Improve auto-upgrades configuration

roles/common/defaults/main.yml

@@ -22,6 +22,8 @@ hosts_deny_nfs: False
 host_deny_paranoid: False
 
 with_auto_upgrade: False
+auto_upgrade_additional_patterns: Null
+
 with_logcheck: False
 with_rkhunter: False
 with_chkrootkit: False

roles/common/templates/apt/auto-upgrades.jessie.j2

@@ -18,4 +18,9 @@ Unattended-Upgrade::Origins-Pattern {
     "o=Debian,a=stable-updates";
 //  "o=Debian,a=stable-proposed-updates";
     "origin=Debian,archive=stable,label=Debian-Security";
+{% if auto_upgrade_additional_patterns %}
+{% for pattern in auto_upgrade_additional_patterns %}
+    "{{ pattern }}";
+{% endfor %}
+{% endif %}
 };

roles/common/templates/apt/auto-upgrades.squeeze.j2

@@ -13,4 +13,9 @@ Unattended-Upgrade::Origins-Pattern {
     "o=Debian,a=squeeze-lts";
 //  "origin=Debian,archive=stable,label=Debian-Security";
 //  "origin=Debian,archive=oldstable,label=Debian-Security";
+{% if auto_upgrade_additional_patterns %}
+{% for pattern in auto_upgrade_additional_patterns %}
+    "{{ pattern }}";
+{% endfor %}
+{% endif %}
 };

roles/common/templates/apt/auto-upgrades.wheezy.j2

@@ -14,8 +14,13 @@ Unattended-Upgrade::Origins-Pattern {
     // Note that this will silently match a different release after
     // migration to the specified archive (e.g. testing becomes the
     // new stable).
-    "o=Debian,a=stable";
-    "o=Debian,a=stable-updates";
-//  "o=Debian,a=stable-proposed-updates";
-    "origin=Debian,archive=stable,label=Debian-Security";
+    "o=Debian,a=oldstable";
+    "o=Debian,a=oldstable-updates";
+//  "o=Debian,a=oldstable-proposed-updates";
+    "origin=Debian,archive=oldstable,label=Debian-Security";
+{% if auto_upgrade_additional_patterns %}
+{% for pattern in auto_upgrade_additional_patterns %}
+    "{{ pattern }}";
+{% endfor %}
+{% endif %}
 };