7faa9098de
Restructure around a single entry point (automations.sh) with a Gum wizard and a self-extracting bundle for repo-less installs. Add scripts/oslib.sh so the provisioning scripts (setup-host, harden-ssh, harden-jumphost, sshuser) run on Alpine/Debian/Alma; seed root keys from globals/. - ntfy SSH-login alerts (user, source IP, key, region, jump target) via pam_exec - daily auto-updates with AUTO_REBOOT=idle (reboots only when no SSH active) and opt-in Alpine stable-branch upgrades - generic + per-deployment cloud-init; Gitea release workflow on tag - README/LICENSE/.gitignore/.gitattributes (force LF); repo URLs -> Gitea
20 lines
849 B
Plaintext
20 lines
849 B
Plaintext
# auto-update.conf -- defaults for the daily auto-update job
|
|
# (scripts/auto-update.sh). Installed at /etc/auto-update.conf by
|
|
# `auto-update.sh install` (the harden scripts do this). Environment variables
|
|
# still override these at runtime.
|
|
|
|
# When a reboot is needed after an upgrade:
|
|
# 0 never reboot (just flag / notify)
|
|
# 1 always reboot
|
|
# idle reboot only when NO SSH connections are active -- safe for a bastion,
|
|
# since it won't drop a live admin session or a ProxyJump tunnel. A
|
|
# deferred reboot is retried on the next daily run.
|
|
AUTO_REBOOT="idle"
|
|
|
|
# (Alpine) also jump to a newer STABLE branch (e.g. 3.21 -> 3.22) when posted.
|
|
# Off by default; when off a new branch is only reported via ntfy.
|
|
ALLOW_RELEASE_UPGRADE="0"
|
|
|
|
# Send an ntfy summary after each run (reuses /etc/ssh-notify.conf creds).
|
|
NOTIFY="1"
|