--- - name: install packages apt: name: - unattended-upgrades - apt-listchanges - update-notifier-common - ssmtp - name: Create unattended upgrades configuration file ansible.builtin.blockinfile: dest: /etc/apt/apt.conf.d/20auto-upgrades block: | APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; marker: "// {mark} ANSIBLE MANAGED BLOCK - unattended_upgrades settings" create: true mode: "0644" owner: root group: root register: unattended_upgrades_config_set - name: Enable automated reboots ansible.builtin.blockinfile: dest: /etc/apt/apt.conf.d/50unattended-upgrades block: | Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-Time "{{ reboot_time }}"; marker: "// {mark} ANSIBLE MANAGED BLOCK - unattended_upgrades settings" create: true mode: "0644" owner: root group: root register: unattended_upgrades_settings_set - name: template configuration ansible.builtin.template: src: unattended-upgrades.j2 dest: /tmp/test.conf # - name: origins to upgrade # ansible.builtin.lineinfile: # dest: /etc/apt/apt.conf.d/50unattended-upgrades # line: "\t\"{{ item }}\";" # search_string: "\t\"{{ item }}\";" # state: present # insertafter: "^Unattended-Upgrade::Allowed-Origins" # loop: # # std ubuntu # - '${distro_id}:${distro_codename}' # - '${distro_id}:${distro_codename}-security' # # ESM # - '${distro_id}ESMApps:${distro_codename}-apps-security' # - '${distro_id}ESM:${distro_codename}-infra-security' # # crowdsec # - 'packagecloud.io/crowdsec/crowdsec:${distro_codename}' # # Docker # - 'Docker:${distro_codename}' # # # "${distro_id}:${distro_codename}"; # # # "${distro_id}:${distro_codename}-security"; # # # "packagecloud.io/crowdsec/crowdsec:${distro_codename}"; # # # "Docker:${distro_codename}"; # # "${distro_id}ESMApps:${distro_codename}-apps-security"; # # "${distro_id}ESM:${distro_codename}-infra-security"; - name: origins to upgrade ansible.builtin.blockinfile: dest: /etc/apt/apt.conf.d/50unattended-upgrades block: | Unattended-Upgrade::Origins-Pattern { "o=*"; } marker: "// {mark} ANSIBLE MANAGED BLOCK - unattended_upgrades origins pattern" loop: - name: notify mail address ansible.builtin.lineinfile: dest: /etc/apt/apt.conf.d/50unattended-upgrades line: "Unattended-Upgrade::Mail \"{{ unattended_upgrade.Mail }}\";" search_string: "^Unattended-Upgrade::Mail" state: present - name: notify mail sender ansible.builtin.lineinfile: dest: /etc/apt/apt.conf.d/50unattended-upgrades line: "Unattended-Upgrade::Sender \"Unattended-upgrades service02 \";" search_string: "^Unattended-Upgrade::Sender" state: present - name: Dpkg reconfigure ansible.builtin.command: cmd: dpkg-reconfigure -f noninteractive unattended-upgrades register: dpkg_reconfigure_unattended_upgrades when: - unattended_upgrades_config_set.changed or unattended_upgrades_settings_set.changed - name: Configure updates installation timing ansible.builtin.lineinfile: path: /lib/systemd/system/apt-daily-upgrade.timer regexp: '^OnCalendar' line: OnCalendar=*-*-* {{ install_time }} notify: systemd reload - name: Configure updates installation timing offset ansible.builtin.lineinfile: path: /lib/systemd/system/apt-daily-upgrade.timer regexp: '^RandomizedDelaySec' line: 'RandomizedDelaySec={{ reboot_offset }}' notify: systemd reload - name: ssmtp config mailhub ansible.builtin.lineinfile: path: /etc/ssmtp/ssmtp.conf regexp: ^mailhub line: mailhub=muh.anyops.de - name: ssmtp config rewriteDomain ansible.builtin.lineinfile: path: /etc/ssmtp/ssmtp.conf regexp: ^rewriteDomain line: rewriteDomain=anyops.de - name: ssmtp config hostname ansible.builtin.lineinfile: path: /etc/ssmtp/ssmtp.conf regexp: ^hostname line: "hostname={{ ansible_host }}" - name: ssmtp config FromLineOverride ansible.builtin.lineinfile: path: /etc/ssmtp/ssmtp.conf regexp: ^FromLineOverride line: FromLineOverride=YES