change: add docker, elastic and gitlab to unattended upgrade origines

a7fd1fd5 · Théo - Le Filament · 67ed8d91 · a7fd1fd5 · a7fd1fd5
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -95,21 +95,24 @@
    purge: true
    state: absent
  when: ansible_os_family == "Debian" and inventory_hostname not in groups.maintenance_contract
+  tags: unattended-upgrade

 - name: Install Unattended Upgrades
  apt:
    name: "unattended-upgrades"
    state: present
  when: ansible_os_family == "Debian" and inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade

 - name: Copy Unattended Upgrades configuration
-  ansible.builtin.copy:
-    src: 'apt-unattended-upgrades'
+  template:
+    src: 'apt-unattended-upgrades.j2'
    dest: '/etc/apt/apt.conf.d/50unattended-upgrades'
    owner: root
    group: root
    mode: '0644'
  when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade

 - name: Create apt-daily timer directory if it does not exist
  ansible.builtin.file:
@@ -119,6 +122,7 @@
    group: root
    mode: '0755'
  when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade

 - name: override apt-daily timer
  ansible.builtin.copy:
@@ -128,6 +132,7 @@
    group: root
    mode: '0644'
  when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
  notify:
    - restart-apt-update-timer

@@ -139,6 +144,7 @@
    group: root
    mode: '0755'
  when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade

 - name: override apt-daily-upgrade timer
  ansible.builtin.copy:
@@ -148,6 +154,7 @@
    group: root
    mode: '0644'
  when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
  notify:
    - restart-apt-upgrade-timer


--- a/files/apt-unattended-upgrades
+++ b/files/apt-unattended-upgrades
@@ -2,6 +2,12 @@ Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}";
    "${distro_id}:${distro_codename}-security";
    "${distro_id}:${distro_codename}-updates";
+    "Docker:${distro_codename}";
+    "elastic:stable";
+{% if inventory_hostname in groups.gitlab %}
+    "packages.gitlab.com/gitlab/gitlab-ce:${distro_codename}";
+    "packages.gitlab.com/runner/gitlab-runner:${distro_codename}";
+{% endif %}
 };

 Unattended-Upgrade::Package-Blacklist {};