diff --git a/initializers/unattended-upgrades/configs/50unattended-upgrades b/initializers/unattended-upgrades/configs/50unattended-upgrades new file mode 100644 index 0000000..2282739 --- /dev/null +++ b/initializers/unattended-upgrades/configs/50unattended-upgrades @@ -0,0 +1,46 @@ +// KNEL Unattended-Upgrades Configuration +// Automatically install security updates + +Unattended-Upgrade { + // Automatically upgrade packages from these origins + Allowed-Origins { + "${distro_id}:${distro_codename}"; + "${distro_id}:${distro_codename}-security"; + "${distro_id}ESMApps:${distro_codename}-apps-security"; + "${distro_id}ESM:${distro_codename}-infra-security"; + }; + + // Package blacklist - never auto-upgrade these + Package-Blacklist { + }; + + // Send email to this address for problems or packages upgrades + // Uncomment and set to a valid email address for notifications + //Unattended-Upgrade::Mail "admin@knownelement.com"; + + // Remove unused automatically installed kernel-related packages + Remove-Unused-Kernel-Packages "true"; + + // Do automatic removal of newly unused dependencies after the upgrade + Remove-New-Unused-Dependencies "true"; + + // Remove unused dependencies + Remove-Unused-Dependencies "true"; + + // Automatically reboot *WITHOUT CONFIRMATION* if the file + // /var/run/reboot-required is found after the upgrade + Automatic-Reboot "false"; + + // If automatic reboot is enabled and the system needs to reboot, + // reboot at the specific time instead of immediately + //Automatic-Reboot-Time "02:00"; + + // Use apt bandwidth limit feature + //Acquire::http::Dl-Limit "70"; + + // Enable logging to syslog + SyslogEnable "true"; + + // Syslog facility + SyslogFacility "daemon"; +}; diff --git a/initializers/unattended-upgrades/configs/auto-upgrades b/initializers/unattended-upgrades/configs/auto-upgrades new file mode 100644 index 0000000..3cc2b6b --- /dev/null +++ b/initializers/unattended-upgrades/configs/auto-upgrades @@ -0,0 +1,7 @@ +// KNEL Auto-Upgrades Configuration +// Enable unattended-upgrades + +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::AutocleanInterval "7";