diff --git a/tasks/configure_autoupdate.yml b/tasks/configure_autoupdate.yml index caf98859009abc3c9d66a0317b26bcd690c1d14a..834cdb746d73694399cef0b67628e667a276e114 100644 --- a/tasks/configure_autoupdate.yml +++ b/tasks/configure_autoupdate.yml @@ -33,6 +33,7 @@ loop: - 'APT::Periodic::Update-Package-Lists "1";' - 'APT::Periodic::Unattended-Upgrade "1";' + - 'APT::Periodic::AutocleanInterval "7";' - name: configure unattended upgrade mail settings ansible.builtin.lineinfile: path: "/etc/apt/apt.conf.d/90unattended-upgrades-mail" @@ -50,6 +51,20 @@ ansible.builtin.file: path: "/etc/apt/apt.conf.d/51only-security-upgrades" state: absent + - name: cleanup after apt + ansible.builtin.lineinfile: + path: "/etc/apt/apt.conf.d/50unattended-upgrades" + create: true + mode: "0644" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + loop: + - regexp: '//Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";' + line: 'Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";' + - regexp: '//Unattended-Upgrade::Remove-New-Unused-Dependencies "true";' + line: 'Unattended-Upgrade::Remove-New-Unused-Dependencies "true";' + - regexp: '//Unattended-Upgrade::Remove-Unused-Dependencies "false";' + line: 'Unattended-Upgrade::Remove-Unused-Dependencies "false";' # based on: https://access.redhat.com/solutions/2823901 - name: Install & configurate autoupdate (RedHat)