[FIX] unattended upgrade only if in full_maintenance

tasks/main.yml

@@ -94,14 +94,14 @@
       autoremove: true
       purge: true
       state: absent
-  when: ansible_os_family == "Debian" and inventory_hostname not in groups.maintenance_contract
+  when: ansible_os_family == "Debian" and inventory_hostname not in groups.full_maintenance
   tags: unattended-upgrade
 
 - name: Install Unattended Upgrades
   ansible.builtin.apt:
       name: "unattended-upgrades"
       state: present
-  when: ansible_os_family == "Debian" and inventory_hostname in groups.maintenance_contract
+  when: ansible_os_family == "Debian" and inventory_hostname in groups.full_maintenance
   tags: unattended-upgrade
 
 - name: Enable apt auto upgrades
@@ -120,7 +120,7 @@
       owner: root
       group: root
       mode: '0644'
-  when: inventory_hostname in groups.maintenance_contract
+  when: inventory_hostname in groups.full_maintenance
   tags: unattended-upgrade
 
 - name: Create apt-daily timer directory if it does not exist
@@ -130,7 +130,7 @@
       owner: root
       group: root
       mode: '0755'
-  when: inventory_hostname in groups.maintenance_contract
+  when: inventory_hostname in groups.full_maintenance
   tags: unattended-upgrade
 
 - name: Override apt-daily timer
@@ -140,7 +140,7 @@
       owner: root
       group: root
       mode: '0644'
-  when: inventory_hostname in groups.maintenance_contract
+  when: inventory_hostname in groups.full_maintenance
   tags: unattended-upgrade
   notify:
       - Restart apt-update-timer
@@ -152,7 +152,7 @@
       owner: root
       group: root
       mode: '0755'
-  when: inventory_hostname in groups.maintenance_contract
+  when: inventory_hostname in groups.full_maintenance
   tags: unattended-upgrade
 
 - name: Override apt-daily-upgrade timer
@@ -162,7 +162,7 @@
       owner: root
       group: root
       mode: '0644'
-  when: inventory_hostname in groups.maintenance_contract
+  when: inventory_hostname in groups.full_maintenance
   tags: unattended-upgrade
   notify:
       - Restart apt-upgrade-timer
@@ -319,13 +319,14 @@
   changed_when: false
   register: known_hosts_line
   with_items: "{{ groups.backup_server }}"
+  when: inventory_hostname in groups.maintenance_contract
 
 - name: Add backup servers in root known host
   ansible.builtin.known_hosts:
       hash_host: true
       key: "{{ hostvars[item['item']].host_server_known_entry }}"
       name: "[{{ hostvars[item['item']].ansible_host }}]:{{ default_sshd_port }}"
-  when: item.found is not defined
+  when: inventory_hostname in groups.maintenance_contract and item.found is not defined
   with_items: "{{ known_hosts_line.results }}"
 
 - name: Copy Installed Package Listing script on server
@@ -335,6 +336,7 @@
       owner: root
       group: root
       mode: '0700'
+  when: inventory_hostname in groups.maintenance_contract
 
 - name: Disable e-mailing of crontab
   ansible.builtin.cron:
@@ -348,3 +350,4 @@
       minute: "43"
       hour: "0"
       job: /root/collect_installed_packages_facts.sh
+  when: inventory_hostname in groups.maintenance_contract