debian: enable automatic upgrades only for virtual machines

And factor out VM stuff into a separate file.
2025-10-22 19:28:53 +02:00 · 2025-10-22 19:28:53 +02:00 · 2f02f1eb2c
commit 2f02f1eb2c
parent 6a5ebfe5b5
2 changed files with 15 additions and 13 deletions
--- a/roles/debian/tasks/main.yml
+++ b/roles/debian/tasks/main.yml
@ -89,19 +89,6 @@
  include_tasks: firewall.yml
  when: not is_proxmox # proxmox has its own firewall configuration

- name: Install automatic upgrade package
-  package:
-    name: unattended-upgrades
-
- name: Configure automatic upgrades
-  lineinfile:
-    path: /etc/apt/apt.conf.d/20auto-upgrades
-    create: yes
-    line: '{{ item }}'
-  loop:
-    - 'APT::Periodic::Update-Package-Lists "1";'
-    - 'APT::Periodic::Unattended-Upgrade "1";'
-
 - name: Run SSH instance in management VRF
  when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt')
  block:
@ -124,3 +111,6 @@
        name: sshd@mgmt
        enabled: yes
      notify: reboot
+
+- when: is_virtual
+  include_tasks: vm.yml
--- a/roles/debian/tasks/vm.yml
+++ b/roles/debian/tasks/vm.yml
@ -0,0 +1,12 @@
+- name: Install automatic upgrade package
+  package:
+    name: unattended-upgrades
+
+- name: Configure automatic upgrades
+  lineinfile:
+    path: /etc/apt/apt.conf.d/20auto-upgrades
+    create: yes
+    line: '{{ item }}'
+  loop:
+    - 'APT::Periodic::Update-Package-Lists "1";'
+    - 'APT::Periodic::Unattended-Upgrade "1";'