From 483780a828ed5d2b8a197bbf1c8270a9c994f00d Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Sat, 25 Feb 2023 10:40:11 +0100 Subject: [PATCH] Add configuration options to unattended_upgrades --- system/base/unattended_upgrades/defaults/main.yml | 3 +++ system/base/unattended_upgrades/files/20auto-upgrades | 2 -- .../base/unattended_upgrades/meta/argument_specs.yml | 11 +++++++++++ system/base/unattended_upgrades/tasks/main.yml | 8 ++++---- .../unattended_upgrades/templates/20auto-upgrades.j2 | 2 ++ .../50unattended-upgrades.j2} | 3 +++ 6 files changed, 23 insertions(+), 6 deletions(-) create mode 100644 system/base/unattended_upgrades/defaults/main.yml delete mode 100644 system/base/unattended_upgrades/files/20auto-upgrades create mode 100644 system/base/unattended_upgrades/meta/argument_specs.yml create mode 100644 system/base/unattended_upgrades/templates/20auto-upgrades.j2 rename system/base/unattended_upgrades/{files/50unattended-upgrades => templates/50unattended-upgrades.j2} (98%) diff --git a/system/base/unattended_upgrades/defaults/main.yml b/system/base/unattended_upgrades/defaults/main.yml new file mode 100644 index 0000000..1d4b3a9 --- /dev/null +++ b/system/base/unattended_upgrades/defaults/main.yml @@ -0,0 +1,3 @@ +--- +system_base_unattended_upgrades_n_days: 1 +system_base_unattended_upgrades_blacklist: [] diff --git a/system/base/unattended_upgrades/files/20auto-upgrades b/system/base/unattended_upgrades/files/20auto-upgrades deleted file mode 100644 index 8d6d7c8..0000000 --- a/system/base/unattended_upgrades/files/20auto-upgrades +++ /dev/null @@ -1,2 +0,0 @@ -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; diff --git a/system/base/unattended_upgrades/meta/argument_specs.yml b/system/base/unattended_upgrades/meta/argument_specs.yml new file mode 100644 index 0000000..38df4f5 --- /dev/null +++ b/system/base/unattended_upgrades/meta/argument_specs.yml @@ -0,0 +1,11 @@ +--- +argument_specs: + main: + options: + system_base_unattended_upgrades_n_days: + type: "int" + required: true + system_base_unattended_upgrades_blacklist: + type: "list" + elements: "str" + required: true diff --git a/system/base/unattended_upgrades/tasks/main.yml b/system/base/unattended_upgrades/tasks/main.yml index ee77d8b..b9e9b24 100644 --- a/system/base/unattended_upgrades/tasks/main.yml +++ b/system/base/unattended_upgrades/tasks/main.yml @@ -4,13 +4,13 @@ name: "unattended-upgrades" - name: "configure unattended-upgrades" - ansible.builtin.copy: - src: "./50unattended-upgrades" + ansible.builtin.template: + src: "./50unattended-upgrades.j2" dest: "/etc/apt/apt.conf.d/50unattended-upgrades" mode: 0644 - name: "enable unattended-upgrades" - ansible.builtin.copy: - src: "./20auto-upgrades" + ansible.builtin.template: + src: "./20auto-upgrades.j2" dest: "/etc/apt/apt.conf.d/20auto-upgrades" mode: 0644 diff --git a/system/base/unattended_upgrades/templates/20auto-upgrades.j2 b/system/base/unattended_upgrades/templates/20auto-upgrades.j2 new file mode 100644 index 0000000..0d09e70 --- /dev/null +++ b/system/base/unattended_upgrades/templates/20auto-upgrades.j2 @@ -0,0 +1,2 @@ +APT::Periodic::Update-Package-Lists "{{ system_base_unattended_upgrades_n_days }}"; +APT::Periodic::Unattended-Upgrade "{{ system_base_unattended_upgrades_n_days }}"; diff --git a/system/base/unattended_upgrades/files/50unattended-upgrades b/system/base/unattended_upgrades/templates/50unattended-upgrades.j2 similarity index 98% rename from system/base/unattended_upgrades/files/50unattended-upgrades rename to system/base/unattended_upgrades/templates/50unattended-upgrades.j2 index 69ad7b6..cb63f2b 100644 --- a/system/base/unattended_upgrades/files/50unattended-upgrades +++ b/system/base/unattended_upgrades/templates/50unattended-upgrades.j2 @@ -44,6 +44,9 @@ Unattended-Upgrade::Origins-Pattern { // Python regular expressions, matching packages to exclude from upgrading Unattended-Upgrade::Package-Blacklist { +{% for package_regex in system_base_unattended_upgrades_blacklist %} + "{{ package_regex }}"; +{% endfor %} // The following matches all packages starting with linux- // "linux-";