From 55d99a68fc3dcea02cf0f4f82ec0279e0a8c07d5 Mon Sep 17 00:00:00 2001
From: olli <olli@gabosh.net>
Date: Sun, 10 Jul 2022 10:48:13 +0200
Subject: [PATCH] first commit

---
 README.md      |  0
 autoupdate.yml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 README.md
 create mode 100644 autoupdate.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/autoupdate.yml b/autoupdate.yml
new file mode 100644
index 0000000..0a81a0a
--- /dev/null
+++ b/autoupdate.yml
@@ -0,0 +1,74 @@
+---
+- name: Autoupdate
+  hosts: all
+  tasks:
+
+    - name: Create updates dir /usr/local/sbin/autoupdate.d
+      ansible.builtin.file:
+        path: /usr/local/sbin/autoupdate.d
+        owner: root
+        group: root
+        state: directory
+        mode: "0700"
+
+    - name: /usr/local/sbin/autoupdate.sh
+      blockinfile:
+        path: /usr/local/sbin/autoupdate.sh
+        mode: "0500"
+        owner: root
+        group: root
+        create: yes
+        marker: "# {mark} ANSIBLE MANAGED BLOCK"
+        block: |
+          . /etc/bash/gaboshlib.include
+          g_nice
+          g_lockfile
+          g_all-to-syslog
+          set -o pipefail
+          find /usr/local/sbin/autoupdate.d -name "*.update" -type f | sort | while read update
+          do
+            g_echo "Running: $update"
+            . "$update"
+            sleep 60
+          done
+        backup: yes
+        validate: /bin/bash -n %s
+
+    - name: /usr/local/sbin/autoupdate.sh shebang
+      lineinfile:
+        path: /usr/local/sbin/autoupdate.sh
+        insertbefore: BOF
+        line: "#!/bin/bash"
+
+    - name: /usr/local/sbin/autoupdate.d/debian.update
+      blockinfile:
+        path: /usr/local/sbin/autoupdate.d/debian.update
+        mode: "0400"
+        owner: root
+        group: root
+        create: yes
+        marker: "# {mark} ANSIBLE MANAGED BLOCK"
+        block: |
+          g_echo_ok "Prüfe auf Systemupdates"
+          apt-get update || g_echo_error "apt-get update fehlgeschlagen"
+          if ! apt-get -s dist-upgrade 2>&1 | sed -e "s/'/'\\\\''/g; 1s/^/'/; \$s/\$/'/" | tee $g_tmp/sys-updatelist | egrep "^0.+, 0 .+, 0 .+ 0 .+\."
+          then
+            g_echo_warn "Systemupdate wird eingespielt: $(cat $g_tmp/sys-updatelist)"
+            DEBIAN_FRONTEND=noninteractive apt-get -yy dist-upgrade | sed -e "s/'/'\\\\''/g; 1s/^/'/; \$s/\$/'/" | tee $g_tmp/sys-update || g_echo_error "apt-get -yy dist-upgrade failed $($g_tmp/sys-update)"
+            DEBIAN_FRONTEND=noninteractive needrestart -b -r a | egrep -q "^NEEDRESTART-KSTA: [2|3]" && g_echo_warn "Server Reboot benötigt"
+          fi
+        backup: yes
+        validate: /bin/bash -n %s
+
+    - name: /etc/cron.d/autoupdate_local
+      blockinfile:
+        path: /etc/cron.d/autoupdate_local
+        mode: "0400"
+        owner: root
+        group: root
+        create: yes
+        marker: "# {mark} ANSIBLE MANAGED BLOCK"
+        block: |
+          ## Auto-Update
+          5 6 * * * root /usr/local/sbin/autoupdate.sh
+        backup: yes