From 3dce65ca563e36e7adb5feb582f4015d53c948e5 Mon Sep 17 00:00:00 2001 From: hkcomori Date: Mon, 19 Feb 2024 16:36:25 +0900 Subject: [PATCH] Add default vars to add Unattended-Upgrade::Allowed-Origins --- README.md | 6 ++++++ defaults/main.yml | 1 + templates/50unattended-upgrades.j2 | 3 +++ 3 files changed, 10 insertions(+) diff --git a/README.md b/README.md index 4f6f707..81d2a18 100644 --- a/README.md +++ b/README.md @@ -78,6 +78,12 @@ Whether to install/enable `yum-cron` (RedHat-based systems) or `unattended-upgra (Debian/Ubuntu only) A listing of packages that should not be automatically updated. + security_autoupdate_additional_origins: [] + # - "${distro_id}ESM:${distro_codename}-infra-security" + # - "Docker:${distro_codename}" + +(Debian/Ubuntu only) A listing of origins to reference. + security_autoupdate_reboot: false (Debian/Ubuntu only) Whether to reboot when needed during unattended upgrades. diff --git a/defaults/main.yml b/defaults/main.yml index b1010a3..1de2acc 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -17,6 +17,7 @@ security_sudoers_passworded: [] security_autoupdate_enabled: true security_autoupdate_blacklist: [] +security_autoupdate_additional_origins: [] # Autoupdate mail settings used on Debian/Ubuntu only. security_autoupdate_reboot: "false" diff --git a/templates/50unattended-upgrades.j2 b/templates/50unattended-upgrades.j2 index 297f696..827a100 100644 --- a/templates/50unattended-upgrades.j2 +++ b/templates/50unattended-upgrades.j2 @@ -11,6 +11,9 @@ Unattended-Upgrade::MailOnlyOnError "true"; Unattended-Upgrade::Allowed-Origins { "${distro_id} ${distro_codename}-security"; // "${distro_id} ${distro_codename}-updates"; +{% for origin in security_autoupdate_additional_origins %} + "{{ origin }}"; +{% endfor %} }; Unattended-Upgrade::Package-Blacklist{