From 2fdfbaf1f04872947a4926befdaf5f490b9d9daa Mon Sep 17 00:00:00 2001 From: Julian Rother Date: Sat, 11 Dec 2021 13:15:21 +0100 Subject: [PATCH] Run unattended-upgrades for all repos/origins Per default unattended-upgrades is configured to only update/upgrade packages from official Debian and Debian Security repos. This change removes all limitations. --- files/50unattended-upgrades | 6 ++++++ tasks/main.yml | 11 ++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 files/50unattended-upgrades diff --git a/files/50unattended-upgrades b/files/50unattended-upgrades new file mode 100644 index 0000000..fd62386 --- /dev/null +++ b/files/50unattended-upgrades @@ -0,0 +1,6 @@ +Unattended-Upgrade::Origins-Pattern { + "origin=*"; +}; + +Unattended-Upgrade::Package-Blacklist { +}; diff --git a/tasks/main.yml b/tasks/main.yml index 5b16043..312c4c7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -7,12 +7,21 @@ tags: - update -- name: setup unattended updates +- name: install unattended-upgrades apt: name: unattended-upgrades purge: yes state: "{% if update.unattended %}present{% else %}absent{% endif %}" +- name: configure unattended-upgrades + ansible.builtin.copy: + src: "50unattended-upgrades" + dest: "/etc/apt/apt.conf.d/50unattended-upgrades" + owner: root + group: root + mode: 0644 + when: update.unattended + - name: clean command: apt-get clean changed_when: False