Fixed unattended upgrades and configure time for updates/upgrades

Previously only unattended updates (i.e. apt update) was working. Unattended
upgrades (i.e. apt upgrade) are disabled by default and needed to be enabled
with a config file.

defaults/main.yml

@@ -1,2 +1,4 @@
 update:
   unattended: no
+  apt_daily_time: "*-*-* {{ 24|random(seed=(inventory_hostname + 'apt_daily_h')) }}:{{ 60|random(seed=(inventory_hostname + 'apt_daily_m')) }}"
+  apt_daily_upgrade_time: "*-*-* 6:{{ 60|random(seed=(inventory_hostname + 'apt_daily_upgrade_time')) }}"

handlers/main.yml

@@ -0,0 +1,11 @@
+- name: restart apt-daily.timer
+  ansible.builtin.systemd:
+    name: apt-daily.timer
+    daemon_reload: yes
+    state: restarted
+
+- name: restart apt-daily-upgrade.timer
+  ansible.builtin.systemd:
+    name: apt-daily-upgrade.timer
+    daemon_reload: yes
+    state: restarted

tasks/main.yml

@@ -9,20 +9,52 @@
   tags:
   - update
 
-- name: install unattended-upgrades
+- name: install unattended upgrades
   apt:
     name: unattended-upgrades
     purge: yes
     state: "{% if update.unattended %}present{% else %}absent{% endif %}"
 
-- name: configure unattended-upgrades
+- name: configure unattended upgrades
+  when: update.unattended
   ansible.builtin.copy:
     src: "50unattended-upgrades"
     dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
     owner: root
     group: root
     mode: 0644
+
+- name: overwrite apt-daily.timer
   when: update.unattended
+  ansible.builtin.template:
+    src: "apt-daily.timer.j2"
+    dest: "/etc/systemd/system/apt-daily.timer"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+  - restart apt-daily.timer
+
+- name: overwrite apt-daily-upgrade.timer
+  when: update.unattended
+  ansible.builtin.template:
+    src: "apt-daily-upgrade.timer.j2"
+    dest: "/etc/systemd/system/apt-daily-upgrade.timer"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+  - restart apt-daily-upgrade.timer
+
+- name: enable auto upgrades
+  when: update.unattended
+  ansible.builtin.copy:
+    src: "/usr/share/unattended-upgrades/20auto-upgrades"
+    dest: "/etc/apt/apt.conf.d/20auto-upgrades"
+    owner: root
+    group: root
+    mode: 0644
+    remote_src: yes
 
 - name: clean
   command: apt-get clean

templates/apt-daily-upgrade.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Daily apt upgrade and clean activities
+After=apt-daily.timer
+
+[Timer]
+OnCalendar={{ update.apt_daily_upgrade_time }}
+
+[Install]
+WantedBy=timers.target

templates/apt-daily.timer.j2

@@ -0,0 +1,8 @@
+[Unit]
+Description=Daily apt download activities
+
+[Timer]
+OnCalendar={{ update.apt_daily_time }}
+
+[Install]
+WantedBy=timers.target