brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-08 21:34:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
102d0c7c51d14dd009ead8e276859afd83262a8a
oam/ansible/playbooks/os.automatic-upgrades.setup.yml
Michele Cereda 102d0c7c51 chore: extend automatic updates' resources
2025-06-18 19:37:27 +02:00

50 lines
1.6 KiB
YAML
Raw Blame History

---
- name: Configure automatic updates
tags: configure_automatic_updates
hosts: all
tasks:
- name: Configure 'unattended-upgrades' on APT-based systems
when: ansible_pkg_mgr | lower == 'apt'
block:
- name: Install 'unattended-upgrades'
become: true
ansible.builtin.apt:
name: unattended-upgrades
install_recommends: false
update_cache: true
- name: Configure 'unattended-upgrades'
become: true
ansible.builtin.copy:
dest: /etc/apt/apt.conf.d/20auto-upgrades
content: |-
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
owner: root
group: root
mode: u=rw,g=r,o=r
backup: true
- name: Test configuration with a dry run
tags:
- never
- test_unattended_upgrades
become: true
ansible.builtin.command: unattended-upgrade --dry-run
- name: Configure 'unattended-upgrades' on DNF and YUM-based systems
when: ansible_pkg_mgr | lower in ['dnf', 'yum']
block:
- name: Install a cron daemon
become: true
ansible.builtin.package:
name: chrony
- name: Create the cron job
ansible.builtin.copy:
dest: /etc/cron.daily/security-updates
content: |-
#!/bin/bash
{{ ansible_pkg_mgr }} -y upgrade --bugfix --security
owner: root
group: root
mode: u=rwx,g=rx,o=rx
backup: true
Reference in New Issue View Git Blame Copy Permalink