Ansible role for putting (debian) systems into a sane state.
By default, there is no coordination between apt-daily.timer (which refreshes the apt package index and may download packages) and apt-daily-upgrade.timer (which actually installs updates). That means that (due to RandomizedDelaySec=12h on apt-daily.timer and the default schedule of 6:00 and 18:00 daily), there is a worst-case delay of 12h between updating package indices and applying upgrades. In the current climate of really fast-paced updates, that is not acceptable to me. This commit: - makes unattended-upgrades run effectively at a 4h interval - schedules it s.t. it is likely to complete just before a reboot is allowed once per day - ensures that package caches are always fresh when unattended-upgrades is run. We still don't control the propagation of updated packages into the mirrors we use, but this is better than nothing. |
||
|---|---|---|
| defaults | ||
| handlers | ||
| tasks | ||
| templates | ||
| LICENSE | ||