unattended upgrades

bundles/apt/files/20auto-upgrades

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";

bundles/apt/files/50unattended-upgrades

@@ -0,0 +1,3 @@
+Unattended-Upgrade::Origins-Pattern {
+  "origin=*";
+};

bundles/apt/items.py

@@ -103,3 +103,27 @@ for package, options in node.metadata.get('apt/packages', {}).items():
                 'action:apt_update',
             },
         }
+
+# unattended upgrades
+#
+# unattended-upgrades.service: delays shutdown if necessary
+# apt-daily.timer: performs apt update
+# apt-daily-upgrade.timer: performs apt upgrade
+
+files['/etc/apt/apt.conf.d/20auto-upgrades'] = {}
+files['/etc/apt/apt.conf.d/50unattended-upgrades'] = {}
+svc_systemd['unattended-upgrades.service'] = {
+    'needs': [
+        'pkg_apt:unattended-upgrades',
+    ],
+}
+svc_systemd['apt-daily.timer'] = {
+    'needs': [
+        'pkg_apt:unattended-upgrades',
+    ],
+}
+svc_systemd['apt-daily-upgrade.timer'] = {
+    'needs': [
+        'pkg_apt:unattended-upgrades',
+    ],
+}

bundles/apt/metadata.py

@@ -1,6 +1,8 @@
 defaults = {
     'apt': {
-        'packages': {},
+        'packages': {
+            'unattended-upgrades': {},
+        },
         'sources': set(),
     },
     'monitoring': {
@@ -8,12 +10,16 @@ defaults = {
             'apt upgradable': {
                 'vars.command': '/usr/lib/nagios/plugins/check_apt_upgradable',
                 'vars.sudo': True,
-                'check_interval': '1d',
+                'check_interval': '1h',
             },
             'current kernel': {
                 'vars.command': 'ls /boot/vmlinuz-* | sort -V | tail -n 1 | xargs -n1 basename | cut -d "-" -f 2- | grep -q "^$(uname -r)$"',
                 'check_interval': '1h',
             },
+            'apt reboot-required': {
+                'vars.command': 'ls /var/run/reboot-required 2> /dev/null && exit 1 || exit 0',
+                'check_interval': '1h',
+            },
         },
     },
 }