Add unattended upgrades setup

tasks/setup.yml

@@ -1,6 +1,6 @@
-- name: copy firewall template
+- name: Copy firewall template
   become: true
-  template:
+  ansible.builtin.template:
     src: 'templates/nftables.j2'
     dest: '/etc/nftables.conf'
     owner: root
@@ -8,9 +8,9 @@
     mode: '0644'
   notify: restart nftables
 
-- name: copy ssh template
+- name: Copy ssh template
   become: true
-  template:
+  ansible.builtin.template:
     src: 'templates/ssh.j2'
     dest: '/etc/ssh/sshd_config'
     owner: root
@@ -18,19 +18,29 @@
     mode: '0644'
   notify: reload ssh
 
-# TODO: provision default grub menu entry for now
-# linux-image-6.1.0-17 kernel seems to break networking
- #
-
-- name: copy wezterm terminfo file
-  copy:
+- name: Copy wezterm terminfo file
+  ansible.builtin.copy:
     src: 'files/wezterm.terminfo'
     dest: '{{ ansible_env.HOME }}/.terminfo'
+    mode: '0755'
+  notify: Compile wezterm terminfo file
 
-- name: compile wezterm terminfo file
+- name: Disable user lingering
   become: true
-  command: 'tic -x {{ ansible_env.HOME }}/.terminfo'
+  ansible.builtin.command: 'loginctl disable-linger sonny'
 
-- name: disable user lingering
+- name: Copy unattended upgrades configuration
   become: true
-  command: 'loginctl disable-linger sonny'
+  ansible.builtin.template:
+    src: 'templates/unattended-upgrades.j2'
+    dest: '/etc/apt/apt.conf.d/10periodic'
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Enable unattended upgrades timer
+  become: true
+  ansible.builtin.systemd:
+    name: apt-daily-upgrade.timer
+    state: started
+    enabled: true