jack
cbab48fb03
Updates ACME/Let's Encrypt contact email and unattended-upgrades config. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
---
|
|
- name: Install unattended-upgrades
|
|
ansible.builtin.apt:
|
|
name:
|
|
- unattended-upgrades
|
|
- apt-listchanges
|
|
state: present
|
|
|
|
- name: Configure unattended-upgrades
|
|
ansible.builtin.copy:
|
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
content: |
|
|
Unattended-Upgrade::Allowed-Origins {
|
|
"${distro_id}:${distro_codename}-security";
|
|
"${distro_id}ESMApps:${distro_codename}-apps-security";
|
|
"${distro_id}ESM:${distro_codename}-infra-security";
|
|
};
|
|
|
|
// Automatically reboot if required (kernel updates etc.)
|
|
Unattended-Upgrade::Automatic-Reboot "false";
|
|
|
|
// Remove unused dependencies
|
|
Unattended-Upgrade::Remove-Unused-Dependencies "true";
|
|
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
|
|
|
|
// Send email on errors (optional — comment out if no mail)
|
|
// Unattended-Upgrade::Mail "walava@tutamail.com";
|
|
|
|
// Minimum age of packages before auto-removing
|
|
Unattended-Upgrade::MinimalSteps "true";
|
|
mode: "0644"
|
|
|
|
- name: Enable automatic upgrades
|
|
ansible.builtin.copy:
|
|
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
|
content: |
|
|
APT::Periodic::Update-Package-Lists "1";
|
|
APT::Periodic::Unattended-Upgrade "1";
|
|
APT::Periodic::AutocleanInterval "7";
|
|
mode: "0644"
|
|
|
|
- name: Ensure unattended-upgrades service is running
|
|
ansible.builtin.systemd:
|
|
name: unattended-upgrades
|
|
state: started
|
|
enabled: true
|