Automatic updates and security reboots.

These are meant for hosts with a public ip.
2019-01-24 10:25:00 +01:00 · 2019-01-24 10:25:00 +01:00 · 1872a4edcf
parent 82231aa8ba
commit 1872a4edcf
1 changed files with 16 additions and 0 deletions
--- a/security.yml
+++ b/security.yml
@ -0,0 +1,16 @@
+---
+- name: Install roles needed for exposed hosts
+  hosts: all
+  become: true
+  roles:
+     - geerlingguy.repo-epel
+     - geerlingguy.security
+  tasks:
+     - cron:
+          name: Reboot to load new kernel.
+          weekday: 1
+          minute: 45
+          hour: 11
+          user: root
+          job: /bin/needs-restarting -r >/dev/null 2>&1 || /sbin/shutdown -r +60 "restarting to apply updates"
+          cron_file: reboot