add unattended upgrades

base/templates/20auto-upgrades.j2

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";

base/templates/50unattended-upgrades.j2

@@ -0,0 +1,21 @@
+Unattended-Upgrade::Package-Blacklist {
+    "docker-ce";
+    "docker-ce-cli";
+};
+
+Unattended-Upgrade::Package-Whitelist {
+    "openssh-server";
+    "openssl";
+    "qemu-guest-agent";
+    "salt-master";
+    "salt-minion";
+};
+
+Unattended-Upgrade::AutoFixInterruptedDpkg true;
+Unattended-Upgrade::MinimalSteps true;
+Unattended-Upgrade::Automatic-Reboot false;
+Unattended-Upgrade::Keep-Debs-After-Install false;
+Unattended-Upgrade::Update-Days {"Sun"; "Thurs"};
+Unattended-Upgrade::SyslogEnable true;
+Unattended-Upgrade::SyslogFacility "daemon";
+Unattended-Upgrade::Remove-Unused-Dependencies true;

base/unattended_upgrades.sls

@@ -0,0 +1,39 @@
+---
+
+apt-listchanges:
+  pkg.installed:
+    - name: apt-listchanges
+
+unattended-upgrades:
+  pkg.installed:
+    - name: unattended-upgrades
+
+/etc/apt/apt.conf.d/20auto-upgrades:
+  file.managed:
+    - name: /etc/apt/apt.conf.d/20auto-upgrades
+    - source: salt://base/templates/20auto-upgrades.j2
+    - mode: 0755
+    - user: root
+    - group: root
+    - template: jinja
+
+/etc/apt/apt.conf.d/50unattended-upgrades:
+  file.managed:
+    - name: /etc/apt/apt.conf.d/50unattended-upgrades
+    - source: salt://base/templates/50unattended-upgrades.j2
+    - mode: 0755
+    - user: root
+    - group: root
+    - template: jinja
+
+apt-daily.timer:
+  service.running:
+    - name: apt-daily.timer
+    - enable: true
+    - reload: true
+
+apt-daily-upgrade.timer:
+  service.running:
+    - name: apt-daily-upgrade.timer
+    - enable: true
+    - reload: true

top.sls

@@ -6,6 +6,7 @@ base:
     - base.packages
     - base.python
     - base.repositories
+    - base.unattended_upgrades
     - saltbox.minion
     - app.sshd
     - users