50 lines
1.3 KiB
YAML
50 lines
1.3 KiB
YAML
---
|
|
- name: ensure required packages are present
|
|
ansible.builtin.apt:
|
|
name:
|
|
- unattended-upgrades
|
|
- apt-listchanges
|
|
- gpg
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: ensure debian-security repo is present
|
|
ansible.builtin.apt_repository:
|
|
repo: >-
|
|
deb http://deb.debian.org/debian-security
|
|
{{ ansible_facts.lsb.codename | default(ansible_facts.distribution_release) }}-security
|
|
main contrib non-free non-free-firmware
|
|
state: present
|
|
filename: debian-security
|
|
update_cache: true
|
|
notify: restart apt timers
|
|
|
|
- name: deploy /etc/apt/apt.conf.d/50unattended-upgrades
|
|
ansible.builtin.template:
|
|
src: 50unattended-upgrades.j2
|
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: restart unattended-upgrades
|
|
|
|
- name: deploy /etc/apt/apt.conf.d/20auto-upgrades
|
|
ansible.builtin.template:
|
|
src: 20auto-upgrades.j2
|
|
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify:
|
|
- restart unattended-upgrades
|
|
- restart apt timers
|
|
|
|
- name: enable & start apt timers
|
|
ansible.builtin.systemd:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: true
|
|
loop:
|
|
- apt-daily.timer
|
|
- apt-daily-upgrade.timer
|