Add configuration options to unattended_upgrades

This commit is contained in:
Wojciech Kozlowski 2023-02-25 10:40:11 +01:00
parent b22e1ba3d0
commit 483780a828
6 changed files with 23 additions and 6 deletions

View File

@ -0,0 +1,3 @@
---
system_base_unattended_upgrades_n_days: 1
system_base_unattended_upgrades_blacklist: []

View File

@ -1,2 +0,0 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

View File

@ -0,0 +1,11 @@
---
argument_specs:
main:
options:
system_base_unattended_upgrades_n_days:
type: "int"
required: true
system_base_unattended_upgrades_blacklist:
type: "list"
elements: "str"
required: true

View File

@ -4,13 +4,13 @@
name: "unattended-upgrades"
- name: "configure unattended-upgrades"
ansible.builtin.copy:
src: "./50unattended-upgrades"
ansible.builtin.template:
src: "./50unattended-upgrades.j2"
dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
mode: 0644
- name: "enable unattended-upgrades"
ansible.builtin.copy:
src: "./20auto-upgrades"
ansible.builtin.template:
src: "./20auto-upgrades.j2"
dest: "/etc/apt/apt.conf.d/20auto-upgrades"
mode: 0644

View File

@ -0,0 +1,2 @@
APT::Periodic::Update-Package-Lists "{{ system_base_unattended_upgrades_n_days }}";
APT::Periodic::Unattended-Upgrade "{{ system_base_unattended_upgrades_n_days }}";

View File

@ -44,6 +44,9 @@ Unattended-Upgrade::Origins-Pattern {
// Python regular expressions, matching packages to exclude from upgrading
Unattended-Upgrade::Package-Blacklist {
{% for package_regex in system_base_unattended_upgrades_blacklist %}
"{{ package_regex }}";
{% endfor %}
// The following matches all packages starting with linux-
// "linux-";