Add variable for enabling automatic updates, but default to off.

2024-07-18 14:45:02 -07:00 · 2024-07-18 14:45:02 -07:00 · 8c7517068e
commit 8c7517068e
parent 355371af10
2 changed files with 7 additions and 11 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,3 +1,4 @@
 ---
 sysadmin_packages: []
 sysadmin_packages_custom: []
+debian_auto_updates: no
--- a/tasks/setup-Debian.yml
+++ b/tasks/setup-Debian.yml
@ -9,17 +9,12 @@
    regexp: '^no.*(ssh.*)$'
    replace: '\1'

- name: Check for Unattended-Upgrade
-  ansible.builtin.stat:
+- name: Ensure apt automatic upgrades are configured correctly
+  ansible.builtin.lineinfile:
    path: /etc/apt/apt.conf.d/20auto-upgrades
-  register: unattended_upgrade
-
- name: Ensure apt automatic upgrades are not enabled
-  lineinfile:
-    path: /etc/apt/apt.conf.d/20auto-upgrades
-    regexp: 'APT::Periodic::Unattended-Upgrade "1";'
-    line: 'APT::Periodic::Unattended-Upgrade "0";'
-  when: unattended_upgrade.stat.exists
+    regexp: 'APT::Periodic::Unattended-Upgrade "(.*)";'
+    line: 'APT::Periodic::Unattended-Upgrade "{{ "1" if debian_auto_updates | bool else "0" }}";'
+    create: yes

 - name: Ensure unnecessary packages from Ubuntu are removed.
  ansible.builtin.apt: