Add variable for enabling automatic updates, but default to off.
This commit is contained in:
parent
355371af10
commit
8c7517068e
@ -1,3 +1,4 @@
|
|||||||
---
|
---
|
||||||
sysadmin_packages: []
|
sysadmin_packages: []
|
||||||
sysadmin_packages_custom: []
|
sysadmin_packages_custom: []
|
||||||
|
debian_auto_updates: no
|
@ -9,17 +9,12 @@
|
|||||||
regexp: '^no.*(ssh.*)$'
|
regexp: '^no.*(ssh.*)$'
|
||||||
replace: '\1'
|
replace: '\1'
|
||||||
|
|
||||||
- name: Check for Unattended-Upgrade
|
- name: Ensure apt automatic upgrades are configured correctly
|
||||||
ansible.builtin.stat:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/apt/apt.conf.d/20auto-upgrades
|
path: /etc/apt/apt.conf.d/20auto-upgrades
|
||||||
register: unattended_upgrade
|
regexp: 'APT::Periodic::Unattended-Upgrade "(.*)";'
|
||||||
|
line: 'APT::Periodic::Unattended-Upgrade "{{ "1" if debian_auto_updates | bool else "0" }}";'
|
||||||
- name: Ensure apt automatic upgrades are not enabled
|
create: yes
|
||||||
lineinfile:
|
|
||||||
path: /etc/apt/apt.conf.d/20auto-upgrades
|
|
||||||
regexp: 'APT::Periodic::Unattended-Upgrade "1";'
|
|
||||||
line: 'APT::Periodic::Unattended-Upgrade "0";'
|
|
||||||
when: unattended_upgrade.stat.exists
|
|
||||||
|
|
||||||
- name: Ensure unnecessary packages from Ubuntu are removed.
|
- name: Ensure unnecessary packages from Ubuntu are removed.
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
|
Loading…
Reference in New Issue
Block a user