spalencsar/nas
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore(unattended): make automatic updates optional and opt-in via config

Browse Source
This commit is contained in:
Mărcziem ™
2025-10-03 12:11:57 +02:00
parent b6cdf82356
commit 7a2d1f1c8e
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/defaults.sh
View File

@@ -43,7 +43,8 @@ RECOMMENDED_RAM_MB=4096
# Security settings
ENABLE_FAIL2BAN=true
ENABLE_UFW=true
ENABLE_AUTO_UPDATES=true
# Automatic security updates are optional. Default is OFF to keep setup non-interactive.
ENABLE_AUTO_UPDATES=false
SECURE_SSH=true
# Debug and logging

16
setup.sh
View File

@@ -339,6 +339,9 @@ create_interactive_config() {
save_config "INSTALL_PORTAINER" "false"
fi
# Automatic updates (optional)
save_config "ENABLE_AUTO_UPDATES" "$(ask_yes_no "Enable automatic security updates (unattended-upgrades)?" "n" && echo "true" || echo "false")"
save_config "INSTALL_WEBMIN" "$(ask_yes_no "Install Webmin web interface?" "n" && echo "true" || echo "false")"
log_success "Configuration created and saved to ${CONFIG_FILE}"
@@ -400,7 +403,12 @@ run_installation() {
current_step=$((current_step + 1)); log_debug "run_installation: about to implement security measures (step $current_step/$total_steps)"; show_progress $current_step $total_steps "Implementing security measures"
secure_shared_memory
install_fail2ban
configure_automatic_updates
# Configure automatic updates only if user opted in
if [[ "${ENABLE_AUTO_UPDATES:-false}" == "true" ]]; then
configure_automatic_updates
else
log_info "Automatic security updates are disabled by configuration"
fi
# Optional services
if [[ "${INSTALL_DOCKER:-false}" == "true" ]]; then
@@ -466,7 +474,11 @@ show_installation_summary() {
echo " ✓ Samba file sharing configured"
echo " ✓ Firewall configured and enabled"
echo " ✓ Fail2ban installed and configured"
echo " ✓ Automatic updates enabled"
if [[ "${ENABLE_AUTO_UPDATES:-false}" == "true" ]]; then
echo " ✓ Automatic updates enabled"
else
echo " - Automatic updates not enabled (optional)"
fi
# Service summary
if [[ "${INSTALL_DOCKER:-false}" == "true" ]]; then