8 files changed, 124 insertions, 1 deletions

diff --git a/files/10periodic b/files/10periodic
new file mode 100644
index 0000000..6c06232
--- /dev/null
+++ b/files/10periodic
@@ -0,0 +1,7 @@
+// this file is managed by puppet !
+//
+//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature.
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";
diff --git a/files/lucid/50unattended-upgrades b/files/lucid/50unattended-upgrades
new file mode 100644
index 0000000..d8744fa
--- /dev/null
+++ b/files/lucid/50unattended-upgrades
@@ -0,0 +1,33 @@
+// this file is managed by puppet !
+//
+//See https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature.
+
+// allowed (origin, archive) pairs
+Unattended-Upgrade::Allowed-Origins {
+     "Ubuntu lucid-security";
+     "Ubuntu lucid-updates";
+};
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+Unattended-Upgrade::Mail "root";
+
+APT::UnattendedUpgrades::LogDir "/var/log/";
+APT::UnattendedUpgrades::LogFile "unattended_upgrades.log";
+
+Unattended-Upgrade::Package-Blacklist {
+	// we don't want the kernel to be updated so nagios still can give a warning if there is
+	// a manual update (and reboot) left
+
+        "linux-image-*";
+
+	// unfortunately there seems to be a bug in unattended-upgrades <= 0.62 that wildcards aren't recognized:
+	//2009-12-11 13:41:43,267 INFO Initial blacklisted packages: linux-image-*
+	//2009-12-11 13:41:43,267 INFO Starting unattended upgrades script
+	//2009-12-11 13:41:43,267 INFO Allowed origins are: ["['Debian', 'stable']", "['Debian-Security', 'stable']"]
+	//2009-12-11 13:41:45,233 INFO Packages that are upgraded: linux-image-2.6.26-2-amd64
+	//2009-12-11 13:41:45,233 INFO Writing dpkg log to '/var/log/unattended-upgrades-dpkg_2009-12-11_13:41:45.233713.log'
+	//2009-12-11 13:42:11,988 INFO All upgrades installed
+
+};
+
diff --git a/manifests/unattended_upgrades.pp b/manifests/unattended_upgrades.pp
index b90fcbb..1732fe2 100644
--- a/manifests/unattended_upgrades.pp
+++ b/manifests/unattended_upgrades.pp
@@ -18,4 +18,15 @@ class apt::unattended_upgrades {
       before => Concatenated_file[apt_config],
     }
   }
+
+  if $operatingsystem == 'ubuntu' {
+    file { '/etc/apt/apt.conf.d/10periodic':
+      ensure  => present,
+      owner   => root,
+      group   => root,
+      mode    => 0644,
+      source  => 'puppet:///modules/apt/10periodic',
+      require => Package['unattended-upgrades'],
+    }
+  }
 }
diff --git a/templates/Ubuntu/preferences_lucid.erb b/templates/Ubuntu/preferences_lucid.erb
new file mode 100644
index 0000000..30d3ec6
--- /dev/null
+++ b/templates/Ubuntu/preferences_lucid.erb
@@ -0,0 +1,30 @@
+Explanation: Ubuntu <%= codename %> security 
+Package: *
+Pin: release o=Ubuntu,a=<%= codename %>-security
+Pin-Priority: 990
+
+Explanation: Ubuntu <%= codename %> updates
+Package: *
+Pin: release o=Ubuntu,a=<%= codename %>-updates
+Pin-Priority: 980
+
+Explanation: Ubuntu <%= codename %>
+Package: *
+Pin: release o=Ubuntu,a=<%= codename %>
+Pin-Priority: 970
+
+Explanation: Ubuntu backports
+Package: *
+Pin: release a=<%= codename %>-backports
+Pin-Priority: 200
+
+Explanation: Ubuntu <%= next_release %>
+Package: *
+Pin: release o=Ubuntu,a=<%= next_release %>
+Pin-Priority: 2
+
+Explanation: Ubuntu fallback
+Package: *
+Pin: release o=Ubuntu
+Pin-Priority: -10
+
diff --git a/templates/Ubuntu/preferences_oneiric.erb b/templates/Ubuntu/preferences_oneiric.erb
new file mode 100644
index 0000000..30d3ec6
--- /dev/null
+++ b/templates/Ubuntu/preferences_oneiric.erb
@@ -0,0 +1,30 @@
+Explanation: Ubuntu <%= codename %> security 
+Package: *
+Pin: release o=Ubuntu,a=<%= codename %>-security
+Pin-Priority: 990
+
+Explanation: Ubuntu <%= codename %> updates
+Package: *
+Pin: release o=Ubuntu,a=<%= codename %>-updates
+Pin-Priority: 980
+
+Explanation: Ubuntu <%= codename %>
+Package: *
+Pin: release o=Ubuntu,a=<%= codename %>
+Pin-Priority: 970
+
+Explanation: Ubuntu backports
+Package: *
+Pin: release a=<%= codename %>-backports
+Pin-Priority: 200
+
+Explanation: Ubuntu <%= next_release %>
+Package: *
+Pin: release o=Ubuntu,a=<%= next_release %>
+Pin-Priority: 2
+
+Explanation: Ubuntu fallback
+Package: *
+Pin: release o=Ubuntu
+Pin-Priority: -10
+
diff --git a/templates/Ubuntu/sources.list.erb b/templates/Ubuntu/sources.list.erb
index b5725f5..d356bd4 100644
--- a/templates/Ubuntu/sources.list.erb
+++ b/templates/Ubuntu/sources.list.erb
@@ -20,7 +20,7 @@ deb-src <%= ubuntu_url %> <%= lsbdistcodename %>-security <%= repos %>
 <% end -%>
 
 # backports
-deb <%= ubuntu_url %> <%= lsbdistcodename %>-backports main <%= repos %>
+deb <%= ubuntu_url %> <%= lsbdistcodename %>-backports <%= repos %>
 <% if include_src then -%>
 deb-src <%= ubuntu_url %> <%= lsbdistcodename %>-backports <%= repos %>
 <% end -%>
diff --git a/templates/proxy.erb b/templates/proxy.erb
new file mode 100644
index 0000000..01c9861
--- /dev/null
+++ b/templates/proxy.erb
@@ -0,0 +1,4 @@
+Acquire {
+<% if apt_http_proxy != false %>  HTTP::Proxy "<%= apt_http_proxy %>";<% end %>
+<% if apt_ftp_proxy  != false %>  FTP::Proxy  "<%= apt_ftp_proxy %>";<% end %>
+};
diff --git a/templates/sources.list.volatile.erb b/templates/sources.list.volatile.erb
new file mode 100644
index 0000000..cc9316b
--- /dev/null
+++ b/templates/sources.list.volatile.erb
@@ -0,0 +1,8 @@
+# This file is brought to you by puppet
+
+# backports
+<% if (lsbdistcodename == "sid" || lsbdistcodename == "unstable") -%>
+# There are no backports for for <%= lsbdistcodename %>
+<% else -%>
+deb http://volatile.debian.org/debian-volatile <%= lsbdistcodename %>/volatile main contrib non-free
+<% end -%>