Files
automations/scripts/auto-update.conf.example
57_Wolve 7faa9098de feat: unified launcher, multi-OS hardening, login alerts & auto-updates
Restructure around a single entry point (automations.sh) with a Gum wizard and
a self-extracting bundle for repo-less installs. Add scripts/oslib.sh so the
provisioning scripts (setup-host, harden-ssh, harden-jumphost, sshuser) run on
Alpine/Debian/Alma; seed root keys from globals/.

- ntfy SSH-login alerts (user, source IP, key, region, jump target) via pam_exec
- daily auto-updates with AUTO_REBOOT=idle (reboots only when no SSH active) and
  opt-in Alpine stable-branch upgrades
- generic + per-deployment cloud-init; Gitea release workflow on tag
- README/LICENSE/.gitignore/.gitattributes (force LF); repo URLs -> Gitea
2026-06-12 14:56:02 -05:00

20 lines
849 B
Plaintext

# auto-update.conf -- defaults for the daily auto-update job
# (scripts/auto-update.sh). Installed at /etc/auto-update.conf by
# `auto-update.sh install` (the harden scripts do this). Environment variables
# still override these at runtime.
# When a reboot is needed after an upgrade:
# 0 never reboot (just flag / notify)
# 1 always reboot
# idle reboot only when NO SSH connections are active -- safe for a bastion,
# since it won't drop a live admin session or a ProxyJump tunnel. A
# deferred reboot is retried on the next daily run.
AUTO_REBOOT="idle"
# (Alpine) also jump to a newer STABLE branch (e.g. 3.21 -> 3.22) when posted.
# Off by default; when off a new branch is only reported via ntfy.
ALLOW_RELEASE_UPGRADE="0"
# Send an ntfy summary after each run (reuses /etc/ssh-notify.conf creds).
NOTIFY="1"