From 10ec47aa656cd9d377a3f541bd9fb905345ebd02 Mon Sep 17 00:00:00 2001
From: Dennis Eriksen <d@ennis.no>
Date: Sun, 20 Oct 2019 08:39:38 +0200
Subject: adding unattended-upgrades and removing debugging-tools

---
 mkosi.default                                      |  7 +----
 mkosi.skeleton/etc/apt/apt.conf.d/20auto-upgrades  |  9 ++++++
 .../etc/apt/apt.conf.d/50unattended-upgrades       | 34 ++++++++++++++++++++++
 3 files changed, 44 insertions(+), 6 deletions(-)
 create mode 100644 mkosi.skeleton/etc/apt/apt.conf.d/20auto-upgrades
 create mode 100644 mkosi.skeleton/etc/apt/apt.conf.d/50unattended-upgrades

diff --git a/mkosi.default b/mkosi.default
index a0ff7f7..340f6d0 100644
--- a/mkosi.default
+++ b/mkosi.default
@@ -11,12 +11,8 @@ Output=/var/lib/machines/kanboard
 [Packages]
 WithNetwork=yes
 Packages=
-    iputils-ping
-    vim
+    unattended-upgrades
     curl
-    iproute2
-    dnsutils
-    net-tools
     ca-certificates
     locales
     openssl
@@ -28,5 +24,4 @@ Packages=
     php-mbstring
     php-pgsql
     php-xml
-    vim
     wget
diff --git a/mkosi.skeleton/etc/apt/apt.conf.d/20auto-upgrades b/mkosi.skeleton/etc/apt/apt.conf.d/20auto-upgrades
new file mode 100644
index 0000000..4c725ab
--- /dev/null
+++ b/mkosi.skeleton/etc/apt/apt.conf.d/20auto-upgrades
@@ -0,0 +1,9 @@
+APT::Periodic::Unattended-Upgrade "1";
+
+APT::Periodic::Update-Package-Lists "1";
+
+
+APT::Periodic::AutocleanInterval "7";
+
+
+
diff --git a/mkosi.skeleton/etc/apt/apt.conf.d/50unattended-upgrades b/mkosi.skeleton/etc/apt/apt.conf.d/50unattended-upgrades
new file mode 100644
index 0000000..768347b
--- /dev/null
+++ b/mkosi.skeleton/etc/apt/apt.conf.d/50unattended-upgrades
@@ -0,0 +1,34 @@
+// Unattended-Upgrade::Origins-Pattern controls which packages are
+// upgraded.
+Unattended-Upgrade::Origins-Pattern {
+      "origin=Ubuntu,archive=${distro_codename}-security";
+      "o=Ubuntu,a=${distro_codename}";
+      "o=Ubuntu,a=${distro_codename}-updates";
+      "o=Ubuntu,a=${distro_codename}-proposed-updates";
+      "o=Ubuntu,n=${distro_codename}-backports";
+  };
+
+// List of packages to not update (regexp are supported)
+Unattended-Upgrade::Package-Blacklist {
+};
+
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGUSR1. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+Unattended-Upgrade::MinimalSteps "true";
+
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+
+
+// Do upgrade application even if it requires restart after upgrade
+// I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file
+Unattended-Upgrade::IgnoreAppsRequireRestart "true";
+
+// Automatically run "dpkg --force-confold --configure -a".
+Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+ 
-- 
cgit v1.2.3