From a7fd1fd52a9b517437e5a203a7dc0d795bf99d3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20-=20Le=20Filament?= <theo@le-filament.com>
Date: Tue, 16 May 2023 10:55:05 +0200
Subject: [PATCH] change: add docker, elastic and gitlab to unattended upgrade
 origines

---
 tasks/main.yml                                       | 11 +++++++++--
 .../apt-unattended-upgrades.j2                       | 12 +++++++++---
 2 files changed, 18 insertions(+), 5 deletions(-)
 rename files/apt-unattended-upgrades => templates/apt-unattended-upgrades.j2 (83%)

diff --git a/tasks/main.yml b/tasks/main.yml
index d512d45..3783e2a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -95,21 +95,24 @@
     purge: true
     state: absent
   when: ansible_os_family == "Debian" and inventory_hostname not in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: Install Unattended Upgrades
   apt:
     name: "unattended-upgrades"
     state: present
   when: ansible_os_family == "Debian" and inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: Copy Unattended Upgrades configuration
-  ansible.builtin.copy:
-    src: 'apt-unattended-upgrades'
+  template:
+    src: 'apt-unattended-upgrades.j2'
     dest: '/etc/apt/apt.conf.d/50unattended-upgrades'
     owner: root
     group: root
     mode: '0644'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: Create apt-daily timer directory if it does not exist
   ansible.builtin.file:
@@ -119,6 +122,7 @@
     group: root
     mode: '0755'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: override apt-daily timer
   ansible.builtin.copy:
@@ -128,6 +132,7 @@
     group: root
     mode: '0644'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
   notify:
     - restart-apt-update-timer
 
@@ -139,6 +144,7 @@
     group: root
     mode: '0755'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
 
 - name: override apt-daily-upgrade timer
   ansible.builtin.copy:
@@ -148,6 +154,7 @@
     group: root
     mode: '0644'
   when: inventory_hostname in groups.maintenance_contract
+  tags: unattended-upgrade
   notify:
     - restart-apt-upgrade-timer
 
diff --git a/files/apt-unattended-upgrades b/templates/apt-unattended-upgrades.j2
similarity index 83%
rename from files/apt-unattended-upgrades
rename to templates/apt-unattended-upgrades.j2
index a5cc28f..3751920 100644
--- a/files/apt-unattended-upgrades
+++ b/templates/apt-unattended-upgrades.j2
@@ -1,7 +1,13 @@
 Unattended-Upgrade::Allowed-Origins {
-	"${distro_id}:${distro_codename}";
-	"${distro_id}:${distro_codename}-security";
-	"${distro_id}:${distro_codename}-updates";
+    "${distro_id}:${distro_codename}";
+    "${distro_id}:${distro_codename}-security";
+    "${distro_id}:${distro_codename}-updates";
+    "Docker:${distro_codename}";
+    "elastic:stable";
+{% if inventory_hostname in groups.gitlab %}
+    "packages.gitlab.com/gitlab/gitlab-ce:${distro_codename}";
+    "packages.gitlab.com/runner/gitlab-runner:${distro_codename}";
+{% endif %}
 };
 
 Unattended-Upgrade::Package-Blacklist {};
-- 
GitLab