--- - name: Autoupdate hosts: all tasks: - name: Create updates dir /usr/local/sbin/autoupdate.d ansible.builtin.file: path: /usr/local/sbin/autoupdate.d owner: root group: root state: directory mode: "0700" - name: /usr/local/sbin/autoupdate.sh blockinfile: path: /usr/local/sbin/autoupdate.sh mode: "0500" owner: root group: root create: yes marker: "# {mark} ANSIBLE MANAGED BLOCK" block: | . /etc/bash/gaboshlib.include g_nice g_lockfile g_all-to-syslog DISPLAY="" set -o pipefail for update in $(find /usr/local/sbin/autoupdate.d -name "*.update" -type f | sort) do g_echo "Running: $update" . "$update" #sleep 60 done backup: yes validate: /bin/bash -n %s - name: /usr/local/sbin/autoupdate.sh shebang lineinfile: path: /usr/local/sbin/autoupdate.sh insertbefore: BOF line: "#!/bin/bash" - name: /usr/local/sbin/autoupdate.d/debian.update blockinfile: path: /usr/local/sbin/autoupdate.d/debian.update mode: "0400" owner: root group: root create: yes marker: "# {mark} ANSIBLE MANAGED BLOCK" block: | g_echo_ok "Checking for systemupdates" apt-get update || g_echo_error "apt-get update fehlgeschlagen" if ! hostname | grep -q ".mint." then if ! apt-get -s dist-upgrade 2>&1 | sed -e "s/'/'\\\\''/g; 1s/^/'/; \$s/\$/'/" | tee $g_tmp/sys-updatelist | egrep "^0.+, 0 .+, 0 .+ 0 .+\." then g_echo_warn "Systemupdate wird eingespielt: $(cat $g_tmp/sys-updatelist)" DEBIAN_FRONTEND=noninteractive apt-get -yy dist-upgrade | sed -e "s/'/'\\\\''/g; 1s/^/'/; \$s/\$/'/" | tee $g_tmp/sys-update || g_echo_error "apt-get -yy dist-upgrade failed $($g_tmp/sys-update)" DEBIAN_FRONTEND=noninteractive needrestart -b -r a | egrep -q "^NEEDRESTART-KSTA: [2|3]" && g_echo_warn "Server Reboot benötigt" g_echo_warn $(DEBIAN_FRONTEND=noninteractive apt-get -yy --purge autoremove 2>&1 | egrep -A10 "^The following packages will be REMOVED:") DEBIAN_FRONTEND=noninteractive apt-get -yy autoclean g_echo_warn $(find /etc -name '.dpkg-' -o -name '.ucf-' -o -name '*.merge-error') DEBIAN_FRONTEND=noninteractive apt-get purge '~o' # sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list # sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list.d/* # sed -i 's/non-free/non-free non-free-firmware/g' /etc/apt/sources.list # sed -i 's/non-free/non-free non-free-firmware/g' /etc/apt/sources.list.d/* # DEBIAN_FRONTEND=noninteractive apt-get -yy upgrade --without-new-pkgs # DEBIAN_FRONTEND=noninteractive apt-get -yy full-upgrade fi fi [ -x /usr/bin/flatpak ] && flatpak update --system --noninteractive --force-remove backup: yes validate: /bin/bash -n %s - name: /usr/local/sbin/autoupdate.d/server.update blockinfile: path: /usr/local/sbin/autoupdate.d/server.update mode: "0400" owner: root group: root create: yes marker: "# {mark} ANSIBLE MANAGED BLOCK" block: | # Server-Config in Git cd /root [ -d /root/server-$(hostname -s) ] && rm -r /root/server-$(hostname -s) git clone ssh://git@gitea.ds9.dedyn.io:333/olli/server-$(hostname -s).git >/dev/null 2>&1 if [ -e /root/server-$(hostname -s)/$(hostname -s).sh ] then bash -x /root/server-$(hostname -s)/$(hostname -s).sh >/var/log/server-$(hostname -s)-update.log 2>&1 g_echo_warn "$(egrep -B1 "^changed" /var/log/server-$(hostname -s)-update.log)" g_echo_error "$(egrep -q -B1 -i '^error|^fatal' /var/log/server-$(hostname -s)-update.log && egrep -B50 '^error|^fatal' /var/log/server-$(hostname -s)-update.log)" else g_echo "no server-update-script found /root/server-$(hostname -s)/$(hostname -s).sh" fi [ -x /usr/local/sbin/mint-config-update.sh ] && /usr/local/sbin/mint-config-update.sh backup: yes validate: /bin/bash -n %s - name: /usr/local/sbin/autoupdate.d/client.update blockinfile: path: /usr/local/sbin/autoupdate.d/client.update mode: "0400" owner: root group: root create: yes marker: "# {mark} ANSIBLE MANAGED BLOCK" block: | # individual update script updatesrv="update.$(domainname -d)" if host ${updatesrv} >/dev/null 2>&1 then [ -s /etc/mymac ] || ip addr show $(ip route list | grep default | cut -d" " -f5) | grep "link/ether " | perl -pe 's/.*link\/ether //; s/:/-/g' | cut -d" " -f1 >/etc/mymac mac=$(cat /etc/mymac) usr=$(getent passwd 1000 | cut -d: -f1) hst=$(hostname | cut -d. -f1 | perl -pe 's/ //g') curl -s https://update.$(domainname -f)/${mac}--${usr}--${hst}.sh >${g_tmp}/update.sh head -n1 ${g_tmp}/update.sh | grep -q "^#!/bin/bash" && bash ${g_tmp}/update.sh fi backup: yes validate: /bin/bash -n %s - name: /etc/cron.d/autoupdate_local blockinfile: path: /etc/cron.d/autoupdate_local mode: "0400" owner: root group: root create: yes marker: "# {mark} ANSIBLE MANAGED BLOCK" block: | ## Auto-Update 5 6 * * * root /usr/local/sbin/autoupdate.sh backup: yes