From 8c7517068eefa7008b2c227fafd68037444b99a4 Mon Sep 17 00:00:00 2001
From: Brian Lee <blee@satstack.cloud>
Date: Thu, 18 Jul 2024 14:45:02 -0700
Subject: [PATCH] Add variable for enabling automatic updates, but default to
 off.

---
 defaults/main.yml      |  3 ++-
 tasks/setup-Debian.yml | 15 +++++----------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index b9afb63..b8ae51a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 sysadmin_packages: []
-sysadmin_packages_custom: []
\ No newline at end of file
+sysadmin_packages_custom: []
+debian_auto_updates: no
\ No newline at end of file
diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml
index 4221b45..efc62e4 100644
--- a/tasks/setup-Debian.yml
+++ b/tasks/setup-Debian.yml
@@ -9,17 +9,12 @@
     regexp: '^no.*(ssh.*)$'
     replace: '\1'
 
-- name: Check for Unattended-Upgrade
-  ansible.builtin.stat:
+- name: Ensure apt automatic upgrades are configured correctly
+  ansible.builtin.lineinfile:
     path: /etc/apt/apt.conf.d/20auto-upgrades
-  register: unattended_upgrade
-
-- name: Ensure apt automatic upgrades are not enabled
-  lineinfile:
-    path: /etc/apt/apt.conf.d/20auto-upgrades
-    regexp: 'APT::Periodic::Unattended-Upgrade "1";'
-    line: 'APT::Periodic::Unattended-Upgrade "0";'
-  when: unattended_upgrade.stat.exists
+    regexp: 'APT::Periodic::Unattended-Upgrade "(.*)";'
+    line: 'APT::Periodic::Unattended-Upgrade "{{ "1" if debian_auto_updates | bool else "0" }}";'
+    create: yes
 
 - name: Ensure unnecessary packages from Ubuntu are removed.
   ansible.builtin.apt: