Add unattended upgrades setup
This commit is contained in:
parent
0499b896e1
commit
b9be376f13
5 changed files with 241 additions and 14 deletions
|
|
@ -44,3 +44,8 @@
|
|||
name: certbot
|
||||
state: restarted
|
||||
enabled: false
|
||||
|
||||
- name: Compile wezterm terminfo file
|
||||
become: true
|
||||
when: wezterm_copy.changed
|
||||
ansible.builtin.command: 'tic -x {{ ansible_env.HOME }}/.terminfo'
|
||||
|
|
|
|||
130
session
Normal file
130
session
Normal file
|
|
@ -0,0 +1,130 @@
|
|||
let SessionLoad = 1
|
||||
let s:so_save = &g:so | let s:siso_save = &g:siso | setg so=0 siso=0 | setl so=-1 siso=-1
|
||||
let v:this_session=expand("<sfile>:p")
|
||||
silent only
|
||||
silent tabonly
|
||||
cd ~/development/ansible/debian-setup
|
||||
if expand('%') == '' && !&modified && line('$') <= 1 && getline(1) == ''
|
||||
let s:wipebuf = bufnr('%')
|
||||
endif
|
||||
let s:shortmess_save = &shortmess
|
||||
if &shortmess =~ 'A'
|
||||
set shortmess=aoOA
|
||||
else
|
||||
set shortmess=aoO
|
||||
endif
|
||||
badd +15 playbook.yml
|
||||
badd +35 ~/development/ansible/debian-setup/tasks/setup.yml
|
||||
badd +0 templates/apt.j2
|
||||
badd +13 vars/main.yml
|
||||
argglobal
|
||||
%argdel
|
||||
$argadd playbook.yml
|
||||
edit ~/development/ansible/debian-setup/tasks/setup.yml
|
||||
let s:save_splitbelow = &splitbelow
|
||||
let s:save_splitright = &splitright
|
||||
set splitbelow splitright
|
||||
wincmd _ | wincmd |
|
||||
vsplit
|
||||
1wincmd h
|
||||
wincmd w
|
||||
wincmd _ | wincmd |
|
||||
split
|
||||
1wincmd k
|
||||
wincmd w
|
||||
let &splitbelow = s:save_splitbelow
|
||||
let &splitright = s:save_splitright
|
||||
wincmd t
|
||||
let s:save_winminheight = &winminheight
|
||||
let s:save_winminwidth = &winminwidth
|
||||
set winminheight=0
|
||||
set winheight=1
|
||||
set winminwidth=0
|
||||
set winwidth=1
|
||||
exe 'vert 1resize ' . ((&columns * 30 + 82) / 164)
|
||||
exe '2resize ' . ((&lines * 42 + 43) / 87)
|
||||
exe 'vert 2resize ' . ((&columns * 133 + 82) / 164)
|
||||
exe '3resize ' . ((&lines * 42 + 43) / 87)
|
||||
exe 'vert 3resize ' . ((&columns * 133 + 82) / 164)
|
||||
argglobal
|
||||
enew
|
||||
file NvimTree_1
|
||||
balt playbook.yml
|
||||
setlocal fdm=manual
|
||||
setlocal fde=v:lua.vim.treesitter.foldexpr()
|
||||
setlocal fmr={{{,}}}
|
||||
setlocal fdi=#
|
||||
setlocal fdl=99
|
||||
setlocal fml=1
|
||||
setlocal fdn=20
|
||||
setlocal nofen
|
||||
wincmd w
|
||||
argglobal
|
||||
balt vars/main.yml
|
||||
setlocal fdm=expr
|
||||
setlocal fde=v:lua.vim.treesitter.foldexpr()
|
||||
setlocal fmr={{{,}}}
|
||||
setlocal fdi=#
|
||||
setlocal fdl=99
|
||||
setlocal fml=1
|
||||
setlocal fdn=20
|
||||
setlocal fen
|
||||
1
|
||||
normal! zo
|
||||
11
|
||||
normal! zo
|
||||
21
|
||||
normal! zo
|
||||
let s:l = 32 - ((31 * winheight(0) + 21) / 42)
|
||||
if s:l < 1 | let s:l = 1 | endif
|
||||
keepjumps exe s:l
|
||||
normal! zt
|
||||
keepjumps 32
|
||||
normal! 0
|
||||
wincmd w
|
||||
argglobal
|
||||
if bufexists(fnamemodify("templates/apt.j2", ":p")) | buffer templates/apt.j2 | else | edit templates/apt.j2 | endif
|
||||
if &buftype ==# 'terminal'
|
||||
silent file templates/apt.j2
|
||||
endif
|
||||
balt playbook.yml
|
||||
setlocal fdm=expr
|
||||
setlocal fde=v:lua.vim.treesitter.foldexpr()
|
||||
setlocal fmr={{{,}}}
|
||||
setlocal fdi=#
|
||||
setlocal fdl=99
|
||||
setlocal fml=1
|
||||
setlocal fdn=20
|
||||
setlocal fen
|
||||
let s:l = 50 - ((41 * winheight(0) + 21) / 42)
|
||||
if s:l < 1 | let s:l = 1 | endif
|
||||
keepjumps exe s:l
|
||||
normal! zt
|
||||
keepjumps 50
|
||||
normal! 0
|
||||
wincmd w
|
||||
2wincmd w
|
||||
exe 'vert 1resize ' . ((&columns * 30 + 82) / 164)
|
||||
exe '2resize ' . ((&lines * 42 + 43) / 87)
|
||||
exe 'vert 2resize ' . ((&columns * 133 + 82) / 164)
|
||||
exe '3resize ' . ((&lines * 42 + 43) / 87)
|
||||
exe 'vert 3resize ' . ((&columns * 133 + 82) / 164)
|
||||
tabnext 1
|
||||
if exists('s:wipebuf') && len(win_findbuf(s:wipebuf)) == 0 && getbufvar(s:wipebuf, '&buftype') isnot# 'terminal'
|
||||
silent exe 'bwipe ' . s:wipebuf
|
||||
endif
|
||||
unlet! s:wipebuf
|
||||
set winheight=1 winwidth=20
|
||||
let &shortmess = s:shortmess_save
|
||||
let &winminheight = s:save_winminheight
|
||||
let &winminwidth = s:save_winminwidth
|
||||
let s:sx = expand("<sfile>:p:r")."x.vim"
|
||||
if filereadable(s:sx)
|
||||
exe "source " . fnameescape(s:sx)
|
||||
endif
|
||||
let &g:so = s:so_save | let &g:siso = s:siso_save
|
||||
set hlsearch
|
||||
nohlsearch
|
||||
doautoall SessionLoadPost
|
||||
unlet SessionLoad
|
||||
" vim: set ft=vim :
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
- name: copy firewall template
|
||||
- name: Copy firewall template
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 'templates/nftables.j2'
|
||||
dest: '/etc/nftables.conf'
|
||||
owner: root
|
||||
|
|
@ -8,9 +8,9 @@
|
|||
mode: '0644'
|
||||
notify: restart nftables
|
||||
|
||||
- name: copy ssh template
|
||||
- name: Copy ssh template
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 'templates/ssh.j2'
|
||||
dest: '/etc/ssh/sshd_config'
|
||||
owner: root
|
||||
|
|
@ -18,19 +18,29 @@
|
|||
mode: '0644'
|
||||
notify: reload ssh
|
||||
|
||||
# TODO: provision default grub menu entry for now
|
||||
# linux-image-6.1.0-17 kernel seems to break networking
|
||||
#
|
||||
|
||||
- name: copy wezterm terminfo file
|
||||
copy:
|
||||
- name: Copy wezterm terminfo file
|
||||
ansible.builtin.copy:
|
||||
src: 'files/wezterm.terminfo'
|
||||
dest: '{{ ansible_env.HOME }}/.terminfo'
|
||||
mode: '0755'
|
||||
notify: Compile wezterm terminfo file
|
||||
|
||||
- name: compile wezterm terminfo file
|
||||
- name: Disable user lingering
|
||||
become: true
|
||||
command: 'tic -x {{ ansible_env.HOME }}/.terminfo'
|
||||
ansible.builtin.command: 'loginctl disable-linger sonny'
|
||||
|
||||
- name: disable user lingering
|
||||
- name: Copy unattended upgrades configuration
|
||||
become: true
|
||||
command: 'loginctl disable-linger sonny'
|
||||
ansible.builtin.template:
|
||||
src: 'templates/unattended-upgrades.j2'
|
||||
dest: '/etc/apt/apt.conf.d/10periodic'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Enable unattended upgrades timer
|
||||
become: true
|
||||
ansible.builtin.systemd:
|
||||
name: apt-daily-upgrade.timer
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
|||
81
templates/unattended-upgrades.j2
Normal file
81
templates/unattended-upgrades.j2
Normal file
|
|
@ -0,0 +1,81 @@
|
|||
# This file understands the following apt configuration variables:
|
||||
# Values here are the default.
|
||||
# Create /etc/apt/apt.conf.d/10periodic file to set your preference.
|
||||
#
|
||||
# All of the n-days interval options also accept the suffixes
|
||||
# s for seconds, m for minutes, h for hours, d for days or
|
||||
# the "always" value to do the action for every job run,
|
||||
# which can be used with systemd OnCalendar overrides to
|
||||
# define custom schedules for the apt update/upgrade jobs.
|
||||
#
|
||||
# Dir "/";
|
||||
# - RootDir for all configuration files
|
||||
#
|
||||
# Dir::Cache "var/cache/apt/";
|
||||
# - Set apt package cache directory
|
||||
#
|
||||
# Dir::Cache::Archives "archives/";
|
||||
# - Set package archive directory
|
||||
#
|
||||
# APT::Periodic::Enable "1";
|
||||
# - Enable the update/upgrade script (0=disable)
|
||||
#
|
||||
# APT::Periodic::BackupArchiveInterval "0";
|
||||
# - Backup after n-days if archive contents changed.(0=disable)
|
||||
#
|
||||
# APT::Periodic::BackupLevel "3";
|
||||
# - Backup level.(0=disable), 1 is invalid.
|
||||
#
|
||||
# Dir::Cache::Backup "backup/";
|
||||
# - Set periodic package backup directory
|
||||
#
|
||||
# APT::Archives::MaxAge "0"; (old, deprecated)
|
||||
# APT::Periodic::MaxAge "0"; (new)
|
||||
# - Set maximum allowed age of a cache package file. If a cache
|
||||
# package file is older it is deleted (0=disable)
|
||||
#
|
||||
# APT::Archives::MinAge "2"; (old, deprecated)
|
||||
# APT::Periodic::MinAge "2"; (new)
|
||||
# - Set minimum age of a package file. If a file is younger it
|
||||
# will not be deleted (0=disable). Useful to prevent races
|
||||
# and to keep backups of the packages for emergency.
|
||||
#
|
||||
# APT::Archives::MaxSize "0"; (old, deprecated)
|
||||
# APT::Periodic::MaxSize "0"; (new)
|
||||
# - Set maximum size of the cache in MB (0=disable). If the cache
|
||||
# is bigger, cached package files are deleted until the size
|
||||
# requirement is met (the oldest packages will be deleted
|
||||
# first).
|
||||
#
|
||||
|
||||
APT::Periodic::Update-Package-Lists "1";
|
||||
# - Do "apt-get update" automatically every n-days (0=disable)
|
||||
#
|
||||
|
||||
APT::Periodic::Download-Upgradeable-Packages "1";
|
||||
# - Do "apt-get upgrade --download-only" every n-days (0=disable)
|
||||
#
|
||||
# APT::Periodic::Download-Upgradeable-Packages-Debdelta "1";
|
||||
# - Use debdelta-upgrade to download updates if available (0=disable)
|
||||
#
|
||||
#
|
||||
#
|
||||
APT::Periodic::Unattended-Upgrade "1";
|
||||
# - Run the "unattended-upgrade" security upgrade script
|
||||
# every n-days (0=disabled)
|
||||
# Requires the package "unattended-upgrades" and will write
|
||||
# a log in /var/log/unattended-upgrades
|
||||
#
|
||||
|
||||
APT::Periodic::AutocleanInterval "21";
|
||||
# - Do "apt-get autoclean" every n-days (0=disable)
|
||||
#
|
||||
# APT::Periodic::CleanInterval "0";
|
||||
# - Do "apt-get clean" every n-days (0=disable)
|
||||
#
|
||||
# APT::Periodic::Verbose "0";
|
||||
# - Send report mail to root
|
||||
# 0: no report (or null string)
|
||||
# 1: progress report (actually any string)
|
||||
# 2: + command outputs (remove -qq, remove 2>/dev/null, add -d)
|
||||
# 3: + trace on
|
||||
|
|
@ -10,3 +10,4 @@ packages:
|
|||
- gnupg
|
||||
- radeontop
|
||||
- certbot
|
||||
- unattended-upgrades
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue