From 53349e3ece0c634d905a5c98e67ec5f74a26a6b9 Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andreas.mundt@steinbeisschule-reutlingen.de>
Date: Wed, 4 Oct 2023 13:42:01 +0200
Subject: [PATCH] Fix unattended-upgrades.

---
 lmn-desktop.yml | 17 ++++++++++++++---
 lmn-laptop.yml  | 14 ++++++++++++++
 lmn-teacher.yml | 14 ++++++++++++++
 3 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/lmn-desktop.yml b/lmn-desktop.yml
index 565a49f..0465cc8 100644
--- a/lmn-desktop.yml
+++ b/lmn-desktop.yml
@@ -11,7 +11,7 @@
       register: adpw
       no_log: true
       when: "ansible_cmdline.adpw is not defined"
-    - name: preseed apparmor
+    - name: Preseed apparmor
       debconf:
         name: apparmor
         question: apparmor/homedirs
@@ -19,6 +19,12 @@
           /srv/samba/schools/default-school/teachers/
           /srv/samba/schools/default-school/students/*/
         vtype: string
+    - name: Preseed unattended-upgrades
+      debconf:
+        name: unattended-upgrades
+        question: unattended-upgrades/enable_auto_updates
+        value: True
+        vtype: boolean
 
   vars:
     domain: "{{ ansible_domain }}"
@@ -121,10 +127,15 @@
         - /srv/samba/schools
         - /srv/samba/schools/default-school
 
-
+    - name: Fix unattended-upgrades
+      ansible.builtin.copy:
+        dest: /etc/apt/apt.conf.d/20auto-upgrades
+        content: |
+          APT::Periodic::Update-Package-Lists "1";
+          APT::Periodic::Unattended-Upgrade "1";
 
 ## bullseye fixes:
-    - name: add bookworm firmware repository if needed
+    - name: Add bookworm firmware repository if needed
       apt_repository:
         repo: deb http://deb.debian.org/debian/ bookworm non-free-firmware
         state: present
diff --git a/lmn-laptop.yml b/lmn-laptop.yml
index fc2d0ab..0974cab 100644
--- a/lmn-laptop.yml
+++ b/lmn-laptop.yml
@@ -19,6 +19,12 @@
           /srv/samba/schools/default-school/teachers/
           /srv/samba/schools/default-school/students/*/
         vtype: string
+    - name: Preseed unattended-upgrades
+      debconf:
+        name: unattended-upgrades
+        question: unattended-upgrades/enable_auto_updates
+        value: True
+        vtype: boolean
 
   vars:
     domain: "{{ ansible_domain }}"
@@ -69,3 +75,11 @@
     - kerberize
     - lmn_wlan
     - lmn_security
+
+  tasks:
+    - name: Fix unattended-upgrades
+      ansible.builtin.copy:
+        dest: /etc/apt/apt.conf.d/20auto-upgrades
+        content: |
+          APT::Periodic::Update-Package-Lists "1";
+          APT::Periodic::Unattended-Upgrade "1";
diff --git a/lmn-teacher.yml b/lmn-teacher.yml
index de9ec93..0a5cc4d 100644
--- a/lmn-teacher.yml
+++ b/lmn-teacher.yml
@@ -4,6 +4,14 @@
   hosts: all
   remote_user: ansible
   become: yes
+  pre_tasks:
+    - name: Preseed unattended-upgrades
+      debconf:
+        name: unattended-upgrades
+        question: unattended-upgrades/enable_auto_updates
+        value: True
+        vtype: boolean
+
   vars:
     domain: "{{ ansible_domain }}"
     kerberize_uris: steinbeis.schule
@@ -56,3 +64,9 @@
         dest: /etc/pam.d/common-session
         line: "session  optional        pam_mkhomedir.so  umask=0022"
         insertbefore: "# end of pam-auth-update config"
+    - name: Fix unattended-upgrades
+      ansible.builtin.copy:
+        dest: /etc/apt/apt.conf.d/20auto-upgrades
+        content: |
+          APT::Periodic::Update-Package-Lists "1";
+          APT::Periodic::Unattended-Upgrade "1";