add playbook for unattended upgrade

playbooks/setup_unattended_upgrade.yml

@@ -0,0 +1,42 @@
+- name: Setup unattended upgrades on debian  
+  hosts: all
+  become: yes
+  gather_facts: yes
+
+  tasks: 
+
+    - name: install packages (Debian)
+      apt:
+        name: [ unattended-upgrades, apt-listchanges, cron ]
+        update_cache: yes
+        state: present
+      when: ansible_facts['os_family'] == 'Debian'
+      tags:
+        - packages
+
+    - name: template unattended-upgrades config (Debian)
+      template:
+        src: /home/vashqlf/Code/Ansible/templates/50unattended-upgrades
+        dest: /etc/apt/apt.conf.d/50unattended-upgrades
+        owner: root
+        group: root
+        mode: 0644
+      when: ansible_facts['os_family'] == 'Debian'
+      tags:
+        - unattended
+
+    - name: restart unattended-upgrades service (Debian)
+      service:
+        name: unattended-upgrades
+        state: restarted
+      when: ansible_facts['os_family'] == 'Debian'
+      tags:
+        - unattended
+
+    - name: Setup Cronjob for unattended-upgrade
+      ansible.builtin.cron:
+        name: "Auto-Update"
+        minute: "30"
+        hour: "2"
+        job: "/usr/bin/unattended-upgrade"
+      when: ansible_facts['os_family'] == 'Debian'

templates/50unattended-upgrades

@@ -0,0 +1,14 @@
+// Automaticaly reboot after upgrade
+Unattended-Upgrade::Auto-Reboot "true";
+
+// Reboot even with logged in users
+Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
+
+// Remove dependencies that become useless after upgrade
+Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+
+// Remove unused dependencies after upgrade
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+
+// Enable logging to syslog
+Unattended-Upgrade::SyslogEnable "true";