Merge branch 'dev-unattended-updates' into 'main'

Unattended updates and some system basics

See merge request roydfalk/ansible-base!4

roles/system_basics/handlers/main.json

@@ -0,0 +1,17 @@
+[
+	{
+		"name": "restart sshd",
+		"ansible.builtin.service": {
+			"name": "sshd",
+			"state": "restarted"
+		}
+	},
+	{
+		"name": "restart journal",
+		"ansible.builtin.service": {
+			"name": "systemd-journald",
+			"state": "restarted",
+			"enabled": true
+		}
+	}
+]

roles/unattended_upgrades/files/20auto-upgrades

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";

roles/unattended_upgrades/tasks/main.json

@@ -0,0 +1,48 @@
+[
+	{
+		"name": "install packages",
+		"become": true,
+		"ansible.builtin.apt": {
+			"update_cache": true,
+			"pkg": [
+				"unattended-upgrades",
+				"apt-listchanges"
+			]
+		}
+	},
+	{
+		"name": "Allow unattended reboots (1)",
+		"become": true,
+		"ansible.builtin.lineinfile": {
+			"dest": "/etc/apt/apt.conf.d/50unattended-upgrades",
+			"regexp": "^(//)?Unattended-Upgrade::Automatic-Reboot ",
+			"line": "Unattended-Upgrade::Automatic-Reboot \"true\";"
+		}
+	},
+	{
+		"name": "Allow unattended reboots (2)",
+		"become": true,
+		"ansible.builtin.lineinfile": {
+			"dest": "/etc/apt/apt.conf.d/50unattended-upgrades",
+			"regexp": "^(//)?Unattended-Upgrade::Automatic-Reboot-Time ",
+			"line": "Unattended-Upgrade::Automatic-Reboot-Time \"23:55\";"
+		}
+	},
+	{
+		"name": "Allow more origins for updates",
+		"become": true,
+		"ansible.builtin.lineinfile": {
+			"dest": "/etc/apt/apt.conf.d/50unattended-upgrades",
+			"regexp": "^(//\\s*)?\"\\$\\{distro_id\\}:\\$\\{distro_codename\\}-updates\";",
+			"line": "\"${distro_id}:${distro_codename}-updates\";"
+		}
+	},
+	{
+		"name": "Enable unattended upgrades",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "20auto-upgrades",
+			"dest": "/etc/apt/apt.conf.d/20auto-upgrades"
+		}
+	}
+]