 100644 --- a/ansible/group_vars/all/unattended-upgrades.yml +++ b/ansible/group_vars/all/unattended-upgrades.yml @@ -1,2 +1,4 @@ unattended_upgrades: mail: root@inamo.no + minimal_steps: False + mail_only_on_error: False diff --git a/ansible/roles/unattended-upgrades/defaults/main.yml b/ansible/roles/unattended-upgrades/defaults/main.yml new file mode 100644 index 0000000..add03d8 --- /dev/null +++ b/ansible/roles/unattended-upgrades/defaults/main.yml @@ -0,0 +1,19 @@ +unattended_upgrades_apt_conf_priority: 50 + +# Empty list. This will upgrade all packages +unattended_upgrades_origin_list: + +# Example +#unattended_upgrades_origin_list: +# - origin: Debian +# codename: ${distro_codename} +# label: Debian +# - origin: Debian +# codename: ${distro_codename}-updates +# label: Debian +# - origin: Debian +# codename: ${distro_codename} +# label: Debian Security +# - origin: apt.postgresql.org +# codename: ${distro_codename}-pgdg +# label: PostgreSQL for Debian/Ubuntu repository diff --git a/ansible/roles/unattended-upgrades/tasks/main.yml b/ansible/roles/unattended-upgrades/tasks/main.yml index 0bc02a1..9ab1ce4 100644 --- a/ansible/roles/unattended-upgrades/tasks/main.yml +++ b/ansible/roles/unattended-upgrades/tasks/main.yml @@ -1,6 +1,5 @@ --- - name: Packages for unattended upgrades - become: true apt: name: "{{ item }}" install_recommends: no @@ -9,22 +8,12 @@ - apt-listchanges - name: Configure /etc/apt/apt.conf.d/50unattended-upgrades - become: true - copy: - dest: /etc/apt/apt.conf.d/50unattended-upgrades - content: | - Unattended-Upgrade::Origins-Pattern { - "origin=Debian,codename=${distro_codename},label=Debian"; - "origin=Debian,codename=${distro_codename}-updates,label=Debian"; - "origin=Debian,codename=${distro_codename},label=Debian-Security"; - "origin=apt.postgresql.org,codename=${distro_codename}-pgdg,label=PostgreSQL for Debian/Ubuntu repository"; - } - Unattended-Upgrade::MinimalSteps "False"; - Unattended-Upgrade::Mail "{{ unattended_upgrades.mail }}"; - Unattended-Upgrade::MailOnlyOnError "false"; + tags: XXX + template: + dest: /etc/apt/apt.conf.d/{{ unattended_upgrades_apt_conf_priority }}unattended-upgrades + src: unattended-upgrades.j2 - name: Configure /etc/apt/apt.conf.d/20auto-upgrades - become: true copy: dest: /etc/apt/apt.conf.d/20auto-upgrades content: | @@ -32,7 +21,6 @@ APT::Periodic::Unattended-Upgrade "1"; - name: Configure /etc/apt/listchanges.conf - become: true lineinfile: dest: /etc/apt/listchanges.conf line: "email_address={{ unattended_upgrades.mail }}" diff --git a/ansible/roles/unattended-upgrades/templates/unattended-upgrades.j2 b/ansible/roles/unattended-upgrades/templates/unattended-upgrades.j2 new file mode 100644 index 0000000..1171c6e --- /dev/null +++ b/ansible/roles/unattended-upgrades/templates/unattended-upgrades.j2 @@ -0,0 +1,19 @@ +// Managed with Ansible +Unattended-Upgrade::Origins-Pattern { +{% if unattended_upgrades_origin_list -%} +{% for p in unattended_upgrades_origin_list %} + "{% if p.origin -%} +origin={{ p.origin }}, +{%- endif %}{% if p.codename -%} +codename={{ p.codename }}, +{%- endif %}{% if p.label -%} +label={{ p.label }}, +{%- endif %}"; +{% endfor %} +{% else %} + "o=*"; +{% endif %} +} +Unattended-Upgrade::MinimalSteps "{{ unattended_upgrades.minimal_steps }}"; +Unattended-Upgrade::Mail "{{ unattended_upgrades.mail }}"; +Unattended-Upgrade::MailOnlyOnError "{{ unattended_upgrades.mail_only_on_error }}"; |