re-do allow apt to perform security updates on its own

Move this into system.sh rather than anagement.sh. This reverts commit eab28c97.

re-do allow apt to perform security updates on its own
Move this into system.sh rather than anagement.sh. This reverts commit eab28c97.
03bbd25a · Joshua Tauberer · a0b056ae · 03bbd25a · 03bbd25a
Commit 03bbd25a authored Aug 23, 2014 by Joshua Tauberer
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 18 deletions

management.sh setup/management.sh +1 -9

system.sh setup/system.sh +13 -9

No files found.
--- a/setup/management.sh
+++ b/setup/management.sh
@@ -2,7 +2,7 @@

 source setup/functions.sh

-apt_install python3-flask links duplicity libyaml-dev python3-dnspython unattended-upgrades
+apt_install python3-flask links duplicity libyaml-dev python3-dnspython
 hide_output pip3 install rtyaml

 # Create a backup directory and a random key for encrypting backups.
@@ -21,14 +21,6 @@ rm -f /etc/init.d/mailinabox
 ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
 hide_output update-rc.d mailinabox defaults

-# Allow apt to install system updates automatically every day.
-cat > /etc/apt/apt.conf.d/02periodic <<EOF;
-APT::Periodic::MaxAge "7";
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Unattended-Upgrade "1";
-APT::Periodic::Verbose "1";
-EOF
-
 # Perform a daily backup.
 cat > /etc/cron.daily/mailinabox-backup << EOF;
 #!/bin/bash

--- a/setup/system.sh
+++ b/setup/system.sh
@@ -11,18 +11,22 @@ hide_output apt-get -y upgrade
 #	haveged: Provides extra entropy to /dev/random so it doesn't stall
 #	         when generating random numbers for private keys (e.g. during
 #	         ldns-keygen).
+#	unattended-upgrades: Apt tool to install security updates automatically.
+#   	ntp: keeps the system time correct
+#   	fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall

-apt_install python3 python3-pip wget curl bind9-host haveged
+apt_install python3 python3-pip \
+	wget curl bind9-host \
+	haveged unattended-upgrades ntp fail2ban

-# Turn on basic services:
-#
-#   ntp: keeps the system time correct
-#
-#   fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
-#
-# These services don't need further configuration and are started immediately after installation.
+# Allow apt to install system updates automatically every day.

-apt_install ntp fail2ban
+cat > /etc/apt/apt.conf.d/02periodic <<EOF;
+APT::Periodic::MaxAge "7";
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+APT::Periodic::Verbose "1";
+EOF

 if [ -z "$DISABLE_FIREWALL" ]; then
 	# Turn on the firewall. First allow incoming SSH, then turn on the firewall.