feat: Commit initial

ansible/roles/common/tasks/unattended-upgrades.yml

@@ -0,0 +1,40 @@
+---
+# Configure unattended-upgrades for automatic OS updates
+
+- name: Install unattended-upgrades package
+  apt:
+    name:
+      - unattended-upgrades
+      - apt-listchanges
+    state: present
+
+- name: Get hostname
+  set_fact:
+    current_hostname: "{{ ansible_hostname }}"
+
+- name: Set reboot time based on hostname
+  set_fact:
+    reboot_time: "{{ reboot_schedule[current_hostname] | default('03:00') }}"
+
+- name: Configure unattended-upgrades
+  template:
+    src: 50unattended-upgrades.j2
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
+    mode: '0644'
+  notify: restart unattended-upgrades
+
+- name: Enable automatic updates
+  copy:
+    dest: /etc/apt/apt.conf.d/20auto-upgrades
+    content: |
+      APT::Periodic::Update-Package-Lists "1";
+      APT::Periodic::Download-Upgradeable-Packages "1";
+      APT::Periodic::AutocleanInterval "7";
+      APT::Periodic::Unattended-Upgrade "1";
+    mode: '0644'
+
+- name: Start and enable unattended-upgrades service
+  systemd:
+    name: unattended-upgrades
+    state: started
+    enabled: yes