From fdb430649b1d96d2a96236fd673c7af31f6129a3 Mon Sep 17 00:00:00 2001 From: Conor Schaefer Date: Fri, 6 Aug 2021 11:57:33 -0700 Subject: [PATCH] Enable unattended-upgrades on server Doesn't block on boot up by installing packages, so updates will be delayed by ~1d, but would prefer to update packages async after the tunnel is up anyway. Deferring that change for now so it'd involve a complicated refactor of the mgr.up logic. --- CHANGELOG.md | 5 +++++ TODO.md | 3 ++- files/cloudinit.cfg | 10 ++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4fd84f8..6bc9289 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Innisfree changelog +## 0.2.9 + +* Enable unattended-upgrades +* Support graceful termination in systemd service + ## 0.2.8 * Updates all dependencies to latest diff --git a/TODO.md b/TODO.md index 91a6f98..3335263 100644 --- a/TODO.md +++ b/TODO.md @@ -30,7 +30,7 @@ * [x] SSH should use tmpfiles, not clobber primary dir * [ ] Package upgrade should be async -* [ ] Configure unattended-upgrades +* [x] Configure unattended-upgrades * [x] Add cleanup methods - dir * [x] Add cleanup methods - droplet * [x] Add cleanup methods - wg @@ -50,6 +50,7 @@ * [x] Add lots of results for better error handling * [x] Add doctor subcommand for checking +* [ ] Service stop should clean up resources * [x] Make 'release' builds reproducible * [ ] Make deb package builds reproducible * [x] Use a build.rs file for setting remap on rustcflags https://doc.rust-lang.org/cargo/reference/build-scripts.html diff --git a/files/cloudinit.cfg b/files/cloudinit.cfg index 09102fd..25082ed 100644 --- a/files/cloudinit.cfg +++ b/files/cloudinit.cfg @@ -59,7 +59,17 @@ write_files: path: /etc/nginx/sites-available/default permissions: '0644' +- content: | + Unattended-Upgrade::Allowed-Origins { + "*:*" + }; + + owner: root:root + path: /etc/apt/apt.conf.d/51unattended-upgrades + permissions: '0644' + packages: - nginx + - unattended-upgrades - wireguard - wireguard-tools