Configure unattended-upgrades

Signed-off-by: Emmy D'Anello <ynerant@emy.lu>

roles/apt/tasks/apt-listchanges.yml

@@ -0,0 +1,32 @@
+---
+# Install apt-listchanges
+- name: Install apt-listchanges
+  when: ansible_os_family == "Debian"
+  apt:
+    name: apt-listchanges
+    state: present
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+# Send email when there is something new
+- name: Configure apt-listchanges
+  ini_file:
+    path: /etc/apt/listchanges.conf
+    no_extra_spaces: true
+    section: apt
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    state: present
+    mode: 0644
+  loop:
+    - option: confirm
+      value: "true"
+
+    - option: email_address
+      value: "{{ apt.monitoring_mail }}"
+
+    - option: which
+      value: both
+...

roles/apt/tasks/apt-unattended.yml

@@ -0,0 +1,20 @@
+---
+- name: Install unattended-upgrades
+  when: ansible_os_family == "Debian"
+  apt:
+    name: unattended-upgrades
+    state: present
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Configure unattended-upgrades
+  template:
+    src: "apt/apt.conf.d/{{ item }}.j2"
+    dest: "/etc/apt/apt.conf.d/{{ item }}"
+    owner: root
+    mode: u=rw,g=r,o=r
+  loop:
+    - 50unattended-upgrades
+    - 20auto-upgrades

roles/apt/tasks/main.yml

@@ -59,3 +59,9 @@
 - name: Update APT cache
   apt:
     update_cache: true
+
+# APT-List Changes : send email with changelog
+- include_tasks: apt-listchanges.yml
+
+# APT Unattended upgrades
+- include_tasks: apt-unattended.yml