roles/common: remove cron-apt

Use unattended-upgrades instead. It has sane defaults on Debian at
least (I haven't checked Ubuntu).
This commit is contained in:
Alan Orth 2025-04-07 09:41:53 +03:00
parent 88cb3a370e
commit 73fd06fe3a
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
5 changed files with 15 additions and 21 deletions

View File

@ -1,2 +0,0 @@
autoclean -y
upgrade -y -o APT::Get::Show-Upgraded=true

View File

@ -1,5 +0,0 @@
# Configuration for cron-apt. For further information about the possible
# configuration settings see the README file.
MAILON="never"
OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list -o Dir::Etc::SourceParts=\"/dev/null\""

View File

@ -1,11 +1,17 @@
---
- name: Configure cron-apt (config)
ansible.builtin.copy: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }} owner={{ item.owner }} group={{ item.group }}
loop:
- { src: etc/cron-apt/config, dest: /etc/cron-apt/config, mode: "0644", owner: root, group: root }
- { src: etc/cron-apt/3-download, dest: /etc/cron-apt/action.d/3-download, mode: "0644", owner: root, group: root }
- name: Remove cron-apt
ansible.builtin.apt:
name: cron-apt
state: absent
cache_valid_time: 3600
- name: Configure cron-apt (security)
ansible.builtin.template: src=security.sources.list.j2 dest=/etc/apt/security.sources.list mode=0644 owner=root group=root
- name: Remove cron-apt configs
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- /etc/cron-apt/config
- /etc/cron-apt/action.d/3-download
- /etc/apt/security.sources.list
# vim: set ts=2 sw=2:

View File

@ -22,7 +22,6 @@
- iotop
- htop
- strace
- cron-apt
- safe-rm
- debian-goodies
- mosh
@ -34,11 +33,12 @@
- zstd
- rsync
- lsof
- unattended-upgrades
- name: Install base packages
ansible.builtin.apt: name={{ base_packages }} state=present cache_valid_time=3600
- name: Configure cron-apt
- name: Remove cron-apt
ansible.builtin.import_tasks: cron-apt.yml
tags: cron-apt

View File

@ -1,5 +0,0 @@
{% if ansible_distribution == 'Ubuntu' %}
deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted universe multiverse
{% elif ansible_distribution == 'Debian' %}
deb http://security.debian.org/debian-security {{ ansible_distribution_release }}/updates main contrib non-free
{% endif %}