/
main.yml
81 lines (64 loc) · 2.71 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
---
# defaults file for ansible-debian-autoupdates
# Automatically reboot *WITHOUT CONFIRMATION* if the file /var/run/reboot-required
# is found after the upgrade
debian_autoupdates_auto_reboot: false
# If automatic reboot is enabled and needed, reboot at the specific time instead
# of immediately Default: "now"...ex. 02:00
debian_autoupdates_auto_reboot_time: now
# Defines if on a unclean dpkg exit unattended-upgrades will
# automatically run dpkg --force-confold --configure -a (Default: true)
debian_autoupdates_autofix_interrupted: true
# Use apt bandwidth limit feature, this example limits the download speed to 70kb/sec
debian_autoupdates_bandwidth_limit: 70
# Define packages to blacklist from upgrading
debian_autoupdates_blacklist:
- vim
- libc6
- libc6-dev
- libc6-i686
# Defines Automatically upgrade packages from these (origin:archive) pairs (Debian)
debian_autoupdates_debian_allowed_origins:
- Security
# Defines email address to receive reports
debian_autoupdates_email_address: root
# Defines if emails should only be sent on errors
debian_autoupdates_email_on_error_only: false
# Install all unattended-upgrades when the machine is shuting down instead of
# doing it in the background while the machine is running
debian_autoupdates_installonshutdown: false
# Split the upgrade into the smallest possible chunks so that they can be
# interrupted with SIGUSR1
debian_autoupdates_minimalsteps: false
debian_autoupdates_packages:
- apt-listchanges
- unattended-upgrades
# Do automatic removal of new unused dependencies after the upgrade
# (equivalent to apt-get autoremove)
debian_autoupdates_remove_unused_dependencies: false
# Define update schedules
debian_autoupdates_schedule:
# Do "apt-get autoclean" every n-days (0=disable)
apt_get_autoclean: 21
# Run the "unattended-upgrade" security upgrade script every n-days (0=disabled)
apt_get_unattended_upgrade: 1
# Do "apt-get update" automatically every n-days (0=disable)
apt_get_update: 1
# Do "apt-get upgrade --download-only" every n-days (0=disable)
apt_get_upgrade_dl_only: 1
# Defines Automatically upgrade packages from these (origin:archive) pairs (Ubuntu)
debian_autoupdates_ubuntu_allowed_origins:
# - backports
# - proposed
- security
# - updates
# Defines if updates should be enabled
enable_debian_autoupdates: true
# Defines if bandwidth limits for updates should be enforced...based on
# debian_autoupdates_bandwidth_limit
enable_debian_autoupdates_bandwidth_limit: false
# Defines if packages defined in debian_autoupdates_blacklist should be enabled
enable_debian_autoupdates_blacklist: false
# Defines if emails should be sent to email address configured in
# debian_autoupdates_email_address
enable_debian_autoupdates_email: false