diff --git a/tasks/main.yml b/tasks/main.yml index d512d455af50a215792d3b3da9da984e817cf88a..3783e2aacd3bb39f555447c710a3102693768494 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -95,21 +95,24 @@ purge: true state: absent when: ansible_os_family == "Debian" and inventory_hostname not in groups.maintenance_contract + tags: unattended-upgrade - name: Install Unattended Upgrades apt: name: "unattended-upgrades" state: present when: ansible_os_family == "Debian" and inventory_hostname in groups.maintenance_contract + tags: unattended-upgrade - name: Copy Unattended Upgrades configuration - ansible.builtin.copy: - src: 'apt-unattended-upgrades' + template: + src: 'apt-unattended-upgrades.j2' dest: '/etc/apt/apt.conf.d/50unattended-upgrades' owner: root group: root mode: '0644' when: inventory_hostname in groups.maintenance_contract + tags: unattended-upgrade - name: Create apt-daily timer directory if it does not exist ansible.builtin.file: @@ -119,6 +122,7 @@ group: root mode: '0755' when: inventory_hostname in groups.maintenance_contract + tags: unattended-upgrade - name: override apt-daily timer ansible.builtin.copy: @@ -128,6 +132,7 @@ group: root mode: '0644' when: inventory_hostname in groups.maintenance_contract + tags: unattended-upgrade notify: - restart-apt-update-timer @@ -139,6 +144,7 @@ group: root mode: '0755' when: inventory_hostname in groups.maintenance_contract + tags: unattended-upgrade - name: override apt-daily-upgrade timer ansible.builtin.copy: @@ -148,6 +154,7 @@ group: root mode: '0644' when: inventory_hostname in groups.maintenance_contract + tags: unattended-upgrade notify: - restart-apt-upgrade-timer diff --git a/files/apt-unattended-upgrades b/templates/apt-unattended-upgrades.j2 similarity index 83% rename from files/apt-unattended-upgrades rename to templates/apt-unattended-upgrades.j2 index a5cc28f3acc83c772263baa2edf31cf9d8a31041..37519209bbeaecb8711487c1a1abbf0f6e3fa6ab 100644 --- a/files/apt-unattended-upgrades +++ b/templates/apt-unattended-upgrades.j2 @@ -1,7 +1,13 @@ Unattended-Upgrade::Allowed-Origins { - "${distro_id}:${distro_codename}"; - "${distro_id}:${distro_codename}-security"; - "${distro_id}:${distro_codename}-updates"; + "${distro_id}:${distro_codename}"; + "${distro_id}:${distro_codename}-security"; + "${distro_id}:${distro_codename}-updates"; + "Docker:${distro_codename}"; + "elastic:stable"; +{% if inventory_hostname in groups.gitlab %} + "packages.gitlab.com/gitlab/gitlab-ce:${distro_codename}"; + "packages.gitlab.com/runner/gitlab-runner:${distro_codename}"; +{% endif %} }; Unattended-Upgrade::Package-Blacklist {};