1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
<?php
return [
# Cache update time for apt module
'unattended_cache_valid_time' => 3600,
#Unattended-Upgrade::Origins-Pattern
# Automatically upgrade packages from these origin patterns
# e.g.: 'o=Debian,a=stable', 'o=Debian,a=stable-updates'
#
# Left unset, distribution-specific defaults will be used through
# __unattended_origins_patterns variable only if this variable
# is not provided externally
# REFS https://github.com/ansible/ansible/issues/8121
#'unattended_origins_patterns' => [],
'__unattended_origins_patterns' => [
'o=${distro_id},a=${distro_codename}-security',
],
#Unattended-Upgrade::Package-Blacklist
# List of packages to not update
'unattended_package_blacklist' => [],
#Unattended-Upgrade::AutoFixInterruptedDpkg
# On a unclean dpkg exit unattended-upgrades will run
# dpkg --force-confold --configure -a
# The default is true, to ensure updates keep getting installed
'unattended_autofix_interrupted_dpkg' => true,
#Unattended-Upgrade::MinimalSteps
# Split the upgrade into the smallest possible chunks so that
# they can be interrupted with SIGUSR1. This makes the upgrade
# a bit slower but it has the benefit that shutdown while a upgrade
# is running is possible (with a small delay)
'unattended_minimal_steps' => true,
#Unattended-Upgrade::InstallOnShutdown
# Install all unattended-upgrades when the machine is shuting down
# instead of doing it in the background while the machine is running
# This will (obviously) make shutdown slower
'unattended_install_on_shutdown' => false,
#Unattended-Upgrade::Mail
# Send email to this address for problems or packages upgrades
# If empty or unset then no email is sent, make sure that you
# have a working mail setup on your system. A package that provides
# 'mailx' must be installed.
'unattended_mail' => false,
#Unattended-Upgrade::MailOnlyOnError
# Set this value to "true" to get emails only on errors. Default
# is to always send a mail if Unattended-Upgrade::Mail is set
'unattended_mail_only_on_error' => false,
#Unattended-Upgrade::Remove-Unused-Dependencies
# Do automatic removal of all unused dependencies after the upgrade
# (equivalent to apt-get autoremove)
'unattended_remove_unused_dependencies' => false,
#Unattended-Upgrade::Remove-New-Unused-Dependencies
# Remove any new unused dependencies after the upgrade
'unattended_remove_new_unused_dependencies' => true,
#Unattended-Upgrade::Automatic-Reboot
# Automatically reboot *WITHOUT CONFIRMATION* if a
# the file /var/run/reboot-required is found after the upgrade
'unattended_automatic_reboot' => false,
#Unattended-Upgrade::Automatic-Reboot-Time
# If automatic reboot is enabled and needed, reboot at the specific
# time instead of immediately
'unattended_automatic_reboot_time' => false,
#Unattended-Upgrade::IgnoreAppsRequireRestart
# Do upgrade application even if it requires restart after upgrade
# I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file
'unattended_ignore_apps_require_restart' => false,
#Unattended-Upgrade::SyslogEnable
# Write events to syslog, which is useful in environments where syslog
# messages are sent to a central store.
'unattended_syslog_enable' => false,
#Unattended-Upgrade::SyslogFacility
# Write events to the specified syslog facility, or the daemon facility if
# not specified. Requires the Unattended-Upgrade::SyslogEnable option to be
# set to true.
#'unattended_syslog_facility' => 'daemon',
### APT::Periodic configuration
# Snatched from /usr/lib/apt/apt.systemd.daily
#APT::Periodic::Update-Package-Lists "0";
# - Do "apt-get update" automatically every n-days (0=disable)
'unattended_update_package_list' => 1,
#APT::Periodic::Download-Upgradeable-Packages "0";
# - Do "apt-get upgrade --download-only" every n-days (0=disable)
#'unattended_download_upgradeable' => 0,
#APT::Periodic::AutocleanInterval "0";
# - Do "apt-get autoclean" every n-days (0=disable)
'unattended_autoclean_interval' => 7,
#APT::Periodic::CleanInterval "0";
# - Do "apt-get clean" every n-days (0=disable)
#'unattended_clean_interval' => 0,
#APT::Periodic::Verbose "0";
# - Send report mail to root
# 0: no report (or null string)
# 1: progress report (actually any string)
# 2: + command outputs (remove -qq, remove 2>/dev/null, add -d)
# 3: + trace on
#'unattended_verbose' => 0,
## Cron systems only
#APT::Periodic::RandomSleep
# When the apt job starts, it will sleep for a random period between 0
# and APT::Periodic::RandomSleep seconds
# The default value is "1800" so that the script will stall for up to 30
# minutes (1800 seconds) so that the mirror servers are not crushed by
# everyone running their updates all at the same time
# Kept undefined to allow default (1800)
#'unattended_random_sleep' => 0,
#Dpkg::Options
# Provide dpkg options that take effect during unattended upgrades.
# By default no flags are appended. Configuration file changes can
# block installation of certain packages. Passing the flags
# "--force-confdef" and "--force-confold" will ensure updates are applied
# and old configuration files are preserved.
'unattended_dpkg_options' => [],
# 'unattended_dpkg_options' => [
# '--force-confdef',
# '--force-confold',
# ],
# Use apt bandwidth limit feature, this example limits the download speed to 70kb/sec
#'unattended_dl_limit' => 70,
];
|