Unattended OpenBSD Upgrades using Ansible
Is this ideal? No…What could ever go wrong with an unattended upgrade? Run this at your own risk!
What drove me to do this? Security and also the recent speculative execution vulnerabilities.
Update doas.conf
/etc/doas.conf
permit nopass bfrancom as root cmd /usr/sbin/pkg_add
permit nopass bfrancom as root cmd /usr/sbin/syspatch
Setup a playbook
---
- hosts: openbsd_routers
remote_user: bobbyjoe
tasks:
- name: doas /usr/sbin/pkg_add -u
command: doas /usr/sbin/pkg_add -u
- name: doas /usr/sbin/syspatch
command: doas /usr/sbin/syspatch
You may want to add a reboot in there.