add debian-updates role

debian-updates/tasks/main.yml

+---
+# file: supplemental/debian-updates/tasks/main.yml
+
+- name: ensure the deploy key is available
+  copy:
+    src: "{{ debupdates_deploy_key }}"
+    dest: /root/.ssh/debian_updates
+    owner: root
+    group: root
+    mode: 0600
+  tags:
+    - debian-updates
+
+- name: ensure the git is at the current revision
+  git:
+    repo: git@git.fsmpi.rwth-aachen.de:larsb/debian-updates.git
+    dest: /opt/debian-updates
+    key_file: /root/.ssh/debian_updates
+    version: HEAD
+  tags:
+    - debian-updates
+
+- name: ensure the data file exists
+  copy:
+    src: /opt/debian-updates/apticron.json.example
+    dest: /opt/debian-updates/apticron.json
+    mode: 0644
+    owner: root
+    group: root
+    remote_src: True
+    force: False
+  tags:
+    - debian-updates
+
+- name: ensure our config is deployed
+  template:
+    src: config.py.j2
+    dest: /opt/debian-updates/config.py
+    mode: 0644
+    owner: root
+    group: root
+  tags:
+    - debian-updates
+
+- name: ensure daily notification
+  file:
+    state: link
+    path: /etc/cron.daily/debian-update-notifier
+    src: /opt/debian-updates/notify.py
+  tags:
+    - debian-updates
+
+- name: ensure apticron messages are retrieved
+  lineinfile:
+    line: '{{ apticron_to|regex_replace("@.*$") }}:"|/opt/debian-updates/receive.py"'
+    path: /etc/aliases
+    state: present
+  notify:
+    - rebuild alias database
+  tags:
+    - debian-updates
+

debian-updates/templates/config.py.j2

+import datetime
+
+lock_file = '/opt/debian-updates/.json-sync.lock'
+report_file = '/opt/debian-updates/apticron.json'
+tracker_file = '/opt/debian-updates/security.json'
+
+notify_subject = '{{ (domain|splitext|first).upper() }} daily update report on '+str(datetime.date.today())
+notify_from = '{{ debupdates_from }}'
+notify_recipient = ['{{ debupdates_to|join("', '") }}']
+notify_header = 'Debian Update Notifier/v0.1'
+mail_host = 'localhost'