From 3faddac3cf7dacb4875bb8dc8f3169fc0c292095 Mon Sep 17 00:00:00 2001
From: benjilegeek <benjilegeek@proton.me>
Date: Fri, 20 Mar 2026 00:23:40 +0100
Subject: [PATCH] add playbook for unattended upgrade

---
 playbooks/setup_unattended_upgrade.yml | 42 ++++++++++++++++++++++++++
 templates/50unattended-upgrades        | 14 +++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 playbooks/setup_unattended_upgrade.yml
 create mode 100644 templates/50unattended-upgrades

diff --git a/playbooks/setup_unattended_upgrade.yml b/playbooks/setup_unattended_upgrade.yml
new file mode 100644
index 0000000..4fcb820
--- /dev/null
+++ b/playbooks/setup_unattended_upgrade.yml
@@ -0,0 +1,42 @@
+- name: Setup unattended upgrades on debian  
+  hosts: all
+  become: yes
+  gather_facts: yes
+
+  tasks: 
+
+    - name: install packages (Debian)
+      apt:
+        name: [ unattended-upgrades, apt-listchanges, cron ]
+        update_cache: yes
+        state: present
+      when: ansible_facts['os_family'] == 'Debian'
+      tags:
+        - packages
+
+    - name: template unattended-upgrades config (Debian)
+      template:
+        src: /home/vashqlf/Code/Ansible/templates/50unattended-upgrades
+        dest: /etc/apt/apt.conf.d/50unattended-upgrades
+        owner: root
+        group: root
+        mode: 0644
+      when: ansible_facts['os_family'] == 'Debian'
+      tags:
+        - unattended
+
+    - name: restart unattended-upgrades service (Debian)
+      service:
+        name: unattended-upgrades
+        state: restarted
+      when: ansible_facts['os_family'] == 'Debian'
+      tags:
+        - unattended
+
+    - name: Setup Cronjob for unattended-upgrade
+      ansible.builtin.cron:
+        name: "Auto-Update"
+        minute: "30"
+        hour: "2"
+        job: "/usr/bin/unattended-upgrade"
+      when: ansible_facts['os_family'] == 'Debian'
diff --git a/templates/50unattended-upgrades b/templates/50unattended-upgrades
new file mode 100644
index 0000000..d7075ac
--- /dev/null
+++ b/templates/50unattended-upgrades
@@ -0,0 +1,14 @@
+// Automaticaly reboot after upgrade
+Unattended-Upgrade::Auto-Reboot "true";
+
+// Reboot even with logged in users
+Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
+
+// Remove dependencies that become useless after upgrade
+Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+
+// Remove unused dependencies after upgrade
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+
+// Enable logging to syslog
+Unattended-Upgrade::SyslogEnable "true";