1 files changed, 39 insertions, 0 deletions

diff --git a/ansible/roles/unattended-upgrades/tasks/main.yml b/ansible/roles/unattended-upgrades/tasks/main.yml
new file mode 100644
index 0000000..0bc02a1
--- /dev/null
+++ b/ansible/roles/unattended-upgrades/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: Packages for unattended upgrades
+  become: true
+  apt:
+    name: "{{ item }}"
+    install_recommends: no
+  with_items:
+    - unattended-upgrades
+    - apt-listchanges
+
+- name: Configure /etc/apt/apt.conf.d/50unattended-upgrades
+  become: true
+  copy:
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
+    content: |
+      Unattended-Upgrade::Origins-Pattern {
+          "origin=Debian,codename=${distro_codename},label=Debian";
+          "origin=Debian,codename=${distro_codename}-updates,label=Debian";
+          "origin=Debian,codename=${distro_codename},label=Debian-Security";
+          "origin=apt.postgresql.org,codename=${distro_codename}-pgdg,label=PostgreSQL for Debian/Ubuntu repository";
+      }
+      Unattended-Upgrade::MinimalSteps "False";
+      Unattended-Upgrade::Mail "{{ unattended_upgrades.mail }}";
+      Unattended-Upgrade::MailOnlyOnError "false";
+
+- name: Configure /etc/apt/apt.conf.d/20auto-upgrades
+  become: true
+  copy:
+    dest: /etc/apt/apt.conf.d/20auto-upgrades
+    content: |
+      APT::Periodic::Update-Package-Lists "1";
+      APT::Periodic::Unattended-Upgrade "1";
+
+- name: Configure /etc/apt/listchanges.conf
+  become: true
+  lineinfile:
+    dest: /etc/apt/listchanges.conf
+    line: "email_address={{ unattended_upgrades.mail }}"
+    regexp: "^email_address="