This commit is contained in:
Stefan Le Breton
parent
15b37c1caf
commit
ad72084a12
2 changed files with 75 additions and 29 deletions
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
install_time: "19:20"
|
install_time: "05:00"
|
||||||
reboot_time: "19:35"
|
reboot_time: "06:30"
|
||||||
reboot_offset: "10m"
|
reboot_offset: "20m"
|
||||||
unattended_upgrade:
|
unattended_upgrade:
|
||||||
Mail: "admin@anyops.de push-info+tk_37c6vla7m9o4stn6ppm8c4l7m2kb6@pushin.anyops.de"
|
Mail: "admin@anyops.de, push-info+tk_37c6vla7m9o4stn6ppm8c4l7m2kb6@pushin.anyops.de"
|
||||||
MailOnlyOnError: "true"
|
MailOnlyOnError: "true"
|
||||||
DevRelease: auto
|
DevRelease: auto
|
||||||
"Package-Blacklist": []
|
"Package-Blacklist": []
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
- unattended-upgrades
|
- unattended-upgrades
|
||||||
- apt-listchanges
|
- apt-listchanges
|
||||||
- update-notifier-common
|
- update-notifier-common
|
||||||
|
- ssmtp
|
||||||
|
|
||||||
- name: Create unattended upgrades configuration file
|
- name: Create unattended upgrades configuration file
|
||||||
ansible.builtin.blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
|
|
@ -37,33 +38,57 @@
|
||||||
src: unattended-upgrades.j2
|
src: unattended-upgrades.j2
|
||||||
dest: /tmp/test.conf
|
dest: /tmp/test.conf
|
||||||
|
|
||||||
|
# - name: origins to upgrade
|
||||||
|
# ansible.builtin.lineinfile:
|
||||||
|
# dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
|
# line: "\t\"{{ item }}\";"
|
||||||
|
# search_string: "\t\"{{ item }}\";"
|
||||||
|
# state: present
|
||||||
|
# insertafter: "^Unattended-Upgrade::Allowed-Origins"
|
||||||
|
# loop:
|
||||||
|
# # std ubuntu
|
||||||
|
# - '${distro_id}:${distro_codename}'
|
||||||
|
# - '${distro_id}:${distro_codename}-security'
|
||||||
|
# # ESM
|
||||||
|
# - '${distro_id}ESMApps:${distro_codename}-apps-security'
|
||||||
|
# - '${distro_id}ESM:${distro_codename}-infra-security'
|
||||||
|
# # crowdsec
|
||||||
|
# - 'packagecloud.io/crowdsec/crowdsec:${distro_codename}'
|
||||||
|
# # Docker
|
||||||
|
# - 'Docker:${distro_codename}'
|
||||||
|
|
||||||
|
# # # "${distro_id}:${distro_codename}";
|
||||||
|
# # # "${distro_id}:${distro_codename}-security";
|
||||||
|
# # # "packagecloud.io/crowdsec/crowdsec:${distro_codename}";
|
||||||
|
# # # "Docker:${distro_codename}";
|
||||||
|
|
||||||
|
# # "${distro_id}ESMApps:${distro_codename}-apps-security";
|
||||||
|
# # "${distro_id}ESM:${distro_codename}-infra-security";
|
||||||
|
|
||||||
- name: origins to upgrade
|
- name: origins to upgrade
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
|
block: |
|
||||||
|
Unattended-Upgrade::Origins-Pattern {
|
||||||
|
"o=*";
|
||||||
|
}
|
||||||
|
marker: "// {mark} ANSIBLE MANAGED BLOCK - unattended_upgrades origins pattern"
|
||||||
|
loop:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- name: notify mail address
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
line: "\t\"{{ item }}\";"
|
line: "Unattended-Upgrade::Mail \"{{ unattended_upgrade.Mail }}\";"
|
||||||
search_string: "\t\"{{ item }}\";"
|
search_string: "^Unattended-Upgrade::Mail"
|
||||||
|
state: present
|
||||||
|
- name: notify mail sender
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
|
line: "Unattended-Upgrade::Sender \"Unattended-upgrades service02 <admin@anyops.de>\";"
|
||||||
|
search_string: "^Unattended-Upgrade::Sender"
|
||||||
state: present
|
state: present
|
||||||
insertafter: "^Unattended-Upgrade::Allowed-Origins"
|
|
||||||
loop:
|
|
||||||
# std ubuntu
|
|
||||||
- '${distro_id}:${distro_codename}'
|
|
||||||
- '${distro_id}:${distro_codename}-security'
|
|
||||||
# ESM
|
|
||||||
- '${distro_id}ESMApps:${distro_codename}-apps-security'
|
|
||||||
- '${distro_id}ESM:${distro_codename}-infra-security'
|
|
||||||
# crowdsec
|
|
||||||
- 'packagecloud.io/crowdsec/crowdsec:${distro_codename}'
|
|
||||||
# Docker
|
|
||||||
- 'Docker:${distro_codename}'
|
|
||||||
|
|
||||||
# # "${distro_id}:${distro_codename}";
|
|
||||||
# # "${distro_id}:${distro_codename}-security";
|
|
||||||
# # "packagecloud.io/crowdsec/crowdsec:${distro_codename}";
|
|
||||||
# # "Docker:${distro_codename}";
|
|
||||||
|
|
||||||
# "${distro_id}ESMApps:${distro_codename}-apps-security";
|
|
||||||
# "${distro_id}ESM:${distro_codename}-infra-security";
|
|
||||||
|
|
||||||
|
|
||||||
- name: Dpkg reconfigure
|
- name: Dpkg reconfigure
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
|
|
@ -82,7 +107,28 @@
|
||||||
|
|
||||||
- name: Configure updates installation timing offset
|
- name: Configure updates installation timing offset
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: '/lib/systemd/system/apt-daily-upgrade.timer'
|
path: /lib/systemd/system/apt-daily-upgrade.timer
|
||||||
regexp: '^RandomizedDelaySec'
|
regexp: '^RandomizedDelaySec'
|
||||||
line: 'RandomizedDelaySec={{ reboot_offset }}'
|
line: 'RandomizedDelaySec={{ reboot_offset }}'
|
||||||
notify: systemd reload
|
notify: systemd reload
|
||||||
|
|
||||||
|
- name: ssmtp config mailhub
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/ssmtp/ssmtp.conf
|
||||||
|
regexp: ^mailhub
|
||||||
|
line: mailhub=muh.anyops.de
|
||||||
|
- name: ssmtp config rewriteDomain
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/ssmtp/ssmtp.conf
|
||||||
|
regexp: ^rewriteDomain
|
||||||
|
line: rewriteDomain=anyops.de
|
||||||
|
- name: ssmtp config hostname
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/ssmtp/ssmtp.conf
|
||||||
|
regexp: ^hostname
|
||||||
|
line: "hostname={{ ansible_host }}"
|
||||||
|
- name: ssmtp config FromLineOverride
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/ssmtp/ssmtp.conf
|
||||||
|
regexp: ^FromLineOverride
|
||||||
|
line: FromLineOverride=YES
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue