From 73fd06fe3a182586d59c1a6231f44b7d0f036080 Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Mon, 7 Apr 2025 09:41:53 +0300 Subject: [PATCH] roles/common: remove cron-apt Use unattended-upgrades instead. It has sane defaults on Debian at least (I haven't checked Ubuntu). --- roles/common/files/etc/cron-apt/3-download | 2 -- roles/common/files/etc/cron-apt/config | 5 ----- roles/common/tasks/cron-apt.yml | 20 ++++++++++++------- roles/common/tasks/packages_Debian.yml | 4 ++-- .../common/templates/security.sources.list.j2 | 5 ----- 5 files changed, 15 insertions(+), 21 deletions(-) delete mode 100644 roles/common/files/etc/cron-apt/3-download delete mode 100644 roles/common/files/etc/cron-apt/config delete mode 100644 roles/common/templates/security.sources.list.j2 diff --git a/roles/common/files/etc/cron-apt/3-download b/roles/common/files/etc/cron-apt/3-download deleted file mode 100644 index 93d2631..0000000 --- a/roles/common/files/etc/cron-apt/3-download +++ /dev/null @@ -1,2 +0,0 @@ -autoclean -y -upgrade -y -o APT::Get::Show-Upgraded=true diff --git a/roles/common/files/etc/cron-apt/config b/roles/common/files/etc/cron-apt/config deleted file mode 100644 index d477d94..0000000 --- a/roles/common/files/etc/cron-apt/config +++ /dev/null @@ -1,5 +0,0 @@ -# Configuration for cron-apt. For further information about the possible -# configuration settings see the README file. - -MAILON="never" -OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list -o Dir::Etc::SourceParts=\"/dev/null\"" diff --git a/roles/common/tasks/cron-apt.yml b/roles/common/tasks/cron-apt.yml index 303dd8f..857f95c 100644 --- a/roles/common/tasks/cron-apt.yml +++ b/roles/common/tasks/cron-apt.yml @@ -1,11 +1,17 @@ --- -- name: Configure cron-apt (config) - ansible.builtin.copy: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }} owner={{ item.owner }} group={{ item.group }} - loop: - - { src: etc/cron-apt/config, dest: /etc/cron-apt/config, mode: "0644", owner: root, group: root } - - { src: etc/cron-apt/3-download, dest: /etc/cron-apt/action.d/3-download, mode: "0644", owner: root, group: root } +- name: Remove cron-apt + ansible.builtin.apt: + name: cron-apt + state: absent + cache_valid_time: 3600 -- name: Configure cron-apt (security) - ansible.builtin.template: src=security.sources.list.j2 dest=/etc/apt/security.sources.list mode=0644 owner=root group=root +- name: Remove cron-apt configs + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: + - /etc/cron-apt/config + - /etc/cron-apt/action.d/3-download + - /etc/apt/security.sources.list # vim: set ts=2 sw=2: diff --git a/roles/common/tasks/packages_Debian.yml b/roles/common/tasks/packages_Debian.yml index 760bd8d..72dc1b3 100644 --- a/roles/common/tasks/packages_Debian.yml +++ b/roles/common/tasks/packages_Debian.yml @@ -22,7 +22,6 @@ - iotop - htop - strace - - cron-apt - safe-rm - debian-goodies - mosh @@ -34,11 +33,12 @@ - zstd - rsync - lsof + - unattended-upgrades - name: Install base packages ansible.builtin.apt: name={{ base_packages }} state=present cache_valid_time=3600 - - name: Configure cron-apt + - name: Remove cron-apt ansible.builtin.import_tasks: cron-apt.yml tags: cron-apt diff --git a/roles/common/templates/security.sources.list.j2 b/roles/common/templates/security.sources.list.j2 deleted file mode 100644 index a39c060..0000000 --- a/roles/common/templates/security.sources.list.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{% if ansible_distribution == 'Ubuntu' %} -deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted universe multiverse -{% elif ansible_distribution == 'Debian' %} -deb http://security.debian.org/debian-security {{ ansible_distribution_release }}/updates main contrib non-free -{% endif %}