diff --git a/group_vars/all/upgrades.yaml b/group_vars/all/upgrades.yaml index 900fb2d..8761034 100644 --- a/group_vars/all/upgrades.yaml +++ b/group_vars/all/upgrades.yaml @@ -1,9 +1,9 @@ --- -install_time: "19:20" -reboot_time: "19:35" -reboot_offset: "10m" +install_time: "05:00" +reboot_time: "06:30" +reboot_offset: "20m" unattended_upgrade: - Mail: "admin@anyops.de push-info+tk_37c6vla7m9o4stn6ppm8c4l7m2kb6@pushin.anyops.de" + Mail: "admin@anyops.de, push-info+tk_37c6vla7m9o4stn6ppm8c4l7m2kb6@pushin.anyops.de" MailOnlyOnError: "true" DevRelease: auto "Package-Blacklist": [] diff --git a/roles/anyops_autoupgrade/tasks/main.yaml b/roles/anyops_autoupgrade/tasks/main.yaml index 45d33e5..7743bf2 100644 --- a/roles/anyops_autoupgrade/tasks/main.yaml +++ b/roles/anyops_autoupgrade/tasks/main.yaml @@ -5,6 +5,7 @@ - unattended-upgrades - apt-listchanges - update-notifier-common + - ssmtp - name: Create unattended upgrades configuration file ansible.builtin.blockinfile: @@ -37,33 +38,57 @@ src: unattended-upgrades.j2 dest: /tmp/test.conf +# - name: origins to upgrade +# ansible.builtin.lineinfile: +# dest: /etc/apt/apt.conf.d/50unattended-upgrades +# line: "\t\"{{ item }}\";" +# search_string: "\t\"{{ item }}\";" +# state: present +# insertafter: "^Unattended-Upgrade::Allowed-Origins" +# loop: +# # std ubuntu +# - '${distro_id}:${distro_codename}' +# - '${distro_id}:${distro_codename}-security' +# # ESM +# - '${distro_id}ESMApps:${distro_codename}-apps-security' +# - '${distro_id}ESM:${distro_codename}-infra-security' +# # crowdsec +# - 'packagecloud.io/crowdsec/crowdsec:${distro_codename}' +# # Docker +# - 'Docker:${distro_codename}' + +# # # "${distro_id}:${distro_codename}"; +# # # "${distro_id}:${distro_codename}-security"; +# # # "packagecloud.io/crowdsec/crowdsec:${distro_codename}"; +# # # "Docker:${distro_codename}"; + +# # "${distro_id}ESMApps:${distro_codename}-apps-security"; +# # "${distro_id}ESM:${distro_codename}-infra-security"; + - name: origins to upgrade + ansible.builtin.blockinfile: + dest: /etc/apt/apt.conf.d/50unattended-upgrades + block: | + Unattended-Upgrade::Origins-Pattern { + "o=*"; + } + marker: "// {mark} ANSIBLE MANAGED BLOCK - unattended_upgrades origins pattern" + loop: + + + +- name: notify mail address ansible.builtin.lineinfile: dest: /etc/apt/apt.conf.d/50unattended-upgrades - line: "\t\"{{ item }}\";" - search_string: "\t\"{{ item }}\";" + line: "Unattended-Upgrade::Mail \"{{ unattended_upgrade.Mail }}\";" + search_string: "^Unattended-Upgrade::Mail" + state: present +- name: notify mail sender + ansible.builtin.lineinfile: + dest: /etc/apt/apt.conf.d/50unattended-upgrades + line: "Unattended-Upgrade::Sender \"Unattended-upgrades service02 \";" + search_string: "^Unattended-Upgrade::Sender" state: present - insertafter: "^Unattended-Upgrade::Allowed-Origins" - loop: - # std ubuntu - - '${distro_id}:${distro_codename}' - - '${distro_id}:${distro_codename}-security' - # ESM - - '${distro_id}ESMApps:${distro_codename}-apps-security' - - '${distro_id}ESM:${distro_codename}-infra-security' - # crowdsec - - 'packagecloud.io/crowdsec/crowdsec:${distro_codename}' - # Docker - - 'Docker:${distro_codename}' - - # # "${distro_id}:${distro_codename}"; - # # "${distro_id}:${distro_codename}-security"; - # # "packagecloud.io/crowdsec/crowdsec:${distro_codename}"; - # # "Docker:${distro_codename}"; - - # "${distro_id}ESMApps:${distro_codename}-apps-security"; - # "${distro_id}ESM:${distro_codename}-infra-security"; - - name: Dpkg reconfigure ansible.builtin.command: @@ -82,7 +107,28 @@ - name: Configure updates installation timing offset ansible.builtin.lineinfile: - path: '/lib/systemd/system/apt-daily-upgrade.timer' + path: /lib/systemd/system/apt-daily-upgrade.timer regexp: '^RandomizedDelaySec' line: 'RandomizedDelaySec={{ reboot_offset }}' - notify: systemd reload \ No newline at end of file + notify: systemd reload + +- name: ssmtp config mailhub + ansible.builtin.lineinfile: + path: /etc/ssmtp/ssmtp.conf + regexp: ^mailhub + line: mailhub=muh.anyops.de +- name: ssmtp config rewriteDomain + ansible.builtin.lineinfile: + path: /etc/ssmtp/ssmtp.conf + regexp: ^rewriteDomain + line: rewriteDomain=anyops.de +- name: ssmtp config hostname + ansible.builtin.lineinfile: + path: /etc/ssmtp/ssmtp.conf + regexp: ^hostname + line: "hostname={{ ansible_host }}" +- name: ssmtp config FromLineOverride + ansible.builtin.lineinfile: + path: /etc/ssmtp/ssmtp.conf + regexp: ^FromLineOverride + line: FromLineOverride=YES