# auto-update.conf -- defaults for the daily auto-update job # (scripts/auto-update.sh). Installed at /etc/auto-update.conf by # `auto-update.sh install` (the harden scripts do this). Environment variables # still override these at runtime. # When a reboot is needed after an upgrade: # 0 never reboot (just flag / notify) # 1 always reboot # idle reboot only when NO SSH connections are active -- safe for a bastion, # since it won't drop a live admin session or a ProxyJump tunnel. A # deferred reboot is retried on the next daily run. AUTO_REBOOT="idle" # (Alpine) also jump to a newer STABLE branch (e.g. 3.21 -> 3.22) when posted. # Off by default; when off a new branch is only reported via ntfy. ALLOW_RELEASE_UPGRADE="0" # Send an ntfy summary after each run (reuses /etc/ssh-notify.conf creds). NOTIFY="1"