From 1872a4edcfc3fde1a26821eeffdd032f967427bc Mon Sep 17 00:00:00 2001
From: Egon Rijpkema <git@egonrijpkema.nl>
Date: Thu, 24 Jan 2019 10:25:00 +0100
Subject: [PATCH] Automatic updates and security reboots.

These are meant for hosts with a public ip.
---
 security.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 security.yml

diff --git a/security.yml b/security.yml
new file mode 100644
index 0000000..e2f41c9
--- /dev/null
+++ b/security.yml
@@ -0,0 +1,16 @@
+---
+- name: Install roles needed for exposed hosts
+  hosts: all
+  become: true
+  roles:
+     - geerlingguy.repo-epel
+     - geerlingguy.security
+  tasks:
+     - cron:
+          name: Reboot to load new kernel.
+          weekday: 1
+          minute: 45
+          hour: 11
+          user: root
+          job: /bin/needs-restarting -r >/dev/null 2>&1 || /sbin/shutdown -r +60 "restarting to apply updates"
+          cron_file: reboot