From 53d1113881e6b951cb5162ba987c5f583d918f9b Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Wed, 8 Aug 2018 07:25:59 +0300
Subject: [PATCH] Split up unattended upgrades (#1041)

---
 roles/common/templates/50unattended-upgrades.j2        |  3 ---
 .../files/50-dnscrypt-proxy-unattended-upgrades        |  4 ++++
 roles/dns_encryption/tasks/ubuntu.yml                  | 10 +++++++++-
 roles/wireguard/files/50-wireguard-unattended-upgrades |  4 ++++
 roles/wireguard/tasks/main.yml                         |  8 ++++++++
 5 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 roles/dns_encryption/files/50-dnscrypt-proxy-unattended-upgrades
 create mode 100644 roles/wireguard/files/50-wireguard-unattended-upgrades

diff --git a/roles/common/templates/50unattended-upgrades.j2 b/roles/common/templates/50unattended-upgrades.j2
index a902c7a..0c55b70 100644
--- a/roles/common/templates/50unattended-upgrades.j2
+++ b/roles/common/templates/50unattended-upgrades.j2
@@ -2,9 +2,6 @@
 Unattended-Upgrade::Allowed-Origins {
     "${distro_id}:${distro_codename}-security";
     "${distro_id}:${distro_codename}-updates";
-{% if wireguard_enabled %}
-    "LP-PPA-wireguard-wireguard:${distro_codename}";
-{% endif %}
 //  "${distro_id}:${distro_codename}-proposed";
 //  "${distro_id}:${distro_codename}-backports";
 };
diff --git a/roles/dns_encryption/files/50-dnscrypt-proxy-unattended-upgrades b/roles/dns_encryption/files/50-dnscrypt-proxy-unattended-upgrades
new file mode 100644
index 0000000..632bb31
--- /dev/null
+++ b/roles/dns_encryption/files/50-dnscrypt-proxy-unattended-upgrades
@@ -0,0 +1,4 @@
+// Automatically upgrade packages from these (origin:archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+    "LP-PPA-shevchuk-dnscrypt-proxy:${distro_codename}";
+};
diff --git a/roles/dns_encryption/tasks/ubuntu.yml b/roles/dns_encryption/tasks/ubuntu.yml
index 0050a58..f42d0a9 100644
--- a/roles/dns_encryption/tasks/ubuntu.yml
+++ b/roles/dns_encryption/tasks/ubuntu.yml
@@ -8,13 +8,21 @@
   until: result|succeeded
   retries: 10
   delay: 3
-  
+
 - name: Install dnscrypt-proxy
   apt:
     name: dnscrypt-proxy
     state: latest
     update_cache: true
 
+- name: Configure unattended-upgrades
+  copy:
+    src: 50-dnscrypt-proxy-unattended-upgrades
+    dest: /etc/apt/apt.conf.d/50-dnscrypt-proxy-unattended-upgrades
+    owner: root
+    group: root
+    mode: 0644
+
 - block:
   - name: Ubuntu | Unbound profile for apparmor configured
     copy:
diff --git a/roles/wireguard/files/50-wireguard-unattended-upgrades b/roles/wireguard/files/50-wireguard-unattended-upgrades
new file mode 100644
index 0000000..b1ffc97
--- /dev/null
+++ b/roles/wireguard/files/50-wireguard-unattended-upgrades
@@ -0,0 +1,4 @@
+// Automatically upgrade packages from these (origin:archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+    "LP-PPA-wireguard-wireguard:${distro_codename}";
+};
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 4b70a3a..df5b832 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -14,6 +14,14 @@
     state: present
     update_cache: true
 
+- name: Configure unattended-upgrades
+  copy:
+    src: 50-wireguard-unattended-upgrades
+    dest: /etc/apt/apt.conf.d/50-wireguard-unattended-upgrades
+    owner: root
+    group: root
+    mode: 0644
+
 - name: Ensure the required directories exist
   file:
     dest: "{{ wireguard_config_path }}/{{ item }}"