initial (#1)

# ansible-role-template

# ansible_role-unattended_upgrades

Install & configure `unattended-upgrades` package and configure systemd apt timers.

unattended_upgrades_enable: true

unattended_upgrades_reboot: true

unattended_upgrades_reboot_time: "06:45"

unattended_upgrades_update_calendar: "*-*-* 6,18:00"

unattended_upgrades_update_delay: "12h"

unattended_upgrades_upgrade_calendar: "*-*-* 22:00"

unattended_upgrades_upgrade_delay: "60m"

- name: Restart unattended-upgrades service

  ansible.builtin.systemd:

    state: restarted

    enabled: true

    masked: false

    daemon_reload: true

    name: unattended-upgrades.service

- name: Reload systemd

  ansible.builtin.systemd:

    daemon_reload: true

- name: Install packages

  ansible.builtin.apt:

    state: present

    update_cache: true

    install_recommends: false

    pkg:

      - unattended-upgrades

      - powermgmt-base

      - python3-gi

  tags:

    - unattended_upgrades

- name: Template a file to /etc/apt/apt.conf.d/20auto-upgrades

  ansible.builtin.copy:

    content: |

      APT::Periodic::Update-Package-Lists "1";

      APT::Periodic::Unattended-Upgrade "{{ unattended_upgrades_enable | ternary('1', '0') }}";

    dest: /etc/apt/apt.conf.d/20auto-upgrades

    owner: root

    group: root

    mode: "0644"

  notify: Restart unattended-upgrades service

  tags:

    - unattended_upgrades

- name: Template a file to /etc/apt/apt.conf.d/50unattended-upgrades

  ansible.builtin.copy:

    content: |

      Unattended-Upgrade::Origins-Pattern {

          "o=*";

      };

      Unattended-Upgrade::AutoFixInterruptedDpkg "true";

      Unattended-Upgrade::MinimalSteps "true";

      Unattended-Upgrade::InstallOnShutdown "false";

      Unattended-Upgrade::Mail "root";

      Unattended-Upgrade::MailOnlyOnError "false";

      Unattended-Upgrade::Remove-Unused-Dependencies "true";

      Unattended-Upgrade::Automatic-Reboot-Time "{{ unattended_upgrades_reboot_time | default('06:45') }}";

      Unattended-Upgrade::Automatic-Reboot "{{ unattended_upgrades_reboot | default(true) | bool }}";

    dest: /etc/apt/apt.conf.d/50unattended-upgrades

    owner: root

    group: root

    mode: "0644"

  notify: Restart unattended-upgrades service

  tags:

    - unattended_upgrades

- name: Template a file to /etc/systemd/system/apt-daily.timer

  ansible.builtin.copy:

    content: |

      [Unit]

      Description=Daily apt download activities

      [Timer]

      OnCalendar={{ unattended_upgrades_update_calendar }}

      RandomizedDelaySec={{ unattended_upgrades_update_delay }}

      Persistent=true

      [Install]

      WantedBy=timers.target

    dest: /etc/systemd/system/apt-daily.timer

    owner: root

    group: root

    mode: "0644"

  notify: Reload systemd

  tags:

    - unattended_upgrades

- name: Template a file to /etc/systemd/system/apt-daily-upgrade.timer

  ansible.builtin.copy:

    content: |

      [Unit]

      Description=Daily apt upgrade and clean activities

      After=apt-daily.timer

      [Timer]

      OnCalendar={{ unattended_upgrades_upgrade_calendar }}

      RandomizedDelaySec={{ unattended_upgrades_upgrade_delay }}

      Persistent=true

      [Install]

      WantedBy=timers.target

    dest: /etc/systemd/system/apt-daily-upgrade.timer

    owner: root

    group: root

    mode: "0644"

  notify: Reload systemd

  tags:

    - unattended_upgrades