From efd832652378ac3720aa79df20a098dfcf04ebe6 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Wed, 16 Nov 2022 18:09:27 +0100
Subject: [PATCH 1/4] :wrench: Improve unattended-upgrades setup

According to https://github.com/hifis-net/ansible-role-unattended-upgrades#origins-patterns
---
 group-all.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/group-all.yml b/group-all.yml
index e840c91..0a0ed10 100644
--- a/group-all.yml
+++ b/group-all.yml
@@ -31,8 +31,8 @@
         name: hifis.unattended_upgrades
       vars:
         unattended_origins_patterns:
-          - "origin=Debian,archive={{ ansible_distribution_release }}-security"
-          - "o=Debian,a={{ ansible_distribution_release }}-updates"
+          - "origin=${ distro_id },archive=${ distro_codename }-security"
+          - "origin=${ distro_id },archive=${ distro_codename }-updates"
         unattended_package_blacklist: [cowsay]
         unattended_mail: "root"
 

From ebd8d13b25500a4474cf6c4ce25b79c67b9946cf Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Wed, 16 Nov 2022 21:28:04 +0100
Subject: [PATCH 2/4] :wrench: Install mailx

---
 group-all.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/group-all.yml b/group-all.yml
index 0a0ed10..7bf3267 100644
--- a/group-all.yml
+++ b/group-all.yml
@@ -42,3 +42,4 @@
         name:
           - molly-guard
           - mc
+          - bsd-mailx

From 9f1940fa8fa57274aa16818a860fef69ea239ac0 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Wed, 16 Nov 2022 18:12:08 +0100
Subject: [PATCH 3/4] :wrench: Send unattended-upgrades mail only on error

Otherwise an email will be sent on every upgrade
---
 group-all.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/group-all.yml b/group-all.yml
index 7bf3267..e46c4d7 100644
--- a/group-all.yml
+++ b/group-all.yml
@@ -35,6 +35,7 @@
           - "origin=${ distro_id },archive=${ distro_codename }-updates"
         unattended_package_blacklist: [cowsay]
         unattended_mail: "root"
+        unattended_mail_only_on_error: true
 
     - name: Install some common software packages
       ansible.builtin.apt:

From 02ef0e3409ed15f13212eb4ab282a9a5a9390102 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Wed, 16 Nov 2022 18:23:36 +0100
Subject: [PATCH 4/4] :wrench: Write unattended-upgrade actions to syslog

---
 group-all.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/group-all.yml b/group-all.yml
index e46c4d7..cd58700 100644
--- a/group-all.yml
+++ b/group-all.yml
@@ -36,6 +36,7 @@
         unattended_package_blacklist: [cowsay]
         unattended_mail: "root"
         unattended_mail_only_on_error: true
+        unattended_syslog_enable: true
 
     - name: Install some common software packages
       ansible.builtin.apt: